| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. |
| Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. |
| Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash. |
| Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. |
| Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. |
| Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client. |
| Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. |
| Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. |
| Windows Defender Credential Guard Security Feature Bypass Vulnerability |
| Windows Defender Credential Guard Elevation of Privilege Vulnerability |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| Visual Studio Remote Code Execution Vulnerability |
| Visual Studio Remote Code Execution Vulnerability |
| Visual Studio Remote Code Execution Vulnerability |
| Azure Site Recovery Remote Code Execution Vulnerability |
| Azure Sphere Information Disclosure Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
