threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zoom meetings
Product
zoom meetings
37 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-43588
< 5.16.0
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via
3.5
LOW
CVE-2023-43582
< 5.16.0
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
5.5
MEDIUM
CVE-2023-39206
< 5.16.0
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
3.7
LOW
CVE-2023-39205
< 5.16.0
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via ne
4.3
MEDIUM
CVE-2023-39204
< 5.15.10
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
4.3
MEDIUM
CVE-2023-39199
< 5.16.0
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure v
4.9
MEDIUM
CVE-2023-36539
all versions
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
5.3
MEDIUM
CVE-2023-28596
< 5.13.5
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-pr
7.8
HIGH
CVE-2023-22883
< 5.13.5
Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-
7.2
HIGH
CVE-2022-28768
< 5.12.6
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege esca
8.8
HIGH
CVE-2022-28766
< 5.12.6
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are
3.3
LOW
CVE-2022-28764
< 5.12.6
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local informa
3.3
LOW
CVE-2022-28763
< 5.12.2
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing v
8.8
HIGH
CVE-2022-28762
>= 5.10.6 and < 5.12.0
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port
7.3
HIGH
CVE-2022-28757
>= 5.7.3 and < 5.11.6
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulner
8.8
HIGH
CVE-2022-28751
< 5.11.3
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package s
8.8
HIGH
CVE-2022-28756
>= 5.7.3 and < 5.11.5
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulner
8.8
HIGH
CVE-2022-22788
< 5.10.3
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having t
7.1
HIGH
CVE-2022-22787
< 5.10.0
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the ho
5.9
MEDIUM
CVE-2022-22786
< 5.10.0
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.
7.5
HIGH
CVE-2022-22785
< 5.10.0
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain clie
5.9
MEDIUM
CVE-2022-22784
< 5.10.0
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stan
8.1
HIGH
CVE-2022-22782
< 5.9.7
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.
7.9
HIGH
CVE-2022-22781
< 5.9.6
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package ver
7.5
HIGH
CVE-2022-22780
< 5.8.6
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android
4.7
MEDIUM
CVE-2021-34425
< 5.7.3
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forg
4.7
MEDIUM
CVE-2021-34424
< 5.8.3
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4,
7.5
HIGH
CVE-2021-34423
< 5.8.3
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve
9.8
CRITICAL
CVE-2021-34412
< 5.4.0
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launc
7.8
HIGH
CVE-2021-34409
< 5.2.0
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installatio
7.8
HIGH
CVE-2021-34408
< 5.3.2
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a p
7.8
HIGH
CVE-2021-33907
< 5.3.0
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used
9.8
CRITICAL
CVE-2020-11877
all versions
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption.
7.5
HIGH
CVE-2020-11876
all versions
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL
7.5
HIGH
CVE-2020-11500
<= 4.6.9
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants
7.5
HIGH
CVE-2020-11470
<= 4.6.8
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with
3.3
LOW
CVE-2020-11469
<= 4.6.8
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, whi
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin