Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoom meetings vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-30480
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated malicious users to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is speci...
Zoom Chat
7.5
CVSSv3
CVE-2020-11876
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code
Zoom Meetings 4.6.11
7.5
CVSSv3
CVE-2020-11877
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code
Zoom Meetings 4.6.11
7.5
CVSSv3
CVE-2020-11500
Zoom Client for Meetings up to and including 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
Zoom Meetings
7.8
CVSSv3
CVE-2020-11469
Zoom Client for Meetings up to and including 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.
Zoom Meetings
3.3
CVSSv3
CVE-2020-11470
Zoom Client for Meetings up to and including 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Cl...
Zoom Meetings
9.8
CVSSv3
CVE-2018-15715
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom serve...
Zoom Zoom
NA
CVE-2014-5811
The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Zoom Zoom Cloud Meetings \\@7f060008
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5