Vulnerabilities > Zoom > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-14 | CVE-2022-28759 | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703 Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. | 8.6 |
2022-10-14 | CVE-2022-28762 | Unspecified vulnerability in Zoom Meetings 5.11.3/5.11.5 Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. | 7.8 |
2022-04-28 | CVE-2022-22782 | Unspecified vulnerability in Zoom products The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. | 7.1 |
2022-04-28 | CVE-2022-22783 | Unspecified vulnerability in Zoom products A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. | 7.5 |
2022-02-09 | CVE-2022-22780 | Resource Exhaustion vulnerability in Zoom Meetings The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. | 7.8 |
2021-11-24 | CVE-2021-34423 | Classic Buffer Overflow vulnerability in Zoom products A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. | 7.5 |
2021-09-27 | CVE-2021-34409 | Unspecified vulnerability in Zoom Meetings, Rooms and Screen Sharing It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. | 7.8 |
2021-09-27 | CVE-2021-34410 | Incorrect Permission Assignment for Critical Resource vulnerability in Zoom Plugin for Microsoft Outlook A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. | 7.2 |
2021-09-27 | CVE-2021-34415 | Allocation of Resources Without Limits or Throttling vulnerability in Zoom Meeting Connector The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. | 7.8 |
2021-09-27 | CVE-2021-34416 | Improper Input Validation vulnerability in Zoom products The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. | 7.5 |