Vulnerabilities > Zscaler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2021-26735 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. | 7.8 |
| 2023-10-23 | CVE-2021-26736 | Path Traversal vulnerability in Zscaler Client Connector Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. | 7.8 |
| 2023-10-23 | CVE-2021-26737 | Origin Validation Error vulnerability in Zscaler Client Connector The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. | 4.7 |
| 2023-10-23 | CVE-2021-26738 | Untrusted Search Path vulnerability in Zscaler Client Connector Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. | 7.8 |
| 2023-10-23 | CVE-2023-28793 | Out-of-bounds Write vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28795 | Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. | 7.8 |
| 2023-10-23 | CVE-2023-28796 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |
| 2023-10-23 | CVE-2023-28803 | Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. | 6.5 |
| 2023-10-23 | CVE-2023-28804 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 5.3 |