Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-08 | CVE-2018-1853 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Spectrum Protect Backup-Archive Client IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2019-02-28 | CVE-2018-18496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. | 6.8 |
| 2019-02-19 | CVE-2019-5767 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | 6.5 |
| 2019-01-09 | CVE-2018-16172 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cybozu Remote Service Manager Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. | 5.8 |
| 2019-01-09 | CVE-2018-6178 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. | 4.3 |
| 2018-12-19 | CVE-2018-17192 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. | 4.3 |
| 2018-12-13 | CVE-2018-1803 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2018-11-14 | CVE-2018-9524 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. | 6.9 |
| 2018-11-06 | CVE-2018-9458 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 8.0/8.1 In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. | 6.8 |
| 2018-11-01 | CVE-2018-6909 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Rainmachine web Application A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | 4.3 |