Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-38508 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission.
network
low complexity
mozilla debian CWE-1021
4.3
2021-12-08 CVE-2021-38509 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing.
network
low complexity
mozilla debian CWE-1021
4.3
2021-12-08 CVE-2021-43546 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.
network
low complexity
mozilla debian CWE-1021
4.3
2021-11-16 CVE-2021-43048 Improper Restriction of Rendered UI Layers or Frames vulnerability in Tibco Partnerexpress
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system.
network
low complexity
tibco CWE-1021
critical
9.8
2021-10-29 CVE-2021-35237 Improper Restriction of Rendered UI Layers or Frames vulnerability in Solarwinds Kiwi Syslog Server
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking.
network
low complexity
solarwinds CWE-1021
4.3
2021-10-19 CVE-2021-38472 Improper Restriction of Rendered UI Layers or Frames vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes.
network
low complexity
inhandnetworks CWE-1021
4.7
2021-10-12 CVE-2021-27003 Improper Restriction of Rendered UI Layers or Frames vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
network
low complexity
netapp CWE-1021
4.7
2021-10-11 CVE-2021-0583 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/9.0
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack.
local
low complexity
google CWE-1021
7.3
2021-10-08 CVE-2021-37971 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-1021
4.3
2021-10-06 CVE-2021-0598 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack.
local
low complexity
google CWE-1021
7.3