Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20443 | 1 Google | 1 Android | 2024-02-04 | N/A | 7.8 HIGH |
| In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194480991 | |||||
| CVE-2022-46061 | 1 Aerocms Project | 1 Aerocms | 2024-02-04 | N/A | 6.1 MEDIUM |
| AeroCMS v0.0.1 is vulnerable to ClickJacking. | |||||
| CVE-2022-32517 | 2024-02-04 | N/A | 6.5 MEDIUM | ||
| A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
| CVE-2022-32891 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2024-02-04 | N/A | 6.1 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
| CVE-2023-1362 | 1 Bumsys Project | 1 Bumsys | 2024-02-04 | N/A | 6.1 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2. | |||||
| CVE-2023-0780 | 1 Agentejo | 1 Cockpit | 2024-02-04 | N/A | 5.4 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. | |||||
| CVE-2022-20501 | 1 Google | 1 Android | 2024-02-04 | N/A | 7.3 HIGH |
| In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359 | |||||
| CVE-2022-3260 | 1 Redhat | 1 Openshift | 2024-02-04 | N/A | 4.8 MEDIUM |
| The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. | |||||
| CVE-2022-34318 | 1 Ibm | 1 Cics Tx | 2024-02-04 | N/A | 6.1 MEDIUM |
| IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461. | |||||
| CVE-2022-46695 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-04 | N/A | 6.5 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
| CVE-2022-20442 | 1 Google | 1 Android | 2024-02-04 | N/A | 7.3 HIGH |
| In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367 | |||||
| CVE-2022-20520 | 1 Google | 1 Android | 2024-02-04 | N/A | 7.8 HIGH |
| In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 | |||||
| CVE-2022-20553 | 1 Google | 1 Android | 2024-02-04 | N/A | 6.5 MEDIUM |
| In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265 | |||||
| CVE-2022-20213 | 1 Google | 1 Android | 2024-02-04 | N/A | 5.5 MEDIUM |
| In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 | |||||
| CVE-2022-2179 | 1 Rockwellautomation | 4 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 1 more | 2024-02-04 | N/A | 6.5 MEDIUM |
| The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. | |||||
| CVE-2022-2965 | 1 Notrinos | 1 Notrinoserp | 2024-02-04 | N/A | 4.3 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
| CVE-2022-34162 | 1 Ibm | 1 Cics Tx | 2024-02-04 | N/A | 6.1 MEDIUM |
| IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. | |||||
| CVE-2022-20331 | 1 Google | 1 Android | 2024-02-04 | N/A | 7.8 HIGH |
| In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181785557 | |||||
| CVE-2022-3167 | 1 Ikus-soft | 1 Rdiffweb | 2024-02-04 | N/A | 8.8 HIGH |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. | |||||
| CVE-2022-22503 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2024-02-04 | N/A | 6.1 MEDIUM |
| IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. | |||||