EUVD-2023-46428

Malicious code in bioql PyPI...

EUVD-2023-46432

Malicious code in bioql PyPI...

EUVD-2023-46431

Malicious code in bioql PyPI...

CVE-2023-41972

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41973

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41973

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41972

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41969

An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later...

CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41973

The CVE-2023-41973 affects Zscaler Client Connector (ZSATray) on Windows, where a config parameter previousInstallerName is passed to TrayManager. TrayManager then constructs a path by appending this value, enabling a potential path construction/assembly issue that can lead to executing a crafted...

CVE-2023-41972 Revert password check incorrect type validation

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41972

The CVE-2023-41972 issue affects Zscaler Client Connector/Win ZApp where a password-type validation is missing in the Revert Password check, and in some features this check could be disabled. Connected sources confirm vulnerable versions are prior to 4.3.0.121 and that the fixed version is 4.3.0....

CVE-2023-41969

The CVE-2023-41969 entry describes an arbitrary file deletion vulnerability in ZSATrayManager used by Zscaler Client Connector (Win ZApp). Affected component is ZSATrayManager within Zscaler ZApp prior to version 4.3.0; the underlying issue is that it protects the temporary encrypted ZApp issue r...

PT-2024-13022 · Win Zapp · Win Zapp

Name of the Vulnerable Software and Affected Versions: Win ZApp versions prior to 4.3.0 Description: The issue is related to an arbitrary file deletion in ZSATrayManager, which is responsible for protecting the temporary encrypted ZApp issue reporting file from unprivileged end user access and...

PT-2024-13025 · Win Zapp · Win Zapp

Name of the Vulnerable Software and Affected Versions: Win ZApp versions prior to 4.3.0.121 Description: The issue is related to a missing password type validation in the Revert Password check. This could be disabled for some features, potentially leading to security issues. Recommendations: For...