CVE-2022-28763

CRITICAL Year: 2022
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-20
View all →

Vulnerability Description

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

Related Vulnerabilities

CVE-2016-1706

CRITICAL
CVSS:9.6(Critical)

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows rem...

CWE-202016

CVE-2017-14589

CRITICAL
CVSS:9.6(Critical)

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a...

CWE-202017

CVE-2017-15402

CRITICAL
CVSS:9.6(Critical)

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior...

CWE-202017

CVE-2018-0104

CRITICAL
CVSS:9.6(Critical)

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker...

CWE-202018

CVE-2018-0264

CRITICAL
CVSS:9.6(Critical)

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targe...

CWE-202018

CVE-2018-11314

CRITICAL
CVSS:9.6(Critical)

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be ex...

CWE-202018