Vulnerabilities > Zoom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-11 | CVE-2022-28753 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
| 2022-08-11 | CVE-2022-28754 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
| 2022-06-15 | CVE-2022-22788 | Uncontrolled Search Path Element vulnerability in Zoom Meetings and Rooms The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. | 6.9 |
| 2022-06-15 | CVE-2022-28749 | Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526 Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. | 4.3 |
| 2022-05-18 | CVE-2022-22787 | Improper Certificate Validation vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. | 6.0 |
| 2022-05-18 | CVE-2022-22784 | XML Injection (aka Blind XPath Injection) vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. | 5.5 |
| 2022-05-18 | CVE-2022-22785 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. | 6.4 |
| 2022-05-18 | CVE-2022-22786 | Download of Code Without Integrity Check vulnerability in Zoom Meetings and Rooms The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. | 6.8 |
| 2022-04-28 | CVE-2022-22781 | Improper Validation of Integrity Check Value vulnerability in Zoom Meetings The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. | 5.0 |
| 2021-12-14 | CVE-2021-34425 | Server-Side Request Forgery (SSRF) vulnerability in Zoom Meetings The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. | 4.0 |