Vulnerabilities > Zoom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-28133 | Information Exposure vulnerability in Zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. | 4.3 |
| 2020-08-14 | CVE-2020-9767 | Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4 A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. | 7.2 |
| 2020-06-08 | CVE-2020-6110 | Path Traversal vulnerability in Zoom 4.6.10 An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. | 6.8 |
| 2020-06-08 | CVE-2020-6109 | Path Traversal vulnerability in Zoom 4.6.10 An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. | 7.5 |
| 2020-05-04 | CVE-2020-11443 | Incorrect Permission Assignment for Critical Resource vulnerability in Zoom IT Installer The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. | 8.5 |
| 2020-04-17 | CVE-2020-11877 | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
| 2020-04-17 | CVE-2020-11876 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. | 7.5 |
| 2020-04-03 | CVE-2020-11500 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. | 5.0 |
| 2020-04-01 | CVE-2020-11470 | Missing Authorization vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access. | 2.1 |
| 2020-04-01 | CVE-2020-11469 | Files or Directories Accessible to External Parties vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | 7.2 |