Vulnerabilities (CVE)

Filtered by CWE-1021
Total 279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9993 1 Apple 4 Ipados, Iphone Os, Safari and 1 more 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.
CVE-2021-0314 1 Google 1 Android 2024-02-28 6.9 MEDIUM 7.3 HIGH
In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302
CVE-2021-21444 1 Sap 1 Businessobjects Business Intelligence 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.
CVE-2020-35735 1 Vidyo 1 Vidyo 2024-02-28 4.3 MEDIUM 4.7 MEDIUM
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
CVE-2021-0302 1 Google 1 Android 2024-02-28 9.3 HIGH 7.8 HIGH
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782
CVE-2020-16031 1 Google 1 Chrome 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-28218 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.
CVE-2021-21132 2 Google, Microsoft 2 Chrome, Edge Chromium 2024-02-28 6.8 MEDIUM 9.6 CRITICAL
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-0315 1 Google 1 Android 2024-02-28 4.4 MEDIUM 7.3 HIGH
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.
CVE-2020-4785 1 Ibm 1 App Connect Enterprise Certified Container 2024-02-28 4.9 MEDIUM 5.4 MEDIUM
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.
CVE-2021-1403 1 Cisco 1 Ios Xe 2024-02-28 7.1 HIGH 7.4 HIGH
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition.
CVE-2021-0331 1 Google 1 Android 2024-02-28 6.9 MEDIUM 7.3 HIGH
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783
CVE-2020-5020 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656.
CVE-2021-21139 2 Google, Microsoft 2 Chrome, Edge Chromium 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2021-0305 1 Google 1 Android 2024-02-28 9.3 HIGH 7.8 HIGH
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447
CVE-2020-0366 1 Google 1 Android 2024-02-28 6.8 MEDIUM 7.8 HIGH
In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138443815
CVE-2020-4727 1 Ibm 1 Infosphere Information Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2021-23955 1 Mozilla 1 Firefox 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.
CVE-2020-16032 1 Google 1 Chrome 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-9942 1 Apple 2 Mac Os X, Safari 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.