threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zoom rooms
Product
zoom rooms
198 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-30903
< 6.6.0
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated
9.6
CRITICAL
CVE-2026-30902
< 6.6.0
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of priv
7.8
HIGH
CVE-2026-30901
< 6.6.5
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escal
7.0
HIGH
CVE-2026-30900
>= 6.6.0 and < 6.6.11
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to c
7.8
HIGH
CVE-2025-67461
< 6.6.0
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a di
5.0
MEDIUM
CVE-2025-67460
< 6.6.0
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to con
7.8
HIGH
CVE-2025-62484
< 6.5.10
Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated use
8.1
HIGH
CVE-2025-64741
< 6.5.10
Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct a
8.1
HIGH
CVE-2025-64740
< 6.3.14
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authentic
7.5
HIGH
CVE-2025-64739
< 6.5.10
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of informa
4.3
MEDIUM
CVE-2025-64738
< 6.5.10
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct
5.0
MEDIUM
CVE-2025-62483
< 6.5.10
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to condu
5.3
MEDIUM
CVE-2025-62482
< 6.5.10
Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via
4.3
MEDIUM
CVE-2025-30669
< 6.5.10
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information v
4.8
MEDIUM
CVE-2025-30662
< 6.3.14
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and
6.6
MEDIUM
CVE-2025-58133
< 6.5.1
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of
5.3
MEDIUM
CVE-2025-58132
< 6.5.5
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via netw
4.1
MEDIUM
CVE-2025-58135
< 6.5.0
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosur
5.3
MEDIUM
CVE-2025-58134
< 6.5.0
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to inte
4.3
MEDIUM
CVE-2025-49461
< 6.5.0
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via networ
4.3
MEDIUM
CVE-2025-49460
< 6.5.0
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of servi
4.3
MEDIUM
CVE-2025-49458
< 6.5.0
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network acces
6.5
MEDIUM
CVE-2025-49457
< 6.3.10
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege
9.6
CRITICAL
CVE-2025-49456
< 6.4.5
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application inte
6.2
MEDIUM
CVE-2025-49464
< 6.4.5
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via networ
6.5
MEDIUM
CVE-2025-49463
< 6.4.5
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to con
6.5
MEDIUM
CVE-2025-49462
< 6.4.5
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of info
3.5
LOW
CVE-2025-46789
all versions
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via networ
6.5
MEDIUM
CVE-2025-46788
< 6.4.13
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an inf
7.4
HIGH
CVE-2025-46786
< 6.4.0
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
4.3
MEDIUM
CVE-2025-46785
< 6.4.0
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via networ
6.5
MEDIUM
CVE-2025-30668
< 6.4.0
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
6.5
MEDIUM
CVE-2025-30667
< 6.4.0
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30666
< 6.4.0
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30665
< 6.4.0
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30664
< 6.4.0
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local a
6.6
MEDIUM
CVE-2025-30663
< 6.4.0
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of p
8.8
HIGH
CVE-2025-30671
< 6.4.0
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-30670
< 6.4.0
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service vi
6.5
MEDIUM
CVE-2025-27443
< 6.4.0
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss
2.8
LOW
CVE-2025-27442
< 6.4.0
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent net
4.6
MEDIUM
CVE-2025-27441
< 6.4.0
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent net
4.6
MEDIUM
CVE-2025-27440
< 6.3.0
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access
8.5
HIGH
CVE-2025-27439
< 6.3.0
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network acc
8.5
HIGH
CVE-2025-0151
< 6.3.0
Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network acces
8.5
HIGH
CVE-2025-0150
< 6.3.0
Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a den
7.1
HIGH
CVE-2025-0149
< 6.3.0
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of s
6.5
MEDIUM
CVE-2024-27246
< 6.0.0
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network acc
4.3
MEDIUM
CVE-2024-27245
< 6.0.0
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network ac
