What is the Zoom CNA?
Zoom is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 212 CVE records since 2021.
How many CVEs has Zoom published?
Zoom has published 212 CVE records, including 100 in the last two years.
What is Zoom's CVE data quality grade?
RadicalNotion.AI grades Zoom's CVE data quality as A, with an overall completeness score of 94.1%. This reflects how consistently its CVE records include vendor (95.8%), product (100%), CVSS (95.8%), and CWE (84.9%) information.
What products does Zoom publish CVEs for?
Zoom most frequently publishes CVEs for rooms, meeting software development kit, workplace desktop, workplace virtual desktop infrastructure, zoom.
Which vendors does Zoom cover?
Zoom publishes CVEs across 7 distinct vendors, most often zoom, Zoom Video Communications, Inc., Zoom Video Communications Inc, Zoom Communications, Inc, Zoom Communications Inc..
Is Zoom actively publishing CVEs?
Zoom is currently active, based on 100 CVEs in the last two years.
What is the average severity of Zoom's CVEs?
The average CVSS base score across Zoom's scored CVEs is 6.4.
How many critical CVEs has Zoom published?
Zoom has published 8 critical-severity CVEs and 79 high-severity CVEs.
Are any of Zoom's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of Zoom's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in Zoom's CVEs?
Zoom's CVEs most often map to these CWE weakness types: CWE-426 (Untrusted Search Path), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-347 (Improper Verification of Cryptographic Signature), CWE-20 (Improper Input Validation).
How does Zoom rank among CNAs?
By total CVE volume, Zoom ranks #81 of 370 CNAs, and it reports more complete CVE records than 41% of all CNAs.
