Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-31324 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. | 7.3 |
| 2024-07-09 | CVE-2024-2177 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Gitlab A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. | 6.8 |
| 2024-06-11 | CVE-2024-5698 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. | 6.1 |
| 2024-05-15 | CVE-2024-4950 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 6.5 |
| 2024-03-13 | CVE-2024-28196 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Yooooomi Your Spotify your_spotify is an open source, self hosted Spotify tracking dashboard. | 6.1 |
| 2024-02-20 | CVE-2024-1550 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. | 6.1 |
| 2024-02-10 | CVE-2023-45698 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime Chat and Meetings Sametime is impacted by lack of clickjacking protection in Outlook add-in. | 6.1 |
| 2024-02-06 | CVE-2024-20810 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Samsung Android 12.0/13.0 Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. | 3.3 |
| 2024-01-10 | CVE-2022-32919 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apple Ipados The issue was addressed with improved UI handling. | 4.7 |
| 2023-12-31 | CVE-2023-6093 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Oncell G3150A-Lte Firmware 1.3 A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. | 6.1 |