Vulnerabilities > Gnome > Gnome Shell > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-43090 A vulnerability was found in GNOME Shell.
local
low complexity
gnome fedoraproject
5.5
2022-04-29 CVE-2021-3982 Improper Check for Dropped Privileges vulnerability in Gnome Gnome-Shell
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue.
local
low complexity
gnome CWE-273
5.5
2022-02-18 CVE-2021-20315 Improper Locking vulnerability in multiple products
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled.
low complexity
gnome centos CWE-667
6.1
2019-02-06 CVE-2019-3820 Improper Authentication vulnerability in multiple products
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions.
local
low complexity
gnome opensuse canonical CWE-287
4.6
2017-04-27 CVE-2017-8288 Improper Input Validation vulnerability in Gnome Gnome-Shell
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen.
network
gnome CWE-20
6.8
2014-04-29 CVE-2013-7221 Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
local
low complexity
gnome CWE-264
4.6
2014-04-29 CVE-2013-7220 Unspecified vulnerability in Gnome Gnome-Shell
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
local
low complexity
gnome
4.6
2012-10-01 CVE-2012-4427 Code Injection vulnerability in Gnome Gnome-Shell 3.4.1
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
network
gnome CWE-94
6.8
2010-11-06 CVE-2010-4000 Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell 2.31.5
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
local
gnome CWE-264
6.9