Vulnerabilities > Zoom > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2020-9767 Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL.
local
low complexity
zoom CWE-427
7.8
2020-06-08 CVE-2020-6110 Path Traversal vulnerability in Zoom 4.6.10
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets.
network
low complexity
zoom CWE-22
8.8
2020-05-04 CVE-2020-11443 Incorrect Permission Assignment for Critical Resource vulnerability in Zoom IT Installer
The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client.
network
low complexity
zoom CWE-732
8.1
2020-04-17 CVE-2020-11877 Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption.
network
low complexity
zoom CWE-330
7.5
2020-04-17 CVE-2020-11876 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context.
network
low complexity
zoom CWE-327
7.5
2020-04-03 CVE-2020-11500 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8/4.6.9
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption.
network
low complexity
zoom CWE-327
7.5
2020-04-01 CVE-2020-11469 Files or Directories Accessible to External Parties vulnerability in Zoom Meetings 4.6.8
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.
local
low complexity
zoom CWE-552
7.8
2019-07-12 CVE-2019-13567 OS Command Injection vulnerability in Zoom
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450.
network
low complexity
zoom CWE-78
8.8
2017-12-19 CVE-2017-15049 OS Command Injection vulnerability in Zoom
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
network
low complexity
zoom CWE-78
8.8
2017-12-19 CVE-2017-15048 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
network
low complexity
zoom CWE-119
8.8