RSS   Vulnerabilities for 'Meetings'   RSS

2022-02-09
 
CVE-2022-22780

CWE-400
 

 
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

 
2020-04-03
 
CVE-2020-11500

CWE-327
 

 
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.

 
2020-04-01
 
CVE-2020-11470

CWE-862
 

 
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.

 
 
CVE-2020-11469

CWE-269
 

 
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.

 

 >>> Vendor: ZOOM 29 Products
Model 5560 x3 ethernet adsl modem
Zoom cloud meetings
ZOOM
Client
Meetings
Sharing service
Call recording
Zoom client for meetings
Zoom on-premise meeting connector controller
Zoom on-premise meeting connector mmr
Zoom on-premise recording connector
Zoom on-premise virtual room connector
Zoom on-premise virtual room connector load balancer
Meetings for chrome os
Virtual desktop infrastructure
Android meeting sdk
Iphone os meeting sdk
Macos meeting sdk
Windows meeting sdk
Android video sdk
Iphone os video sdk
Macos video sdk
Windows video sdk
Hybrid mmr
Hybrid zproxy
Vdi azure virtual desktop
Vdi citrix
Vdi vmware
Vdi windows meeting client


Copyright 2022, cxsecurity.com

 

Back to Top