Vulnerabilities > Zoom > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-11 CVE-2022-28753 Unspecified vulnerability in Zoom Meeting Connector
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.
network
low complexity
zoom
5.4
2022-08-11 CVE-2022-28754 Unspecified vulnerability in Zoom Meeting Connector
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.
network
low complexity
zoom
5.4
2022-08-11 CVE-2022-28755 Open Redirect vulnerability in Zoom
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability.
network
low complexity
zoom CWE-601
6.1
2022-06-15 CVE-2022-28749 Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526
Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee.
network
low complexity
zoom
4.3
2022-02-09 CVE-2022-22780 Resource Exhaustion vulnerability in Zoom Meetings
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3.
network
low complexity
zoom CWE-400
6.5
2021-12-14 CVE-2021-34425 Server-Side Request Forgery (SSRF) vulnerability in Zoom Meetings
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality.
network
low complexity
zoom CWE-918
6.1
2021-11-11 CVE-2021-34418 NULL Pointer Dereference vulnerability in Zoom products
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating.
network
low complexity
zoom CWE-476
5.3
2021-11-11 CVE-2021-34419 Injection vulnerability in Zoom Client for Meetings
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing.
network
low complexity
zoom CWE-74
5.3
2021-03-18 CVE-2021-28133 Information Exposure vulnerability in Zoom
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen.
network
low complexity
zoom CWE-200
4.3
2019-07-09 CVE-2019-13450 Missing Authorization vulnerability in multiple products
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active.
network
low complexity
ringcentral zoom CWE-862
6.5