Zoom Virtual_desktop_infrastructure
25 CVEs affecting Zoom Virtual_desktop_infrastructure. Latest disclosed: 2024-01-12. Critical: 3, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-34423 | Critical | 9.8 | 2021-11-24 | A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for… |
CVE-2023-39213 | Critical | 9.6 | 2023-08-08 | Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an… |
CVE-2022-28755 | Critical | 9.6 | 2022-08-11 | The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious… |
CVE-2023-49647 | High | 8.8 | 2024-01-12 | Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenti… |
CVE-2022-28763 | High | 8.8 | 2022-10-31 | The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious… |
CVE-2023-34120 | High | 8.7 | 2023-06-13 | Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to p… |
CVE-2023-28597 | High | 8.3 | 2023-03-27 | Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later… |
CVE-2023-28603 | High | 7.7 | 2023-06-13 | Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without prop… |
CVE-2021-34424 | High | 7.5 | 2021-11-24 | A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for… |
CVE-2023-43586 | High | 7.3 | 2023-12-13 | Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalat… |
CVE-2023-39215 | High | 7.1 | 2023-09-12 | Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. |
CVE-2023-36535 | High | 7.1 | 2023-08-08 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network acc… |
CVE-2023-22880 | Medium | 6.8 | 2023-03-16 | Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an… |
CVE-2023-49646 | Medium | 6.4 | 2023-12-13 | Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. |
CVE-2023-39218 | Medium | 6.1 | 2023-08-08 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. |
CVE-2023-36532 | Medium | 5.9 | 2023-08-08 | Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. |
CVE-2023-43582 | Medium | 5.5 | 2023-11-15 | Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. |
CVE-2023-39199 | Medium | 4.9 | 2023-11-14 | Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. |
CVE-2023-39205 | Medium | 4.3 | 2023-11-14 | Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. |
CVE-2023-39204 | Medium | 4.3 | 2023-11-14 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. |