Vulnerabilities > Zscaler > Client Connector > 1.3.1

DATE CVE VULNERABILITY TITLE RISK
2024-05-06 CVE-2024-3661 Missing Authentication for Critical Function vulnerability in multiple products
DHCP can add routes to a client’s routing table via the classless static route option (121). 		7.6
7.6
2023-11-06 CVE-2023-28794 Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.
network
low complexity
zscaler CWE-346
6.5
6.5
2023-10-23 CVE-2023-28793 Out-of-bounds Write vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection.
local
low complexity
zscaler CWE-787
7.8
7.8
2023-10-23 CVE-2023-28795 Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process.
local
low complexity
zscaler CWE-346
7.8
7.8
2023-10-23 CVE-2023-28796 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection.
local
low complexity
zscaler CWE-347
7.8
7.8
2023-10-23 CVE-2023-28804 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
network
low complexity
zscaler CWE-347
5.3
5.3
2023-10-23 CVE-2023-28805 Unspecified vulnerability in Zscaler Client Connector
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation.
network
low complexity
zscaler
critical
 9.8
9.8
2023-06-22 CVE-2023-28799 Open Redirect vulnerability in Zscaler Client Connector
A URL parameter during login flow was vulnerable to injection.
network
low complexity
zscaler CWE-601
6.1
6.1
2023-06-22 CVE-2023-28800 Cross-site Scripting vulnerability in Zscaler Client Connector
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
network
low complexity
zscaler CWE-79
6.1
6.1