Filtered by vendor Zscaler
Subscriptions
Filtered by product Client Connector
Subscriptions
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54983 | 2 Microsoft, Zscaler | 2 Windows, Client Connector | 2025-11-12 | 5.2 Medium |
| A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls. | ||||
| CVE-2023-41969 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later. | ||||
| CVE-2023-41972 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later. | ||||
| CVE-2023-41973 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. | ||||
| CVE-2024-23482 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7 High |
| The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later. | ||||
| CVE-2024-31127 | 1 Zscaler | 1 Client Connector | 2025-07-13 | 7.3 High |
| An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. | ||||
| CVE-2024-23459 | 1 Zscaler | 1 Client Connector | 2025-07-13 | 7.1 High |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7. | ||||
| CVE-2023-41971 | 1 Zscaler | 1 Client Connector | 2025-07-12 | 5.3 Medium |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7. | ||||
| CVE-2024-23457 | 1 Zscaler | 1 Client Connector | 2025-07-12 | 7.8 High |
| The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209 | ||||
| CVE-2024-23480 | 1 Zscaler | 1 Client Connector | 2025-07-12 | 7.5 High |
| A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2. | ||||
| CVE-2024-23462 | 1 Zscaler | 1 Client Connector | 2025-07-12 | 3.3 Low |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4. | ||||
| CVE-2024-23461 | 1 Zscaler | 1 Client Connector | 2025-07-12 | 4.2 Medium |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4. | ||||
| CVE-2024-23463 | 1 Zscaler | 1 Client Connector | 2025-07-12 | 8.8 High |
| Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1 | ||||
| CVE-2021-26735 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 6.7 Medium |
| The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | ||||
| CVE-2021-26736 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 6.7 Medium |
| Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. | ||||
| CVE-2021-26738 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 7.8 High |
| Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. | ||||
| CVE-2023-28793 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 7.8 High |
| Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | ||||
| CVE-2023-28795 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 7.8 High |
| Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | ||||
| CVE-2023-28796 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 7.1 High |
| Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | ||||
| CVE-2023-28797 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 6.3 Medium |
| Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. | ||||