Vulnerabilities > Zoom

DATE CVE VULNERABILITY TITLE RISK
2021-04-09 CVE-2021-30480 Unspecified vulnerability in Zoom Chat 20210409
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction.
network
low complexity
zoom
8.8
2021-03-18 CVE-2021-28133 Information Exposure vulnerability in Zoom
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen.
network
low complexity
zoom CWE-200
4.3
2020-08-14 CVE-2020-9767 Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL.
local
low complexity
zoom CWE-427
7.8
2020-06-08 CVE-2020-6110 Path Traversal vulnerability in Zoom 4.6.10
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets.
network
low complexity
zoom CWE-22
8.8
2020-06-08 CVE-2020-6109 Path Traversal vulnerability in Zoom 4.6.10
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs.
network
low complexity
zoom CWE-22
critical
9.8
2020-05-04 CVE-2020-11443 Incorrect Permission Assignment for Critical Resource vulnerability in Zoom IT Installer
The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client.
network
low complexity
zoom CWE-732
8.1
2020-04-17 CVE-2020-11877 Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption.
network
low complexity
zoom CWE-330
7.5
2020-04-17 CVE-2020-11876 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context.
network
low complexity
zoom CWE-327
7.5
2020-04-03 CVE-2020-11500 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8/4.6.9
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption.
network
low complexity
zoom CWE-327
7.5
2020-04-01 CVE-2020-11470 Insufficient Verification of Data Authenticity vulnerability in Zoom Meetings 4.6.8
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.
local
low complexity
zoom CWE-345
3.3