Zoom does not provide guidance on vulnerability impacts to individual customers due to a Zoom Security Bulletin or provide additional details about a vulnerability. We recommend users to update to the latest version of Zoom software in order to get the latest fixes and security improvements.
Security Bulletins
ZSB | Title | Severity | CVE | Date Published | Date Updated |
---|---|---|---|---|---|
ZSB-24015 | Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity | Medium | CVE-2024-27244 | 05/14/2024 | 05/14/2024 |
ZSB-24014 | Zoom Apps - Buffer Overflow | Medium | CVE-2024-27243 | 05/14/2024 | 05/14/2024 |
ZSB-24013 | Zoom Desktop Client for Linux - Cross Site Scripting | Low | CVE-2024-27242 | 04/09/2024 | 04/09/2024 |
ZSB-24012 | Zoom Desktop Client for macOS - Improper Privilege Management | Medium | CVE-2024-27247 | 04/09/2024 | 04/09/2024 |
ZSB-24011 | Zoom Desktop Client for Windows - Improper Privilege Management | Medium | CVE-2024-24694 | 04/09/2024 | 04/09/2024 |
ZSB-24010 | Zoom Rooms Client for Windows - Improper Access Control | High | CVE-2024-24693 | 03/12/2024 | 03/13/2024 |
ZSB-24009 | Zoom Rooms Client for Windows - Race Condition | Medium | CVE-2024-24692 | 03/12/2024 | 03/12/2024 |
ZSB-24008 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation | Critical | CVE-2024-24691 | 02/13/2024 | 02/13/2024 |
ZSB-24007 | Zoom Clients - Improper Input Validation | Medium | CVE-2024-24690 | 02/13/2024 | 02/13/2024 |
ZSB-24006 | Zoom Clients - Business Logic Error | Medium | CVE-2024-24699 | 02/13/2024 | 02/13/2024 |
ZSB-24005 | Zoom Clients - Improper Authentication | Medium | CVE-2024-24698 | 02/13/2024 | 02/13/2024 |
ZSB-24004 | Zoom Clients - Untrusted Search Path | High | CVE-2024-24697 | 02/13/2024 | 02/13/2024 |
ZSB-24003 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation | Medium | CVE-2024-24696 | 02/13/2024 | 02/13/2024 |
ZSB-24002 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation | Medium | CVE-2024-24695 | 02/13/2024 | 02/13/2024 |
ZSB-24001 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows- Improper Access Control | High | CVE-2023-49647 | 01/09/2024 | 01/09/2024 |
ZSB-23062 | Zoom Clients - Improper Authentication | Medium | CVE-2023-49646 | 12/12/2023 | 12/12/2023 |
ZSB-23059 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows - Path Traversal | High | CVE-2023-43586 | 12/12/2023 | 12/12/2023 |
ZSB-23058 | Zoom Mobile App for iOS and SDKs for iOS - Improper Access Control | High | CVE-2023-43585 | 12/12/2023 | 12/12/2023 |
ZSB-23056 | Zoom Mobile App for Android, Zoom Mobile App for iOS and Zoom SDKs - Cryptographic Issues | Medium | CVE-2023-43583 | 12/12/2023 | 12/12/2023 |
ZSB-23055 | Zoom Clients - Improper Authorization | Medium | CVE-2023-43582 | 11/14/2023 | 11/14/2023 |
ZSB-23054 | Zoom Rooms for macOS - Improper Privilege Management | High | CVE-2023-43591 | 11/14/2023 | 11/14/2023 |
ZSB-23053 | Zoom Rooms for macOS - Link Following | High | CVE-2023-43590 | 11/14/2023 | 11/14/2023 |
ZSB-23052 | Zoom Clients - Insufficient Control Flow Management | Low | CVE-2023-43588 | 11/14/2023 | 11/14/2023 |
ZSB-23051 | ZoomClients - Cryptographic Issues | Medium | CVE-2023-39199 | 11/14/2023 | 11/14/2023 |
ZSB-23050 | Zoom Clients - Buffer Overflow | Low | CVE-2023-39206 | 11/14/2023 | 11/14/2023 |
