Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnome gnome-shell vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48634
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reaso...
NA
CVE-2023-43090
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Gnome Gnome-shell
Gnome Gnome-shell 42
Fedoraproject Fedora 37
Fedoraproject Fedora 38
2.1
CVSSv2
CVE-2021-3982
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler prior...
Gnome Gnome-shell -
3.6
CVSSv2
CVE-2021-20315
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to k...
Gnome Gnome-shell
Centos Stream 8
2.6
CVSSv2
CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller up to and including 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue e...
Gnome File-roller
Fedoraproject Fedora 34
2.1
CVSSv2
CVE-2021-28650
autoar-extractor.c in GNOME gnome-autoar prior to 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists...
Gnome Gnome-autoar
Fedoraproject Fedora 34
2.1
CVSSv2
CVE-2020-36241
autoar-extractor.c in GNOME gnome-autoar up to and including 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extr...
Gnome Gnome-autoar
Fedoraproject Fedora 34
1.9
CVSSv2
CVE-2020-17489
An issue exists in certain configurations of GNOME gnome-shell up to and including 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login ti...
Gnome Gnome-shell
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Opensuse Leap 15.2
4.6
CVSSv2
CVE-2019-3820
It exists that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
Gnome Gnome-shell
Opensuse Leap 15.0
Opensuse Leap 15.1
Opensuse Leap 42.3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
6.8
CVSSv2
CVE-2017-8288
gnome-shell 3.22 up to and including 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (...
Gnome Gnome-shell 3.24.1
Gnome Gnome-shell 3.22.2
Gnome Gnome-shell 3.23.1
Gnome Gnome-shell 3.23.92
Gnome Gnome-shell 3.22.0
Gnome Gnome-shell 3.23.2
Gnome Gnome-shell 3.23.3
Gnome Gnome-shell 3.23.90
Gnome Gnome-shell 3.23.91
Gnome Gnome-shell 3.22.1
Gnome Gnome-shell 3.22.3
Gnome Gnome-shell 3.24.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »