Zoom : Security Vulnerabilities, CVEs, Published In 2020 (Directory traversal) CVSS score >= 3

CVE-2020-6110

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.
Max CVSS
8.8
EPSS Score
0.25%
Published
2020-06-08
Updated
2022-05-12

CVE-2020-6109

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.
Max CVSS
9.8
EPSS Score
0.77%
Published
2020-06-08
Updated
2022-05-12
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close