Vulnerabilities > Zscaler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2023-28807 | Improper Certificate Validation vulnerability in Zscaler Secure Internet and Saas Access In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic. | 7.5 |
| 2023-11-21 | CVE-2023-28802 | Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. | 5.4 |
| 2023-11-06 | CVE-2023-28794 | Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. | 6.5 |
| 2023-10-23 | CVE-2021-26734 | Unspecified vulnerability in Zscaler Client Connector Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. | 5.5 |
| 2023-10-23 | CVE-2021-26735 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. | 7.8 |
| 2023-10-23 | CVE-2021-26736 | Path Traversal vulnerability in Zscaler Client Connector Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. | 7.8 |
| 2023-10-23 | CVE-2021-26737 | Origin Validation Error vulnerability in Zscaler Client Connector The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. | 4.7 |
| 2023-10-23 | CVE-2021-26738 | Untrusted Search Path vulnerability in Zscaler Client Connector Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. | 7.8 |
| 2023-10-23 | CVE-2023-28793 | Out-of-bounds Write vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28795 | Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. | 7.8 |