Skip to main content

Gnome Shell

8 CVEs product

Monthly

CVE-2023-43090 MEDIUM POC PATCH This Month

A vulnerability was found in GNOME Shell. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Gnome Shell Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-17489 MEDIUM POC This Month

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnome Shell Ubuntu Linux Debian Linux Leap
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-3820 MEDIUM POC PATCH This Month

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gnome Shell Leap Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2017-8288 HIGH PATCH This Week

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnome Shell
NVD GitHub
CVSS 3.0
8.1
EPSS
0.4%
CVE-2014-7300 HIGH PATCH This Week

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Linux Gnome Shell Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-7221 MEDIUM This Month

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Gnome Shell
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-7220 MEDIUM This Month

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gnome Shell
NVD GitHub VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-4427 MEDIUM POC This Month

The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection RCE Gnome Shell
NVD
CVSS 2.0
6.8
EPSS
1.0%
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A vulnerability was found in GNOME Shell. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Gnome Shell +1
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnome Shell Ubuntu Linux +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gnome Shell Leap +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnome Shell
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Linux Gnome Shell +4
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Gnome Shell
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gnome Shell
NVD GitHub VulDB
EPSS 1% CVSS 6.8
MEDIUM POC This Month

The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection RCE Gnome Shell
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy