Vulnerabilities > Zoom

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-22788 Uncontrolled Search Path Element vulnerability in Zoom Meetings and Rooms
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed.
local
zoom CWE-427
6.9
2022-06-15 CVE-2022-28749 Incorrect Authorization vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526
Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee.
network
low complexity
zoom CWE-863
4.0
2022-05-18 CVE-2022-22787 Improper Certificate Validation vulnerability in Zoom Meetings
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request.
network
zoom CWE-295
6.0
2022-05-18 CVE-2022-22784 XML Injection (aka Blind XPath Injection) vulnerability in Zoom Meetings
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages.
network
low complexity
zoom CWE-91
5.5
2022-05-18 CVE-2022-22785 Reliance on Cookies without Validation and Integrity Checking vulnerability in Zoom Meetings
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains.
network
low complexity
zoom CWE-565
6.4
2022-05-18 CVE-2022-22786 Download of Code Without Integrity Check vulnerability in Zoom Meetings and Rooms
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process.
network
zoom CWE-494
6.8
2022-04-28 CVE-2022-22781 Improper Validation of Integrity Check Value vulnerability in Zoom Meetings
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process.
network
low complexity
zoom CWE-354
5.0
2022-04-28 CVE-2022-22782 Improper Privilege Management vulnerability in Zoom products
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation.
local
low complexity
zoom CWE-269
6.6
2022-04-28 CVE-2022-22783 Exposure of Resource to Wrong Sphere vulnerability in Zoom products
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.
network
low complexity
zoom CWE-668
5.0
2022-02-09 CVE-2022-22780 Resource Exhaustion vulnerability in Zoom Meetings
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3.
network
low complexity
zoom CWE-400
7.8