ZSB-23049 | Zoom Clients - Improper Conditions Check | Medium | CVE-2023-39205 | 11/14/2023 | 11/14/2023 |
ZSB-23048 | Zoom Clients - Buffer Overflow | Medium | CVE-2023-39204 | 11/14/2023 | 11/14/2023 |
ZSB-23047 | Zoom Desktop Client for Windows and Zoom VDI Client - Uncontrolled Resource Consumption | Medium | CVE-2023-39203 | 11/14/2023 | 11/14/2023 |
ZSB-23045 | CleanZoom - Untrusted Search Path | High | CVE-2023-39201 | 09/12/2023 | 09/12/2023 |
ZSB-23043 | Zoom Desktop Client for Linux - Improper Input Validation | Medium | CVE-2023-39208 | 09/12/2023 | 09/12/2023 |
ZSB-23040 | Zoom Clients - Improper Authentication | High | CVE-2023-39215 | 09/12/2023 | 09/12/2023 |
ZSB-23041 | Zoom Desktop Client for Windows - Improper Input Validation | Medium | CVE-2023-39209 | 08/08/2023 | 08/08/2023 |
ZSB-23039 | Zoom Client’s - Exposure of Sensitive Information | High | CVE-2023-39214 | 08/08/2023 | 08/08/2023 |
ZSB-23038 | Zoom Desktop Client for Windows and Zoom VDI Client - Improper Neutralization of Special Elements | Critical | CVE-2023-39213 | 08/08/2023 | 08/08/2023 |
ZSB-23037 | Zoom Rooms for Windows - Untrusted Search Path | High | CVE-2023-39212 | 08/08/2023 | 08/08/2023 |
ZSB-23036 | Zoom Desktop Client for Windows and Zoom Rooms for Windows - Improper Privilege Management | High | CVE-2023-39211 | 08/08/2023 | 08/08/2023 |
ZSB-23035 | Zoom Client SDK for Windows - Clear text Storage of Sensitive Information | Medium | CVE-2023-39210 | 08/08/2023 | 08/08/2023 |
ZSB-23034 | Zoom Clients - Client-Side Enforcement of Server-Side Security | Medium | CVE-2023-39218 | 08/08/2023 | 08/08/2023 |
ZSB-23033 | Zoom Client’s - Improper Input Validation | Medium | CVE-2023-39217 | 08/08/2023 | 08/08/2023 |
ZSB-23032 | Zoom Desktop Client for Windows - Improper Input Validation | Critical | CVE-2023-39216 | 08/08/2023 | 08/08/2023 |
ZSB-23031 | Zoom Clients - Client-Side Enforcement of Server-Side Security | High | CVE-2023-36535 | 08/08/2023 | 08/08/2023 |
ZSB-23030 | Zoom Desktop Client for Windows - Path Traversal | Critical | CVE-2023-36534 | 08/08/2023 | 08/08/2023 |
ZSB-23029 | Zoom SDK’s - Uncontrolled Resource Consumption | High | CVE-2023-36533 | 08/08/2023 | 08/08/2023 |
ZSB-23028 | Zoom Clients - Buffer Overflow | Medium | CVE-2023-36532 | 08/08/2023 | 08/08/2023 |
ZSB-23027 | Zoom Desktop Client for Windows - Insufficient Verification of Data Authenticity | High | CVE-2023-36541 | 08/08/2023 | 08/08/2023 |
ZSB-23026 | Zoom Desktop Client for Windows - Untrusted Search Path | High | CVE-2023-36540 | 08/08/2023 | 08/08/2023 |
ZSB-23024 | Improper Access Control | High | CVE-2023-36538 | 07/11/2023 | 07/11/2023 |
ZSB-23023 | Improper Privilege Management | High | CVE-2023-36537 | 07/11/2023 | 07/11/2023 |
ZSB-23022 | Untrusted Search Path | High | CVE-2023-36536 | 07/11/2023 | 07/11/2023 |
ZSB-23021 | Insecure Temporary File | High | CVE-2023-34119 | 07/11/2023 | 07/11/2023 |
ZSB-23020 | Improper Privilege Management | High | CVE-2023-34118 | 07/11/2023 | 07/11/2023 |
ZSB-23019 | Relative Path Traversal | Low | CVE-2023-34117 | 07/11/2023 | 07/11/2023 |
ZSB-23018 | Improper Input Validation | High | CVE-2023-34116 | 07/11/2023 | 07/11/2023 |
