Meetings Security Vulnerabilities and Issues — Meetings CVE List

Lucene search

ZoomMeetings

5 matches found

CVE•added 2020/04/03 1:15 p.m.•130 views

CVE-2020-11500

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.

7.5CVSS7.5AI score0.00508EPSS

CVE•added 2020/04/17 4:15 p.m.•100 views

CVE-2020-11876

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code

7.5CVSS7.6AI score0.00166EPSS

CVE•added 2020/04/17 4:15 p.m.•96 views

CVE-2020-11877

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code

7.5CVSS7.6AI score0.00289EPSS

CVE•added 2020/04/01 10:15 p.m.•73 views

CVE-2020-11470

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.

3.3CVSS4.5AI score0.00076EPSS

CVE•added 2020/04/01 10:15 p.m.•69 views

CVE-2020-11469

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.

7.8CVSS7.2AI score0.00139EPSS