Vulnerabilities > Zoom > Meetings > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-34409 | Incorrect Permission Assignment for Critical Resource vulnerability in Zoom Meetings, Rooms and Screen Sharing It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. | 7.8 |
| 2021-09-27 | CVE-2021-34412 | Improper Privilege Management vulnerability in Zoom Meetings During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. | 7.8 |
| 2020-04-17 | CVE-2020-11877 | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
| 2020-04-17 | CVE-2020-11876 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. | 7.5 |
| 2020-04-03 | CVE-2020-11500 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8/4.6.9 Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. | 7.5 |
| 2020-04-01 | CVE-2020-11469 | Files or Directories Accessible to External Parties vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | 7.8 |