Zoom Meetings vulnerabilities
37 known vulnerabilities affecting zoom/meetings.
Total CVEs
37
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH26MEDIUM5LOW2
Vulnerabilities
Page 2 of 2
CVE-2022-28757P3HIGHCVSS 7.8≥ 5.7.3, < 5.11.62022-08-18
CVE-2022-28757 [HIGH] CWE-345 CVE-2022-28757: The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and b
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
nvd
CVE-2022-28751P3HIGHCVSS 7.8fixed in 5.11.32022-08-17
CVE-2022-28751 [HIGH] CWE-347 CVE-2022-28751: The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
nvd
CVE-2021-34412P3HIGHCVSS 7.8fixed in 5.4.02021-09-27
CVE-2021-34412 [HIGH] CWE-269 CVE-2021-34412: During the installation process for all versions of the Zoom Client for Meetings for Windows before
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
nvd
CVE-2022-28762P3HIGHCVSS 7.8≥ 5.10.6, < 5.12.02022-10-14
CVE-2022-28762 [HIGH] CWE-16 CVE-2022-28762: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.1
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debu
nvd
CVE-2020-11469P3HIGHCVSS 7.8≤ 4.6.82020-04-01
CVE-2020-11469 [HIGH] CWE-552 CVE-2020-11469: Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary dire
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.
nvd
CVE-2022-22781P3HIGHCVSS 7.5fixed in 5.9.62022-04-28
CVE-2022-22781 [HIGH] CWE-354 CVE-2022-22781: The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version.
nvd
CVE-2022-28766P3HIGHCVSS 7.3fixed in 5.12.62022-11-17
CVE-2022-28766 [HIGH] CWE-94 CVE-2022-28766: Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
nvd
CVE-2020-11500P3HIGHCVSS 7.5≤ 4.6.92020-04-03
CVE-2020-11500 [HIGH] CWE-327 CVE-2020-11500: Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. With
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
nvd
CVE-2023-36539P3HIGHCVSS 7.5v5.15.0v5.15.12023-06-30
CVE-2023-36539 [HIGH] CWE-200 CVE-2023-36539: Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sens
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
nvd
CVE-2023-43588P3MEDIUMCVSS 6.5fixed in 5.16.02023-11-15
CVE-2023-43588 [MEDIUM] CWE-449 CVE-2023-43588: Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
nvd
CVE-2023-39199P4MEDIUMCVSS 6.5fixed in 5.16.02023-11-14
CVE-2023-39199 [MEDIUM] CWE-325 CVE-2023-39199: Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to condu
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
nvd
CVE-2023-39205P4MEDIUMCVSS 6.5fixed in 5.16.02023-11-14
CVE-2023-39205 [MEDIUM] CWE-754 CVE-2023-39205: Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to cond
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
nvd
CVE-2022-22782P4HIGHCVSS 7.1fixed in 5.9.72022-04-28
CVE-2022-22782 [HIGH] CVE-2022-22782: The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A m
nvd
CVE-2022-22780P4MEDIUMCVSS 6.5fixed in 5.6.3fixed in 5.7.3+2 more2022-02-09
CVE-2022-22780 [MEDIUM] CWE-400 CVE-2022-22780: The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the follow
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system reso
nvd
CVE-2021-34425P4MEDIUMCVSS 6.1fixed in 5.7.32021-12-14
CVE-2021-34425 [MEDIUM] CWE-918 CVE-2021-34425: The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) cont
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbit
nvd
CVE-2020-11470P4LOWCVSS 3.3≤ 4.6.82020-04-01
CVE-2020-11470 [LOW] CWE-345 CVE-2020-11470: Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, whic
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.
nvd
CVE-2022-28764P4LOWCVSS 3.3fixed in 5.12.62022-11-14
CVE-2022-28764 [LOW] CWE-200 CVE-2022-28764: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being abl
nvd
← Previous2 / 2