Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26737 | 1 Zscaler | 1 Client Connector | 2023-10-27 | N/A | 4.7 MEDIUM |
| The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. | |||||
| CVE-2021-26734 | 1 Zscaler | 1 Client Connector | 2023-10-27 | N/A | 5.5 MEDIUM |
| Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. | |||||
| CVE-2021-26735 | 1 Zscaler | 1 Client Connector | 2023-10-27 | N/A | 7.8 HIGH |
| The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | |||||
| CVE-2020-11634 | 1 Zscaler | 1 Client Connector | 2021-07-27 | 6.9 MEDIUM | 7.8 HIGH |
| The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. | |||||
| CVE-2020-11632 | 1 Zscaler | 1 Client Connector | 2021-07-27 | 7.2 HIGH | 7.8 HIGH |
| The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | |||||
| CVE-2020-11633 | 1 Zscaler | 1 Client Connector | 2021-07-27 | 10.0 HIGH | 9.8 CRITICAL |
| The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges. | |||||
| CVE-2020-11635 | 1 Zscaler | 1 Client Connector | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | |||||