Vulnerabilities for Meetings (...) - CXSECURITY.COM

Vulnerabilities for 'Meetings'

2022-02-09

CVE-2022-22780

CWE-400

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

2020-04-03

CVE-2020-11500

CWE-327

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.

2020-04-01

CVE-2020-11470

CWE-862

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.

CVE-2020-11469

CWE-269

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.

>>> Vendor: ZOOM 29 Products

Model 5560 x3 ethernet adsl modem

Zoom cloud meetings

Sharing service

Zoom client for meetings

Zoom on-premise meeting connector controller

Zoom on-premise meeting connector mmr

Zoom on-premise recording connector

Zoom on-premise virtual room connector

Zoom on-premise virtual room connector load balancer

Meetings for chrome os

Virtual desktop infrastructure

Android meeting sdk

Iphone os meeting sdk

Macos meeting sdk

Windows meeting sdk

Android video sdk

Iphone os video sdk

Macos video sdk

Windows video sdk

Vdi azure virtual desktop

Vdi windows meeting client

Copyright 2024, cxsecurity.com