Vulnerabilities > Zoom > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-14 | CVE-2020-9767 | Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4 A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. | 7.2 |
| 2020-06-08 | CVE-2020-6109 | Path Traversal vulnerability in Zoom 4.6.10 An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. | 7.5 |
| 2020-05-04 | CVE-2020-11443 | Incorrect Permission Assignment for Critical Resource vulnerability in Zoom IT Installer The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. | 8.5 |
| 2020-04-17 | CVE-2020-11877 | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
| 2020-04-17 | CVE-2020-11876 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. | 7.5 |
| 2020-04-01 | CVE-2020-11469 | Files or Directories Accessible to External Parties vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | 7.2 |
| 2018-11-30 | CVE-2018-15715 | Improper Input Validation vulnerability in Zoom Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. | 7.5 |