4.3
MEDIUM
CVE-2024-27239
< 6.0.0
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network acc
4.3
MEDIUM
CVE-2024-45426
< 6.1.0
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via ne
4.9
MEDIUM
CVE-2024-45425
< 6.1.0
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network
4.9
MEDIUM
CVE-2024-45424
< 6.1.0
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via netw
5.3
MEDIUM
CVE-2024-45421
< 6.2.0
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
8.5
HIGH
CVE-2024-45418
< 6.1.5
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an
5.4
MEDIUM
CVE-2024-45417
< 6.1.5
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user t
6.0
MEDIUM
CVE-2025-0147
< 6.2.10
Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privileg
8.8
HIGH
CVE-2025-0146
< 6.2.10
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a den
3.9
LOW
CVE-2025-0145
< 6.2.5
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalat
4.6
MEDIUM
CVE-2025-0144
< 6.2.5
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
3.1
LOW
CVE-2025-0143
< 6.2.5
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of
4.3
MEDIUM
CVE-2024-45422
< 6.2.0
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service
6.5
MEDIUM
CVE-2024-45420
< 6.2.0
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of se
4.3
MEDIUM
CVE-2024-45419
< 6.2.0
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network a
8.1
HIGH
CVE-2024-42441
< 6.1.5
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Room
6.2
MEDIUM
CVE-2024-42440
< 6.1.5
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms
6.2
MEDIUM
CVE-2024-42439
< 6.1.0
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may al
6.5
MEDIUM
CVE-2024-42438
< 6.1.0
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5
MEDIUM
CVE-2024-42437
< 6.1.0
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5
MEDIUM
CVE-2024-42436
< 6.1.0
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct
6.5
MEDIUM
CVE-2024-42435
< 6.1.0
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged us
4.9
MEDIUM
CVE-2024-42434
< 6.1.0
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9
MEDIUM
CVE-2024-39825
< 6.0.0
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privileg
8.5
HIGH
CVE-2024-39824
< 6.1.0
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9
MEDIUM
CVE-2024-39823
< 6.1.0
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to condu
4.9
MEDIUM
CVE-2024-39822
< 6.1.0
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated
6.5
MEDIUM
CVE-2024-39818
< 6.0.0
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosu
7.5
HIGH
CVE-2024-39827
< 6.0.10
Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authentic
5.5
MEDIUM
CVE-2024-39826
< 6.0.0
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct informati
6.8
MEDIUM
CVE-2024-39821
< 6.0.6
Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user
6.6
MEDIUM
CVE-2024-39820
< 6.0.10
Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an auth
6.6
MEDIUM
CVE-2024-39819
< 5.17.13
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a p
6.7
MEDIUM
CVE-2024-27241
< 6.0.0
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network ac
5.3
MEDIUM
CVE-2024-27240
< 6.0.0
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege e
7.1
HIGH
CVE-2024-27238
< 6.0.0
Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to co
7.1
HIGH
CVE-2024-27244
< 5.15.0
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated
6.7
MEDIUM
CVE-2024-27243
< 5.17.5
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network
6.5
MEDIUM
CVE-2024-27247
< 5.17.10
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged use
5.5
MEDIUM
CVE-2024-27242
< 5.7.10
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial o
4.1
MEDIUM
CVE-2024-24694
< 5.7.10
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticat
5.9
MEDIUM
CVE-2024-24693
< 5.17.5
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user t
7.2
HIGH
CVE-2024-24692
< 5.17.5
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct
5.3
MEDIUM
CVE-2024-24699
< 5.17.0
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
6.5
MEDIUM
CVE-2024-24698
< 5.17.0
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
4.9
MEDIUM
CVE-2024-24697
< 5.17.0
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege vi
7.2
HIGH
CVE-2024-24696
< 5.17.0
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may al
6.8
MEDIUM
CVE-2024-24695
< 5.16.5
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may al
6.8
MEDIUM
CVE-2024-24691
< 5.17.0
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may al
9.6
CRITICAL
CVE-2024-24690
< 5.17.0
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
