Vulnerabilities (CVE)

Filtered by vendor Zscaler Subscribe
Filtered by product Client Connector
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26738 1 Zscaler 1 Client Connector 2024-02-28 N/A 7.8 HIGH
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.
CVE-2021-26735 1 Zscaler 1 Client Connector 2024-02-28 N/A 7.8 HIGH
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.
CVE-2020-11634 1 Zscaler 1 Client Connector 2024-02-28 6.9 MEDIUM 7.8 HIGH
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context.
CVE-2020-11633 1 Zscaler 1 Client Connector 2024-02-28 10.0 HIGH 9.8 CRITICAL
The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.
CVE-2020-11632 1 Zscaler 1 Client Connector 2024-02-28 7.2 HIGH 7.8 HIGH
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
CVE-2020-11635 1 Zscaler 1 Client Connector 2024-02-28 7.2 HIGH 7.8 HIGH
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.