Vulnerabilities > Zoom > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-11 CVE-2021-34420 Improper Verification of Cryptographic Signature vulnerability in Zoom Client for Meetings
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions.
network
low complexity
zoom CWE-347
7.4
2021-09-27 CVE-2021-34408 Link Following vulnerability in Zoom Meetings
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client.
local
low complexity
zoom CWE-59
7.8
2021-09-27 CVE-2021-34409 Incorrect Permission Assignment for Critical Resource vulnerability in Zoom Meetings, Rooms and Screen Sharing
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory.
local
low complexity
zoom CWE-732
7.8
2021-09-27 CVE-2021-34410 Incorrect Permission Assignment for Critical Resource vulnerability in Zoom Plugin for Microsoft Outlook
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.
local
low complexity
zoom CWE-732
7.8
2021-09-27 CVE-2021-34411 Improper Privilege Management vulnerability in Zoom Rooms
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges.
local
low complexity
zoom CWE-269
7.8
2021-09-27 CVE-2021-34412 Improper Privilege Management vulnerability in Zoom Meetings
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer.
local
low complexity
zoom CWE-269
7.8
2021-09-27 CVE-2021-34413 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Zoom Plugin for Microsoft Outlook
All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process.
network
high complexity
zoom CWE-367
7.5
2021-09-27 CVE-2021-34414 Improper Input Validation vulnerability in Zoom products
The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator.
network
low complexity
zoom CWE-20
7.2
2021-09-27 CVE-2021-34415 Allocation of Resources Without Limits or Throttling vulnerability in Zoom Meeting Connector
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.
network
low complexity
zoom CWE-770
7.5
2021-04-09 CVE-2021-30480 Unspecified vulnerability in Zoom Chat 20210409
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction.
network
low complexity
zoom
8.8