Skip to main content

Meetings

36 CVEs product

Monthly

CVE-2023-43588 MEDIUM This Month

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43582 HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39206 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39205 MEDIUM This Month

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meetings Video Software Development Kit Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-39204 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39199 MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36539 HIGH This Week

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Video Software Development Kit Zoom +5
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28596 HIGH This Week

Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meetings
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22883 HIGH This Week

Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28768 HIGH This Week

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28766 HIGH This Week

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Code Injection Meetings Rooms
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2022-28764 LOW Monitor

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Google Meetings +2
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-28763 CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Google Apple Meetings +2
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2022-28762 HIGH This Week

Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Meetings
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28757 HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28751 HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-28756 HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22788 HIGH This Week

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Meetings Rooms
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-22787 HIGH This Week

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Microsoft Apple Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2022-22786 HIGH This Week

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meetings Rooms
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-22785 CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Apple Information Disclosure Meetings
NVD
CVSS 3.1
9.1
EPSS
3.7%
CVE-2022-22784 HIGH This Week

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Microsoft Apple Information Disclosure Meetings
NVD
CVSS 3.1
8.1
EPSS
4.3%
CVE-2022-22782 HIGH This Week

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meetings Rooms For Conference Rooms Vdi Windows Meeting Clients +1
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-22781 HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-34425 MEDIUM This Month

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Microsoft SSRF Meetings
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34424 HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP Apple Microsoft +30
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-34423 CRITICAL Act Now

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE HP Apple +31
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-34412 HIGH This Week

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34409 HIGH This Week

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings Rooms Screen Sharing
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34408 HIGH This Week

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33907 CRITICAL Act Now

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Meetings
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-11877 HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-11876 HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-11500 HIGH POC This Week

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11470 LOW POC Monitor

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Meetings
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-11469 HIGH POC This Week

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Apple Information Disclosure Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Virtual Desktop Infrastructure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meetings Video Software Development Kit +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meetings
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meetings
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
EPSS 1% CVSS 7.3
HIGH This Week

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Code Injection +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +4
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Google +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Meetings
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Meetings +1
NVD
EPSS 4% CVSS 7.5
HIGH This Week

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Microsoft Apple +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meetings +1
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Apple +2
NVD
EPSS 4% CVSS 8.1
HIGH This Week

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Microsoft Apple +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meetings +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Microsoft +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP +32
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE +33
NVD
EPSS 0% CVSS 7.8
HIGH This Week

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
EPSS 0% CVSS 7.8
HIGH This Week

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meetings
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Meetings
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meetings
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Meetings
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meetings
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Meetings
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Apple Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy