Vulnerabilities > Zoom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2020-11469 | Files or Directories Accessible to External Parties vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | 7.8 |
| 2019-07-12 | CVE-2019-13567 | OS Command Injection vulnerability in Zoom The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. | 8.8 |
| 2019-07-09 | CVE-2019-13450 | Missing Authorization vulnerability in multiple products In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. | 6.5 |
| 2019-07-09 | CVE-2019-13449 | Improper Input Validation vulnerability in Zoom In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. | 6.5 |
| 2018-11-30 | CVE-2018-15715 | Improper Input Validation vulnerability in Zoom Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. | 9.8 |
| 2017-12-19 | CVE-2017-15049 | OS Command Injection vulnerability in Zoom The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 8.8 |
| 2017-12-19 | CVE-2017-15048 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 8.8 |