Total
243 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45418 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | N/A | 6.1 MEDIUM |
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
CVE-2022-32517 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
CVE-2022-20442 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.3 HIGH |
In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367 | |||||
CVE-2022-20213 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 | |||||
CVE-2022-20553 | 1 Google | 1 Android | 2023-12-10 | N/A | 6.5 MEDIUM |
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265 | |||||
CVE-2022-46695 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 6.5 MEDIUM |
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
CVE-2022-20215 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206 | |||||
CVE-2023-1362 | 1 Bumsys Project | 1 Bumsys | 2023-12-10 | N/A | 6.1 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2. | |||||
CVE-2022-3260 | 1 Redhat | 1 Openshift | 2023-12-10 | N/A | 4.8 MEDIUM |
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. | |||||
CVE-2022-34318 | 1 Ibm | 1 Cics Tx | 2023-12-10 | N/A | 6.1 MEDIUM |
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461. | |||||
CVE-2023-20913 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 | |||||
CVE-2022-46061 | 1 Aerocms Project | 1 Aerocms | 2023-12-10 | N/A | 6.1 MEDIUM |
AeroCMS v0.0.1 is vulnerable to ClickJacking. | |||||
CVE-2023-0780 | 1 Agentejo | 1 Cockpit | 2023-12-10 | N/A | 5.4 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. | |||||
CVE-2022-45420 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | N/A | 6.5 MEDIUM |
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
CVE-2022-45417 | 1 Mozilla | 1 Firefox | 2023-12-10 | N/A | 4.3 MEDIUM |
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107. | |||||
CVE-2022-32891 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2023-12-10 | N/A | 6.1 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
CVE-2022-28286 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | N/A | 5.4 MEDIUM |
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | |||||
CVE-2022-40268 | 1 Mitsubishielectric | 5 Gt25, Gt25 Firmware, Gt27 and 2 more | 2023-12-10 | N/A | 4.7 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. | |||||
CVE-2022-45096 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | N/A | 6.5 MEDIUM |
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | |||||
CVE-2022-20520 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 |