Total
313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0051 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138442483 | |||||
| CVE-2020-0014 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 | |||||
| CVE-2019-9147 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed. | |||||
| CVE-2019-8771 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
| CVE-2019-7393 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | |||||
| CVE-2019-5861 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | |||||
| CVE-2019-5767 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Android and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | |||||
| CVE-2019-5243 | 1 Huawei | 2 Hg255s, Hg255s Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability. | |||||
| CVE-2019-4742 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877. | |||||
| CVE-2019-4548 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | |||||
| CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | |||||
| CVE-2019-4285 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. | |||||
| CVE-2019-4217 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. | |||||
| CVE-2019-4215 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186. | |||||
| CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | |||||
| CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | |||||
| CVE-2019-4058 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. | |||||
| CVE-2019-3794 | 1 Pivotal Software | 1 Cloud Foundry Uaa | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. | |||||
| CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | |||||
| CVE-2019-2125 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132275252. | |||||