Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoom meetings vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2020-11470
Zoom Client for Meetings up to and including 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Cl...
Zoom Meetings
5
CVSSv2
CVE-2020-11500
Zoom Client for Meetings up to and including 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
Zoom Meetings
4.6
CVSSv2
CVE-2021-34412
During the installation process for all versions of the Zoom Client for Meetings for Windows prior to 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
Zoom Meetings
10
CVSSv2
CVE-2021-33907
The Zoom Client for Meetings for Windows in all versions prior to 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.
Zoom Meetings
NA
CVE-2022-28763
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to...
Zoom Virtual Desktop Infrastructure
Zoom Meetings
Zoom Rooms For Conference Rooms
5
CVSSv2
CVE-2020-11876
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code
Zoom Meetings 4.6.11
5
CVSSv2
CVE-2020-11877
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code
Zoom Meetings 4.6.11
6.6
CVSSv2
CVE-2022-22782
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptibl...
Zoom Vdi Windows Meeting Clients
Zoom Rooms For Conference Rooms
Zoom Zoom Plugin For Microsoft Outlook
Zoom Meetings
4.3
CVSSv2
CVE-2022-25614
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an malicious user to Sync with Zoom Meetings.
Stylemixthemes Eroom - Zoom Meetings \\& Webinar
4.3
CVSSv2
CVE-2022-25615
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.
Stylemixthemes Eroom - Zoom Meetings \\& Webinar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »