CWE:
 

Tytuł
Data
Autor
Low
Bello WordPress Theme <= 1.5.9 - Authenticated XFS
17.05.2021
m0ze


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-09-08
Waiting for details
CVE-2022-3167

Updating...
 

 
Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.

 
2022-08-23
Waiting for details
CVE-2022-2965

Updating...
 

 
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.

 
2022-08-09
Waiting for details
CVE-2022-2734

Updating...
 

 
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

 
2022-07-13
Medium
CVE-2022-20212

Vendor: Google
Software: Android
 

 
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630

 
2022-07-07
Low
CVE-2022-28889

Vendor: Apache
Software: Druid
 

 
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

 
2022-06-24
Medium
CVE-2021-29865

Updating...
 

 
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.

 
2022-04-12
Medium
CVE-2021-39796

Vendor: Google
Software: Android
 

 
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291

 
2022-03-25
Medium
CVE-2021-44683

Vendor: Duckduckgo
Software: Duckduckgo
 

 
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.

 
2022-03-16
High
CVE-2021-39692

Vendor: Google
Software: Android
 

 
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539

 
High
CVE-2021-39702

Vendor: Google
Software: Android
 

 
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380

 

 


Copyright 2022, cxsecurity.com

 

Back to Top