threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zoom virtual desktop infrastructure
Product
zoom virtual desktop infrastructure
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-49647
< 5.14.14
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version
8.8
HIGH
CVE-2023-49646
< 5.14.14
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service
6.4
MEDIUM
CVE-2023-43586
< 5.14.14
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticat
7.3
HIGH
CVE-2023-43588
< 5.14.13
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via
3.5
LOW
CVE-2023-43582
< 5.14.13
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
5.5
MEDIUM
CVE-2023-39206
< 5.14.13
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
3.7
LOW
CVE-2023-39205
< 5.14.13
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via ne
4.3
MEDIUM
CVE-2023-39204
< 5.14.13
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
4.3
MEDIUM
CVE-2023-39203
< 5.14.13
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthent
4.3
MEDIUM
CVE-2023-39202
< 5.14.13
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of serv
3.1
LOW
CVE-2023-39199
< 5.14.13
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure v
4.9
MEDIUM
CVE-2023-39215
< 5.14.12
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
7.1
HIGH
CVE-2023-39213
< 5.15.2
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unau
9.6
CRITICAL
CVE-2023-39218
< 5.14.10
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information d
6.1
MEDIUM
CVE-2023-36535
< 5.14.10
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable informati
7.1
HIGH
CVE-2023-36532
< 5.14.5
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
5.9
MEDIUM
CVE-2023-34121
< 5.14.0
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an auth
4.1
MEDIUM
CVE-2023-34120
< 5.14.0
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may all
8.7
HIGH
CVE-2023-28603
< 5.14.0
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially de
7.7
HIGH
CVE-2023-28597
< 5.13.10
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording
8.3
HIGH
CVE-2023-22880
< 5.13.1
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clie
6.8
MEDIUM
CVE-2022-28763
< 5.12.2
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing v
8.8
HIGH
CVE-2022-28755
< 5.10.7
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing
9.6
CRITICAL
CVE-2021-34424
< 5.8.4
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4,
7.5
HIGH
CVE-2021-34423
< 5.8.4
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve
9.8
CRITICAL
CVE-2015-4852
<= 3.5.2
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute
9.8
CRITICAL
CVE-2015-7940
all versions
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remo
CVE-2009-3923
all versions
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which
CVE-2009-2856
all versions
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to es
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin