Total
279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0780 | 1 Agentejo | 1 Cockpit | 2024-02-28 | N/A | 5.4 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. | |||||
CVE-2022-3034 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | N/A | 4.3 MEDIUM |
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. | |||||
CVE-2023-0057 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2024-02-28 | N/A | 6.1 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. | |||||
CVE-2022-20214 | 1 Google | 1 Android | 2024-02-28 | N/A | 4.7 MEDIUM |
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 | |||||
CVE-2022-32517 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
CVE-2022-45418 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 6.1 MEDIUM |
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
CVE-2022-20213 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 | |||||
CVE-2022-32891 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2024-02-28 | N/A | 6.1 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
CVE-2022-3260 | 1 Redhat | 1 Openshift | 2024-02-28 | N/A | 4.8 MEDIUM |
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. | |||||
CVE-2022-20215 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206 | |||||
CVE-2022-45420 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 6.5 MEDIUM |
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
CVE-2022-20520 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 | |||||
CVE-2022-46695 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-28 | N/A | 6.5 MEDIUM |
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
CVE-2023-20913 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 | |||||
CVE-2022-20226 | 1 Google | 1 Android | 2024-02-28 | 3.3 LOW | 3.9 LOW |
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870 | |||||
CVE-2022-34162 | 1 Ibm | 1 Cics Tx | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. | |||||
CVE-2022-28889 | 1 Apache | 1 Druid | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header. | |||||
CVE-2022-22503 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. | |||||
CVE-2022-20212 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630 | |||||
CVE-2022-42799 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-02-28 | N/A | 6.1 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. |