ZSB-23025 | Exposure of Sensitive Information | Medium | CVE-2023-36539 | 06/29/2023 | 06/29/2023 |
ZSB-23017 | Buffer Copy without Checking Size of Input | Medium | CVE-2023-34115 | 06/13/2023 | 06/13/2023 |
ZSB-23016 | Exposure of Resource to Wrong Sphere | Medium | CVE-2023-34114 | 06/13/2023 | 06/13/2023 |
ZSB-23015 | Insufficient Verification of Data Authenticity | High | CVE-2023-34113 | 06/13/2023 | 06/13/2023 |
ZSB-23014 | Improper Input Validation | High | CVE-2023-34122 | 06/13/2023 | 06/13/2023 |
ZSB-23013 | Improper Input Validation | Medium | CVE-2023-34121 | 06/13/2023 | 06/13/2023 |
ZSB-23012 | Improper Privilege Management | High | CVE-2023-34120 | 06/13/2023 | 06/13/2023 |
ZSB-23011 | Improper Access Control in Zoom VDI Client Installer | High | CVE-2023-28603 | 06/13/2023 | 06/13/2023 |
ZSB-23010 | Improper Verification of Cryptographic Signature in Zoom Clients | Low | CVE-2023-28602 | 06/13/2023 | 06/13/2023 |
ZSB-23009 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Zoom Clients | Low | CVE-2023-28601 | 06/13/2023 | 06/13/2023 |
ZSB-23008 | Improper access control in Zoom Clients | Medium | CVE-2023-28600 | 06/13/2023 | 06/13/2023 |
ZSB-23007 | HTML Injection vulnerability in Zoom Clients | Medium | CVE-2023-28599 | 06/13/2023 | 06/13/2023 |
ZSB-23006 | HTML injection in Zoom Linux Clients | High | CVE-2023-28598 | 06/13/2023 | 06/13/2023 |
ZSB-23005 | Improper trust boundary implementation for SMB in Zoom Clients [Updated 2023-04-07] | High | CVE-2023-28597 | 03/14/2023 | 04/07/2023 |
ZSB-23004 | Local Privilege Escalation in Zoom for macOS Installers | Medium | CVE-2023-28596 | 03/14/2023 | 03/14/2023 |
ZSB-23003 | Local Privilege Escalation in Zoom for Windows Installers | High | CVE-2023-22883 | 03/14/2023 | 03/14/2023 |
ZSB-23002 | Denial of Service in Zoom Clients | Medium | CVE-2023-22881 CVE-2023-22882 | 03/14/2023 | 03/14/2023 |
ZSB-23001 | Information Disclosure in Zoom for Windows Clients | Medium | CVE-2023-22880 | 03/14/2023 | 03/14/2023 |
ZSB-22035 | Local Privilege Escalation in Zoom Rooms for Windows Installers | High | CVE-2022-36930 | 01/06/2023 | 01/06/2023 |
ZSB-22034 | Local Privilege Escalation in Zoom Rooms for Windows Clients | High | CVE-2022-36929 | 01/06/2023 | 01/06/2023 |
ZSB-22033 | Path Traversal in Zoom for Android Clients | Medium | CVE-2022-36928 | 01/06/2023 | 01/06/2023 |
ZSB-22032 | Local Privilege Escalation in Zoom Rooms for macOS Clients | High | CVE-2022-36926 CVE-2022-36927 | 01/06/2023 | 01/06/2023 |
ZSB-22031 | Insecure key generation for Zoom Rooms for macOS Clients | Medium | CVE-2022-36925 | 01/06/2023 | 01/06/2023 |
ZSB-22030 | Local Privilege Escalation in Zoom Rooms Installer for Windows | High | CVE-2022-36924 | 11/15/2022 | 11/15/2022 |
ZSB-22029 | Local Privilege Escalation in Zoom Client Installer for macOS | High | CVE-2022-28768 | 11/15/2022 | 11/15/2022 |
ZSB-22027 | DLL injection in Zoom Windows Clients | High | CVE-2022-28766 | 11/15/2022 | 11/15/2022 |
ZSB-22025 | Local information exposure in Zoom Clients | Low | CVE-2022-28764 | 11/10/2022 | 11/10/2022 |
No results found.
The official text for Zoom Security Bulletins is English. Translations are provided for your convenience and Zoom does not make any promises, assurances, or guarantees as to the accuracy of these translations.