Vulnerabilities > Zoom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-34413 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Zoom Plugin for Microsoft Outlook All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. | 6.0 |
| 2021-09-27 | CVE-2021-34414 | Improper Input Validation vulnerability in Zoom products The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator. | 6.5 |
| 2021-03-18 | CVE-2021-28133 | Information Exposure vulnerability in Zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. | 4.3 |
| 2020-06-08 | CVE-2020-6110 | Path Traversal vulnerability in Zoom 4.6.10 An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. | 6.8 |
| 2020-04-03 | CVE-2020-11500 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. | 5.0 |
| 2019-07-12 | CVE-2019-13567 | OS Command Injection vulnerability in Zoom The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. | 6.8 |
| 2019-07-09 | CVE-2019-13450 | Missing Authorization vulnerability in multiple products In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. | 6.5 |
| 2019-07-09 | CVE-2019-13449 | Improper Input Validation vulnerability in Zoom In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. | 6.5 |
| 2017-12-19 | CVE-2017-15048 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 6.8 |
| 2014-09-09 | CVE-2014-5811 | Cryptographic Issues vulnerability in Zoom Cloud Meetings @7F060008 The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |