Vulnerabilities > Zscaler > Client Connector

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2021-26736 Path Traversal vulnerability in Zscaler Client Connector
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path.
local
low complexity
zscaler CWE-22
7.8
2023-10-23 CVE-2021-26737 Origin Validation Error vulnerability in Zscaler Client Connector
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients.
local
high complexity
zscaler CWE-346
4.7
2023-10-23 CVE-2021-26738 Untrusted Search Path vulnerability in Zscaler Client Connector
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable.
local
low complexity
zscaler CWE-426
7.8
2023-10-23 CVE-2023-28793 Out-of-bounds Write vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection.
local
low complexity
zscaler CWE-787
7.8
2023-10-23 CVE-2023-28795 Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process.
local
low complexity
zscaler CWE-346
7.8
2023-10-23 CVE-2023-28796 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection.
local
low complexity
zscaler CWE-347
7.8
2023-10-23 CVE-2023-28797 Link Following vulnerability in Zscaler Client Connector
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk.
local
low complexity
zscaler CWE-59
7.3
2023-10-23 CVE-2023-28803 Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.
low complexity
zscaler CWE-290
6.5
2023-10-23 CVE-2023-28804 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
network
low complexity
zscaler CWE-347
5.3
2023-10-23 CVE-2023-28805 Unspecified vulnerability in Zscaler Client Connector
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation.
network
low complexity
zscaler
critical
9.8