Vulnerabilities > Zoom

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-33907 Improper Certificate Validation vulnerability in Zoom Meetings 4.6.11
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client.
network
low complexity
zoom CWE-295
critical
10.0
2021-09-27 CVE-2021-34408 Improper Privilege Management vulnerability in Zoom Meetings 4.6.11
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client.
local
low complexity
zoom CWE-269
4.6
2021-09-27 CVE-2021-34409 Improper Privilege Management vulnerability in Zoom Meetings
User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root.
local
low complexity
zoom CWE-269
7.2
2021-09-27 CVE-2021-34410 Improper Privilege Management vulnerability in Zoom Plugin for Microsoft Outlook
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.
local
low complexity
zoom CWE-269
7.2
2021-09-27 CVE-2021-34411 Improper Privilege Management vulnerability in Zoom Rooms
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges.
local
low complexity
zoom CWE-269
4.6
2021-09-27 CVE-2021-34412 Improper Privilege Management vulnerability in Zoom Meetings 4.6.11
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer.
local
low complexity
zoom CWE-269
4.6
2021-09-27 CVE-2021-34413 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Zoom Plugin for Microsoft Outlook
All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process.
network
zoom CWE-367
6.0
2021-09-27 CVE-2021-34414 Improper Input Validation vulnerability in Zoom products
The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator.
network
low complexity
zoom CWE-20
6.5
2021-09-27 CVE-2021-34415 Improper Input Validation vulnerability in Zoom Meeting Connector
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.
network
low complexity
zoom CWE-20
7.8
2021-09-27 CVE-2021-34416 Improper Input Validation vulnerability in Zoom products
The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators.
network
low complexity
zoom CWE-20
7.5