Vulnerabilities > Zoom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-34416 | Improper Input Validation vulnerability in Zoom products The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. | 7.5 |
| 2021-04-09 | CVE-2021-30480 | Unspecified vulnerability in Zoom Chat 20210409 Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. | 9.0 |
| 2021-03-18 | CVE-2021-28133 | Information Exposure vulnerability in Zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. | 4.3 |
| 2020-08-14 | CVE-2020-9767 | Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4 A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. | 7.2 |
| 2020-06-08 | CVE-2020-6110 | Path Traversal vulnerability in Zoom 4.6.10 An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. | 6.8 |
| 2020-06-08 | CVE-2020-6109 | Path Traversal vulnerability in Zoom 4.6.10 An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. | 7.5 |
| 2020-05-04 | CVE-2020-11443 | Incorrect Permission Assignment for Critical Resource vulnerability in Zoom IT Installer The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. | 8.5 |
| 2020-04-17 | CVE-2020-11877 | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
| 2020-04-17 | CVE-2020-11876 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. | 7.5 |
| 2020-04-03 | CVE-2020-11500 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. | 5.0 |