5.4
MEDIUM
CVE-2023-49647
< 5.16.10
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version
8.8
HIGH
CVE-2023-49646
< 5.16.5
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service
6.4
MEDIUM
CVE-2023-43586
< 5.16.5
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticat
7.3
HIGH
CVE-2023-43585
< 5.16.0
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to
7.1
HIGH
CVE-2023-43583
< 5.16.0
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0
4.9
MEDIUM
CVE-2023-43591
< 5.16.0
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalat
7.8
HIGH
CVE-2023-43590
< 5.16.0
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privileg
7.8
HIGH
CVE-2023-43588
< 5.16.0
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via
3.5
LOW
CVE-2023-43582
< 5.16.0
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
5.5
MEDIUM
CVE-2023-39206
< 5.16.0
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
3.7
LOW
CVE-2023-39205
< 5.16.0
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via ne
4.3
MEDIUM
CVE-2023-39204
< 5.15.10
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
4.3
MEDIUM
CVE-2023-39203
< 5.16.0
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthent
4.3
MEDIUM
CVE-2023-39202
< 5.16.0
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of serv
3.1
LOW
CVE-2023-39199
< 5.16.0
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure v
4.9
MEDIUM
CVE-2023-39215
< 5.15.5
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
7.1
HIGH
CVE-2023-39208
< 5.15.10
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a d
6.5
MEDIUM
CVE-2023-39214
< 5.15.5
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service
7.6
HIGH
CVE-2023-39213
< 5.15.2
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unau
9.6
CRITICAL
CVE-2023-39212
< 5.15.5
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of servic
7.9
HIGH
CVE-2023-39211
< 5.15.5
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticat
8.8
HIGH
CVE-2023-39210
< 5.15.0
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable
5.5
MEDIUM
CVE-2023-39209
< 5.15.5
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an informatio
5.9
MEDIUM
CVE-2023-39218
< 5.14.10
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information d
6.1
MEDIUM
CVE-2023-39217
< 5.14.10
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via netwo
5.3
MEDIUM
CVE-2023-39216
< 5.14.7
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalati
9.6
CRITICAL
CVE-2023-36541
< 5.14.5
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to
8.0
HIGH
CVE-2023-36540
< 5.14.5
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable
7.3
HIGH
CVE-2023-36535
< 5.14.10
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable informati
7.1
HIGH
CVE-2023-36534
< 5.14.7
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privi
9.3
CRITICAL
CVE-2023-36533
< 5.14.7
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via n
7.1
HIGH
CVE-2023-36532
< 5.14.5
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
5.9
MEDIUM
CVE-2023-36538
< 5.15.0
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of
8.4
HIGH
CVE-2023-36537
< 5.14.5
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalat
7.3
HIGH
CVE-2023-36536
< 5.15.0
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable
8.2
HIGH
CVE-2023-34119
< 5.15.0
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enab
8.2
HIGH
CVE-2023-34118
< 5.14.5
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalat
7.3
HIGH
CVE-2023-34116
< 5.15.0
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an
8.2
HIGH
CVE-2023-36539
all versions
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
5.3
MEDIUM
CVE-2023-34114
< 5.14.10
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated use
7.4
HIGH
CVE-2023-34121
< 5.14.0
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an auth
4.1
MEDIUM
CVE-2023-28602
< 5.13.5
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious u
2.8
LOW
CVE-2023-28601
< 5.14.0
Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulner
8.3
HIGH
CVE-2023-28600
< 5.14.0
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/re
5.2
MEDIUM
CVE-2023-28599
< 5.13.10
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display nam
4.3
MEDIUM
CVE-2023-28598
< 5.13.10
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user
7.5
HIGH
CVE-2023-28597
< 5.13.5
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording
8.3
HIGH
CVE-2023-28596
< 5.13.5
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-pr
7.8
HIGH
CVE-2023-22883
< 5.13.5
Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-
7.2
HIGH
CVE-2023-22882
< 5.13.5
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffi
