Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20226 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 3.9 LOW |
| In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870 | |||||
| CVE-2022-20212 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630 | |||||
| CVE-2022-1803 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 4.9 MEDIUM | 6.9 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-1138 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0455 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0110 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-46708 | 1 Smartbear | 1 Swagger-ui-dist | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2021-44683 | 1 Duckduckgo | 1 Duckduckgo | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
| The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site. | |||||
| CVE-2021-43546 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-43048 | 1 Tibco | 1 Partnerexpress | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. | |||||
| CVE-2021-41657 | 1 Smartbear | 1 Collaborator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | |||||
| CVE-2021-40834 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. | |||||
| CVE-2021-3799 | 1 Getgrav | 1 Grav-plugin-admin | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames | |||||
| CVE-2021-3734 | 1 Yourls | 1 Yourls | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | |||||
| CVE-2021-3731 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. | |||||
| CVE-2021-3660 | 2 Cockpit-project, Redhat | 2 Cockpit, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. | |||||
| CVE-2021-39796 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 | |||||
| CVE-2021-39702 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380 | |||||
| CVE-2021-39692 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 | |||||
| CVE-2021-39691 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 | |||||