Vulnerabilities > Zscaler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2021-26734 | Unspecified vulnerability in Zscaler Client Connector Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. | 5.5 |
| 2023-10-23 | CVE-2021-26735 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. | 7.8 |
| 2023-10-23 | CVE-2021-26736 | Path Traversal vulnerability in Zscaler Client Connector Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. | 7.8 |
| 2023-10-23 | CVE-2021-26737 | Origin Validation Error vulnerability in Zscaler Client Connector The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. | 4.7 |
| 2023-10-23 | CVE-2021-26738 | Untrusted Search Path vulnerability in Zscaler Client Connector 3.6 Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. | 7.8 |
| 2023-10-23 | CVE-2023-28793 | Out-of-bounds Write vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28795 | Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. | 7.8 |
| 2023-10-23 | CVE-2023-28796 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |
| 2023-10-23 | CVE-2023-28803 | Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. | 6.5 |