Vulnerabilities > Zoom

DATE CVE VULNERABILITY TITLE RISK
2022-08-11 CVE-2022-28753 Unspecified vulnerability in Zoom Meeting Connector
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.
network
low complexity
zoom
5.4
2022-08-11 CVE-2022-28754 Unspecified vulnerability in Zoom Meeting Connector
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.
network
low complexity
zoom
5.4
2022-08-11 CVE-2022-28755 Open Redirect vulnerability in Zoom
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability.
network
low complexity
zoom CWE-601
6.1
2022-06-15 CVE-2022-22788 Uncontrolled Search Path Element vulnerability in Zoom Meetings and Rooms
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed.
local
low complexity
zoom CWE-427
7.8
2022-06-15 CVE-2022-28749 Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526
Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee.
network
low complexity
zoom
4.3
2022-05-18 CVE-2022-22787 Improper Certificate Validation vulnerability in Zoom Meetings
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request.
network
high complexity
zoom CWE-295
7.5
2022-05-18 CVE-2022-22784 XML Injection (aka Blind XPath Injection) vulnerability in Zoom Meetings
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages.
network
low complexity
zoom CWE-91
8.1
2022-05-18 CVE-2022-22785 Reliance on Cookies without Validation and Integrity Checking vulnerability in Zoom Meetings
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains.
network
low complexity
zoom CWE-565
critical
9.1
2022-05-18 CVE-2022-22786 Download of Code Without Integrity Check vulnerability in Zoom Meetings and Rooms
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process.
network
low complexity
zoom CWE-494
8.8
2022-04-28 CVE-2022-22781 Improper Validation of Integrity Check Value vulnerability in Zoom Meetings
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process.
network
low complexity
zoom CWE-354
7.5