Total
245 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27467 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information. | |||||
CVE-2021-0333 | 1 Google | 1 Android | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491 | |||||
CVE-2020-35735 | 1 Vidyo | 1 Vidyo | 2023-12-10 | 4.3 MEDIUM | 4.7 MEDIUM |
Vidyo 02-09-/D allows clickjacking via the portal/ URI. | |||||
CVE-2020-16031 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2021-27375 | 1 Containous | 1 Traefik | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. | |||||
CVE-2021-0391 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550 | |||||
CVE-2020-4727 | 1 Ibm | 1 Infosphere Information Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
CVE-2020-6547 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. | |||||
CVE-2021-23976 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. | |||||
CVE-2021-0314 | 1 Google | 1 Android | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302 | |||||
CVE-2021-1403 | 1 Cisco | 1 Ios Xe | 2023-12-10 | 7.1 HIGH | 7.4 HIGH |
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition. | |||||
CVE-2021-0386 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110 | |||||
CVE-2020-9993 | 1 Apple | 4 Ipados, Iphone Os, Safari and 1 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2021-21444 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack. | |||||
CVE-2020-9942 | 1 Apple | 2 Mac Os X, Safari | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2020-28218 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. | |||||
CVE-2020-5020 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656. | |||||
CVE-2021-0305 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447 | |||||
CVE-2020-26962 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83. | |||||
CVE-2021-23274 | 1 Tibco | 2 Api Exchange Gateway, Api Exchange Gateway Distribution | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below. |