Zoom Virtual Desktop Infrastructure — known CVE vulnerabilities
Every CVE whose affected-product data names Zoom Virtual Desktop Infrastructure, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2021-34423 — CVSS 9.8 (critical): A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version…
CVE-2023-39213 — CVSS 9.6 (critical): Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an…
CVE-2022-28755 — CVSS 9.6 (critical): The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing…
CVE-2023-49647 — CVSS 8.8 (high): Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10…
CVE-2022-28763 — CVSS 8.8 (high): The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing…
CVE-2023-34120 — CVSS 8.7 (high): Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an…
CVE-2023-28597 — CVSS 8.3 (high): Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB…
CVE-2023-28603 — CVSS 7.7 (high): Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local…
CVE-2021-34424 — CVSS 7.5 (high): A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom…
CVE-2023-43586 — CVSS 7.3 (high): Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user…
CVE-2023-36535 — CVSS 7.1 (high): Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information…
CVE-2023-39215 — CVSS 7.1 (high): Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2023-22880 — CVSS 6.8 (medium): Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients…
CVE-2023-49646 — CVSS 6.4 (medium): Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via…
CVE-2023-39218 — CVSS 6.1 (medium): Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure…
CVE-2023-36532 — CVSS 5.9 (medium): Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2023-43582 — CVSS 5.5 (medium): Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
CVE-2023-39199 — CVSS 4.9 (medium): Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via…
CVE-2023-39205 — CVSS 4.3 (medium): Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network…
CVE-2023-39204 — CVSS 4.3 (medium): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-39203 — CVSS 4.3 (medium): Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated…
CVE-2023-34121 — CVSS 4.1 (medium): Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated…
CVE-2023-39206 — CVSS 3.7 (low): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-43588 — CVSS 3.5 (low): Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network…
CVE-2023-39202 — CVSS 3.1 (low): Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via…