6.5
MEDIUM
CVE-2023-22881
< 5.13.5
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffi
6.5
MEDIUM
CVE-2023-22880
< 5.13.3
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clie
6.8
MEDIUM
CVE-2022-36930
< 5.13.0
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged
8.8
HIGH
CVE-2022-36929
< 5.12.7
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged u
7.8
HIGH
CVE-2022-36928
< 5.13.0
Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulner
6.1
MEDIUM
CVE-2022-36927
< 5.11.3
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user
8.8
HIGH
CVE-2022-36926
< 5.11.3
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user
8.8
HIGH
CVE-2022-36925
< 5.11.4
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC b
4.4
MEDIUM
CVE-2022-36924
< 5.12.6
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged u
8.8
HIGH
CVE-2022-28768
< 5.12.6
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege esca
8.8
HIGH
CVE-2022-28766
< 5.12.6
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are
3.3
LOW
CVE-2022-28764
< 5.12.6
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local informa
3.3
LOW
CVE-2022-28763
< 5.12.2
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing v
8.8
HIGH
CVE-2022-28762
>= 5.10.6 and < 5.12.0
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port
7.3
HIGH
CVE-2022-28757
>= 5.7.3 and < 5.11.6
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulner
8.8
HIGH
CVE-2022-28752
< 5.11.0
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability.
8.8
HIGH
CVE-2022-28751
< 5.11.3
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package s
8.8
HIGH
CVE-2022-28756
>= 5.7.3 and < 5.11.5
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulner
8.8
HIGH
CVE-2022-28755
< 5.11.0
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing
9.6
CRITICAL
CVE-2022-22788
< 5.10.3
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having t
7.1
HIGH
CVE-2022-22787
< 5.10.0
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the ho
5.9
MEDIUM
CVE-2022-22786
< 5.10.0
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.
7.5
HIGH
CVE-2022-22785
< 5.10.0
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain clie
5.9
MEDIUM
CVE-2022-22784
< 5.10.0
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stan
8.1
HIGH
CVE-2022-22782
< 5.9.7
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.
7.9
HIGH
CVE-2022-22781
< 5.9.6
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package ver
7.5
HIGH
CVE-2022-22780
< 5.8.6
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android
4.7
MEDIUM
CVE-2021-34425
< 5.7.3
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forg
4.7
MEDIUM
CVE-2021-34424
< 5.8.3
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4,
7.5
HIGH
CVE-2021-34423
< 5.8.3
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve
9.8
CRITICAL
CVE-2021-34412
< 5.4.0
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launc
7.8
HIGH
CVE-2021-34411
< 5.3.0
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Intern
7.8
HIGH
CVE-2021-34409
< 5.1.0
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installatio
7.8
HIGH
CVE-2021-34408
< 5.3.2
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a p
7.8
HIGH
CVE-2021-33907
< 5.3.0
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used
9.8
CRITICAL
CVE-2021-28133
<= 5.5.4
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant n
4.3
MEDIUM
CVE-2020-6110
all versions
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shar
8.8
HIGH
CVE-2020-6109
all versions
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs.
9.8
CRITICAL
CVE-2020-11877
all versions
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption.
7.5
HIGH
CVE-2020-11876
all versions
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL
7.5
HIGH
CVE-2020-11500
<= 4.6.9
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants
7.5
HIGH
CVE-2020-11470
<= 4.6.8
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with
3.3
LOW
CVE-2020-11469
<= 4.6.8
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, whi
7.8
HIGH
CVE-2019-13567
< 4.4.53932.0709
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the
8.8
HIGH
CVE-2019-13450
<= 4.4.4
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call
6.5
MEDIUM
CVE-2019-13449
< 4.4.2
In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of
6.5
MEDIUM
CVE-2018-15715
<= 2.4.129780.0915
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and be
9.8
CRITICAL
CVE-2017-15049
< 2.0.115900.1201
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructin
8.8
HIGH
CVE-2017-15048
< 2.0.115900.1201
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin