Shmoul

**Name of the Vulnerable Software and Affected Versions** Zoom Workplace App for Linux versions prior to 6.2.5 **Description** The issue is related to an out-of-bounds write in the Zoom Workplace App for Linux, which may allow an unauthorized user to conduct a denial of service via network access. **Recommendations** For versions prior to 6.2.5, update to version 6.2.5 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps and SDKs for Windows (affected versions not specified) Description: The issue is related to path traversal in Team Chat, which may allow an authenticated user to disclose information via network access. It is also associated with synchronization errors, specifically a "race condition" when using a shared resource, potentially enabling a remote attacker to reveal protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoom Desktop Client for Windows (affected versions not specified) Zoom VDI Client for Windows (affected versions not specified) Zoom Meeting SDK for Windows (affected versions not specified) **Description** The issue is related to improper input validation in Zoom software for Windows, which may allow an authenticated user to disclose information via network access. This can be exploited by a remote attacker to reveal protected information. **Recommendations** For Zoom Desktop Client for Windows, consider restricting network access until a fix is available. For Zoom VDI Client for Windows, avoid using the software for sensitive information exchange until the issue is resolved. For Zoom Meeting SDK for Windows, as a temporary workaround, consider disabling the chat functionality to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoom Desktop Client for Windows (affected versions not specified) Zoom VDI Client for Windows (affected versions not specified) Zoom Meeting SDK for Windows (affected versions not specified) **Description** The issue is related to improper input validation, which may allow an authenticated user to disclose information via network access. This can be exploited by a remote attacker to reveal protected information. **Recommendations** For Zoom Desktop Client for Windows, consider restricting network access until a fix is available. For Zoom VDI Client for Windows, avoid using the software for sensitive information exchange until the issue is resolved. For Zoom Meeting SDK for Windows, as a temporary workaround, consider disabling any functionality that relies on user input validation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoom Desktop Client for Windows (affected versions not specified) Zoom VDI Client for Windows (affected versions not specified) Zoom SDKs for Windows (affected versions not specified) **Description** The issue allows an authenticated user to conduct an escalation of privilege via network access due to path traversal in the affected software. **Recommendations** For Zoom Desktop Client for Windows, update to a version that includes a fix for this issue. For Zoom VDI Client for Windows, update to a version that includes a fix for this issue. For Zoom SDKs for Windows, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.