Vulnerabilities > Zoom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-15 | CVE-2022-28749 | Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526 Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. | 4.3 |
| 2022-05-18 | CVE-2022-22787 | Improper Certificate Validation vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. | 7.5 |
| 2022-05-18 | CVE-2022-22784 | XML Injection (aka Blind XPath Injection) vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. | 8.1 |
| 2022-05-18 | CVE-2022-22785 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. | 9.1 |
| 2022-05-18 | CVE-2022-22786 | Download of Code Without Integrity Check vulnerability in Zoom Meetings and Rooms The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. | 8.8 |
| 2022-04-28 | CVE-2022-22781 | Improper Validation of Integrity Check Value vulnerability in Zoom Meetings The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. | 7.5 |
| 2022-04-28 | CVE-2022-22782 | Unspecified vulnerability in Zoom products The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. | 7.1 |
| 2022-04-28 | CVE-2022-22783 | Unspecified vulnerability in Zoom products A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. | 7.5 |
| 2022-02-09 | CVE-2022-22780 | Resource Exhaustion vulnerability in Zoom Meetings The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. | 6.5 |
| 2021-12-14 | CVE-2021-34425 | Server-Side Request Forgery (SSRF) vulnerability in Zoom Meetings The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. | 6.1 |