Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnome gnome-shell vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48634
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reaso...
5.5
CVSSv3
CVE-2023-43090
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Gnome Gnome-shell
Gnome Gnome-shell 42
Fedoraproject Fedora 37
Fedoraproject Fedora 38
5.5
CVSSv3
CVE-2021-3982
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler prior...
Gnome Gnome-shell -
6.1
CVSSv3
CVE-2021-20315
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to k...
Gnome Gnome-shell
Centos Stream 8
3.9
CVSSv3
CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller up to and including 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue e...
Gnome File-roller
Fedoraproject Fedora 34
5.5
CVSSv3
CVE-2021-28650
autoar-extractor.c in GNOME gnome-autoar prior to 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists...
Gnome Gnome-autoar
Fedoraproject Fedora 34
5.5
CVSSv3
CVE-2020-36241
autoar-extractor.c in GNOME gnome-autoar up to and including 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extr...
Gnome Gnome-autoar
Fedoraproject Fedora 34
4.3
CVSSv3
CVE-2020-17489
An issue exists in certain configurations of GNOME gnome-shell up to and including 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login ti...
Gnome Gnome-shell
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Opensuse Leap 15.2
4.3
CVSSv3
CVE-2019-3820
It exists that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
Gnome Gnome-shell
Opensuse Leap 15.0
Opensuse Leap 15.1
Opensuse Leap 42.3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
8.1
CVSSv3
CVE-2017-8288
gnome-shell 3.22 up to and including 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (...
Gnome Gnome-shell 3.24.1
Gnome Gnome-shell 3.22.2
Gnome Gnome-shell 3.23.1
Gnome Gnome-shell 3.23.92
Gnome Gnome-shell 3.22.0
Gnome Gnome-shell 3.23.2
Gnome Gnome-shell 3.23.3
Gnome Gnome-shell 3.23.90
Gnome Gnome-shell 3.23.91
Gnome Gnome-shell 3.22.1
Gnome Gnome-shell 3.22.3
Gnome Gnome-shell 3.24.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »