Every CVE whose affected-product data names Zoom Meetings, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (37)
CVE-2021-34423 — CVSS 9.8 (critical): A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version…
CVE-2021-33907 — CVSS 9.8 (critical): The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign…
CVE-2022-28751 — CVSS 8.8 (high): The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature…
CVE-2022-28763 — CVSS 8.8 (high): The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing…
CVE-2022-28757 — CVSS 8.8 (high): The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability…
CVE-2022-28768 — CVSS 8.8 (high): The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation…
CVE-2022-28756 — CVSS 8.8 (high): The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability…
CVE-2022-22784 — CVSS 8.1 (high): The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in…
CVE-2022-22782 — CVSS 7.9 (high): The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom…
CVE-2021-34409 — CVSS 7.8 (high): It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before…
CVE-2021-34412 — CVSS 7.8 (high): During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch…
CVE-2020-11469 — CVSS 7.8 (high): Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows…
CVE-2023-28596 — CVSS 7.8 (high): Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged…
CVE-2021-34408 — CVSS 7.8 (high): The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged…
CVE-2021-34424 — CVSS 7.5 (high): A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom…
CVE-2020-11500 — CVSS 7.5 (high): Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a…
CVE-2020-11876 — CVSS 7.5 (high): airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP…
CVE-2022-22786 — CVSS 7.5 (high): The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails…
CVE-2020-11877 — CVSS 7.5 (high): airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE…
CVE-2022-22781 — CVSS 7.5 (high): The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version…
CVE-2022-28762 — CVSS 7.3 (high): Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port…
CVE-2023-22883 — CVSS 7.2 (high): Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local…
CVE-2022-22788 — CVSS 7.1 (high): The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom…
CVE-2022-22787 — CVSS 5.9 (medium): The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname…
CVE-2022-22785 — CVSS 5.9 (medium): The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client…
CVE-2023-43582 — CVSS 5.5 (medium): Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
CVE-2023-36539 — CVSS 5.3 (medium): Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
CVE-2023-39199 — CVSS 4.9 (medium): Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via…
CVE-2022-22780 — CVSS 4.7 (medium): The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before…
CVE-2021-34425 — CVSS 4.7 (medium): The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery…
CVE-2023-39205 — CVSS 4.3 (medium): Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network…
CVE-2023-39204 — CVSS 4.3 (medium): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-39206 — CVSS 3.7 (low): Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-43588 — CVSS 3.5 (low): Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network…
CVE-2020-11470 — CVSS 3.3 (low): Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the…
CVE-2022-28766 — CVSS 3.3 (low): Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are…
CVE-2022-28764 — CVSS 3.3 (low): The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information…