Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-0487 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0 In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. | 7.8 |
| 2021-05-20 | CVE-2021-27467 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Emerson products A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. | 6.1 |
| 2021-05-14 | CVE-2021-22866 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Github Enterprise Server A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. | 8.8 |
| 2021-04-13 | CVE-2021-0446 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0 In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. | 7.3 |
| 2021-04-13 | CVE-2021-0438 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0 In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. | 7.8 |
| 2021-04-13 | CVE-2021-0433 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. | 8.0 |
| 2021-03-24 | CVE-2021-1403 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. | 7.4 |
| 2021-03-23 | CVE-2021-23274 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Tibco products The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. | 9.8 |
| 2021-03-10 | CVE-2021-0386 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0 In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. | 7.8 |
| 2021-03-10 | CVE-2021-0391 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. | 7.8 |