Vulnerabilities > Gnome > Gnome Shell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-22 | CVE-2023-43090 | A vulnerability was found in GNOME Shell. | 5.5 |
| 2022-04-29 | CVE-2021-3982 | Improper Check for Dropped Privileges vulnerability in Gnome Gnome-Shell Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. | 5.5 |
| 2022-02-18 | CVE-2021-20315 | Improper Locking vulnerability in multiple products A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. | 6.1 |
| 2020-08-11 | CVE-2020-17489 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. | 1.9 |
| 2019-02-06 | CVE-2019-3820 | Improper Authentication vulnerability in multiple products It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. | 4.6 |
| 2017-04-27 | CVE-2017-8288 | Improper Input Validation vulnerability in Gnome Gnome-Shell gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. | 6.8 |
| 2014-12-25 | CVE-2014-7300 | Resource Management Errors vulnerability in multiple products GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | 7.2 |
| 2014-04-29 | CVE-2013-7221 | Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | 4.6 |
| 2014-04-29 | CVE-2013-7220 | Unspecified vulnerability in Gnome Gnome-Shell js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | 4.6 |
| 2012-10-01 | CVE-2012-4427 | Code Injection vulnerability in Gnome Gnome-Shell 3.4.1 The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | 6.8 |