VYPR

Zoom Client

by Zoom Video Communications, Inc.

CVEs (15)

  • CVE-2020-6109CriJun 8, 2020
    risk 0.64cvss 9.8epss 0.05

    An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An…

  • CVE-2020-6110HigJun 8, 2020
    risk 0.58cvss 8.8epss 0.04

    An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution.…

  • CVE-2019-13567HigJul 12, 2019
    risk 0.58cvss 8.8epss 0.04

    The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute…

  • CVE-2019-13450MedJul 9, 2019
    risk 0.43cvss 6.5epss 0.04

    In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a…

  • CVE-2019-13449MedJul 9, 2019
    risk 0.42cvss 6.5epss 0.02

    In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.

  • CVE-2025-62483Nov 13, 2025
    risk 0.00cvss epss 0.00

    Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.

  • CVE-2025-30669Nov 13, 2025
    risk 0.00cvss epss 0.00

    Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.

  • CVE-2025-64739Nov 13, 2025
    risk 0.00cvss epss 0.00

    External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.

  • CVE-2025-58133Oct 15, 2025
    risk 0.00cvss epss 0.00

    Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.

  • CVE-2025-58132Oct 15, 2025
    risk 0.00cvss epss 0.02

    Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.

  • CVE-2025-49462Jul 10, 2025
    risk 0.00cvss epss 0.00

    Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

  • CVE-2024-42441Aug 14, 2024
    risk 0.00cvss epss 0.00

    Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

  • CVE-2024-42440Aug 14, 2024
    risk 0.00cvss epss 0.00

    Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

  • CVE-2024-27247Apr 9, 2024
    risk 0.00cvss epss 0.00

    Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.

  • CVE-2024-24693Mar 13, 2024
    risk 0.00cvss epss 0.00

    Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.