| 2023-01-30 | CVE-2022-32517 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Schneider-Electric Conext Combox Firmware
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. | 6.5 |
| 2023-01-26 | CVE-2023-20913 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. | 7.8 |
| 2023-01-26 | CVE-2022-20213 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. | 5.5 |
| 2023-01-26 | CVE-2022-20214 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. | 4.7 |
| 2023-01-26 | CVE-2022-20215 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. | 5.5 |
| 2023-01-05 | CVE-2023-0057 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. | 6.1 |
| 2022-12-22 | CVE-2022-28286 | Due to a layout change, iframe contents could have been rendered outside of its border. | 5.4 |
| 2022-12-22 | CVE-2022-29911 | An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. | 6.1 |
| 2022-12-22 | CVE-2022-3034 | When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. | 4.3 |
| 2022-12-22 | CVE-2022-45417 | Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. | 4.3 |