Vulnerabilities > Zoom > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-11 | CVE-2022-28753 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
2022-08-11 | CVE-2022-28754 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
2022-08-11 | CVE-2022-28755 | Open Redirect vulnerability in Zoom The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. | 6.1 |
2022-06-15 | CVE-2022-28749 | Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526 Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. | 4.3 |
2022-02-09 | CVE-2022-22780 | Resource Exhaustion vulnerability in Zoom Meetings The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. | 6.5 |
2021-12-14 | CVE-2021-34425 | Server-Side Request Forgery (SSRF) vulnerability in Zoom Meetings The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. | 6.1 |
2021-11-11 | CVE-2021-34418 | NULL Pointer Dereference vulnerability in Zoom products The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. | 5.3 |
2021-11-11 | CVE-2021-34419 | Injection vulnerability in Zoom Client for Meetings In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. | 5.3 |
2021-03-18 | CVE-2021-28133 | Information Exposure vulnerability in Zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. | 4.3 |
2019-07-09 | CVE-2019-13450 | Missing Authorization vulnerability in multiple products In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. | 6.5 |