Vendor
Zoom Video Communications, Inc.
Products
11
CVEs
31
Across products
31
Status
Private
Products
11- 7 CVEs
- 6 CVEs
- 5 CVEs
- 4 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
31| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-30666 | 0.00 | — | 0.00 | May 14, 2025 | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2025-30665 | 0.00 | — | 0.00 | May 14, 2025 | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2025-30671 | 0.00 | — | 0.00 | Apr 8, 2025 | Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2025-30670 | 0.00 | — | 0.00 | Apr 8, 2025 | Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2025-27443 | 0.00 | — | 0.00 | Apr 8, 2025 | Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access. | ||
| CVE-2025-0145 | 0.00 | — | 0.00 | Jan 30, 2025 | Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. | ||
| CVE-2025-0143 | 0.00 | — | 0.00 | Jan 30, 2025 | Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access. | ||
| CVE-2024-39819 | 0.00 | — | 0.00 | Jul 15, 2024 | Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. | ||
| CVE-2024-24694 | 0.00 | — | 0.00 | Apr 9, 2024 | Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2023-39209 | 0.00 | — | 0.00 | Aug 8, 2023 | Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | ||
| CVE-2023-39216 | 0.00 | — | 0.00 | Aug 8, 2023 | Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | ||
| CVE-2023-36534 | 0.00 | — | 0.01 | Aug 8, 2023 | Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | ||
| CVE-2023-36541 | 0.00 | — | 0.00 | Aug 8, 2023 | Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. | ||
| CVE-2023-36540 | 0.00 | — | 0.00 | Aug 8, 2023 | Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||
| CVE-2023-34116 | 0.00 | — | 0.00 | Jul 11, 2023 | Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | ||
| CVE-2023-28603 | 0.00 | — | 0.00 | Jun 13, 2023 | Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | ||
| CVE-2023-22881 | 0.00 | — | 0.01 | Mar 16, 2023 | Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||
| CVE-2023-22882 | 0.00 | — | 0.01 | Mar 16, 2023 | Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||
| CVE-2022-28766 | 0.00 | — | 0.00 | Nov 17, 2022 | Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. | ||
| CVE-2022-28750 | 0.00 | — | 0.01 | Aug 11, 2022 | Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code. |