Total
280 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-0433 | 1 Google | 1 Android | 2024-11-21 | 5.4 MEDIUM | 8.0 HIGH |
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090 | |||||
CVE-2021-0391 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550 | |||||
CVE-2021-0386 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110 | |||||
CVE-2021-0333 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491 | |||||
CVE-2021-0331 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783 | |||||
CVE-2021-0315 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814. | |||||
CVE-2021-0314 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302 | |||||
CVE-2021-0305 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447 | |||||
CVE-2021-0302 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782 | |||||
CVE-2020-9993 | 1 Apple | 4 Ipados, Iphone Os, Safari and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2020-9987 | 1 Apple | 1 Safari | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2020-9945 | 1 Apple | 2 Mac Os X, Safari | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2020-9942 | 1 Apple | 2 Mac Os X, Safari | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | |||||
CVE-2020-9444 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | |||||
CVE-2020-7705 | 1 Mintegral | 1 Mintegraladsdk | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. | |||||
CVE-2020-7371 | 1 Raiseitsolutions | 1 Rits Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions. | |||||
CVE-2020-6827 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | |||||
CVE-2020-6547 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. | |||||
CVE-2020-5679 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted. |