Vulnerabilities > Zoom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-28599 | Injection vulnerability in Zoom Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. | 4.3 |
| 2022-10-14 | CVE-2022-28760 | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703/4.8.102.20220310 Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. | 6.5 |
| 2022-10-14 | CVE-2022-28761 | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. | 6.5 |
| 2022-08-11 | CVE-2022-28753 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
| 2022-08-11 | CVE-2022-28754 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
| 2022-08-11 | CVE-2022-28755 | Open Redirect vulnerability in Zoom The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. | 6.1 |
| 2022-06-15 | CVE-2022-28749 | Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526 Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. | 4.3 |
| 2022-02-09 | CVE-2022-22780 | Resource Exhaustion vulnerability in Zoom Meetings The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. | 6.5 |
| 2021-12-14 | CVE-2021-34425 | Server-Side Request Forgery (SSRF) vulnerability in Zoom Meetings The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. | 6.1 |
| 2021-11-11 | CVE-2021-34418 | NULL Pointer Dereference vulnerability in Zoom products The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. | 5.3 |