Vulnerabilities > Zoom > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2020-9767 Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL.
local
low complexity
zoom CWE-427
7.2
2020-06-08 CVE-2020-6109 Path Traversal vulnerability in Zoom 4.6.10
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs.
network
low complexity
zoom CWE-22
7.5
2020-05-04 CVE-2020-11443 Incorrect Permission Assignment for Critical Resource vulnerability in Zoom IT Installer
The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client.
network
low complexity
zoom CWE-732
8.5
2020-04-17 CVE-2020-11877 Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption.
network
low complexity
zoom CWE-330
7.5
2020-04-17 CVE-2020-11876 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context.
network
low complexity
zoom CWE-327
7.5
2020-04-01 CVE-2020-11469 Files or Directories Accessible to External Parties vulnerability in Zoom Meetings 4.6.8
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.
local
low complexity
zoom CWE-552
7.2
2018-11-30 CVE-2018-15715 Improper Input Validation vulnerability in Zoom
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing.
network
low complexity
zoom CWE-20
7.5