Vulnerabilities > Zoom > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-24691 Unspecified vulnerability in Zoom products
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
network
low complexity
zoom
critical
9.8
2023-08-08 CVE-2023-39213 Injection vulnerability in Zoom Virtual Desktop Infrastructure and Zoom
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
network
low complexity
zoom CWE-74
critical
9.8
2023-08-08 CVE-2023-36534 Path Traversal vulnerability in Zoom
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
network
low complexity
zoom CWE-22
critical
9.8
2023-08-08 CVE-2023-39216 Unspecified vulnerability in Zoom
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
network
low complexity
zoom
critical
9.8
2022-10-31 CVE-2022-28763 Open Redirect vulnerability in Zoom Meetings and Virtual Desktop Infrastructure
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability.
network
low complexity
zoom CWE-601
critical
9.6
2021-11-11 CVE-2021-34417 Improper Input Validation vulnerability in Zoom products
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password.
network
low complexity
zoom CWE-20
critical
9.0
2021-09-27 CVE-2021-33907 Improper Certificate Validation vulnerability in Zoom Meetings 4.6.11
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client.
network
low complexity
zoom CWE-295
critical
10.0
2021-04-09 CVE-2021-30480 Unspecified vulnerability in Zoom Chat 20210409
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction.
network
low complexity
zoom
critical
9.0
2017-12-19 CVE-2017-15049 OS Command Injection vulnerability in Zoom
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
network
zoom CWE-78
critical
9.3
2004-08-06 CVE-2004-0680 Unspecified vulnerability in Zoom Model 5560 X3 Ethernet Adsl Modem
Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access.
network
low complexity
zoom
critical
10.0