Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2021-0331 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. | 6.9 |
| 2021-02-10 | CVE-2021-0314 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0 In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. | 6.9 |
| 2021-02-10 | CVE-2021-0305 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. | 9.3 |
| 2021-02-10 | CVE-2021-0302 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. | 9.3 |
| 2021-02-09 | CVE-2021-21444 | Improper Restriction of Rendered UI Layers or Frames vulnerability in SAP Businessobjects Business Intelligence 410/420/430 SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. | 5.8 |
| 2021-02-09 | CVE-2021-21139 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2021-02-09 | CVE-2021-21132 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | 6.8 |
| 2021-01-27 | CVE-2020-4547 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. | 3.5 |
| 2021-01-11 | CVE-2021-0315 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. | 4.4 |
| 2021-01-08 | CVE-2021-21111 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |