CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-43090 – Gnome-shell: screenshot tool allows viewing open windows when session is locked
https://notcve.org/view.php?id=CVE-2023-43090
19 Sep 2023 — A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. Se encontró una vulnerabilidad en GNOME Shell. La pantalla de bloqueo de GNOME Shell permite a un usuario local no autenticado ver ventanas de la sesión de escritorio bloqueada mediante el uso de atajos de teclado para desbloquear la funcionalidad restringida de la herr... • https://access.redhat.com/security/cve/CVE-2023-43090 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3982
https://notcve.org/view.php?id=CVE-2021-3982
29 Apr 2022 — Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. Las distribuciones de Linux que usan la función CAP_SYS_NICE para gnome-shell pueden estar expuestas a un problema de escalada de privilegios. Un atacante, c... • https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20315
https://notcve.org/view.php?id=CVE-2021-20315
18 Feb 2022 — A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. Se ha encontrado un fallo de omisión de la protección de bloqueo en algunas versiones de gnome-shell tal y como se distribuye en CentOS Stream 8, cuan... • https://bugzilla.redhat.com/show_bug.cgi?id=2006285 • CWE-667: Improper Locking •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-17489 – gnome-shell: Password from logged-out user may be shown on login screen
https://notcve.org/view.php?id=CVE-2020-17489
11 Aug 2020 — An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) Se detectó un problema en determinadas configuraciones de GNOME gnome-shell versiones hasta ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 1CVE-2019-3820 – gnome-shell: partial lock screen bypass
https://notcve.org/view.php?id=CVE-2019-3820
06 Feb 2019 — It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. Se ha descubierto que la pantalla de bloqueo de gnome-shell, desde la versión 3.15.91 no restringió correctamente todas las acciones contextuales. Un atacante con acceso físico a una estación de trabajo bloqueada podría invocar ciertos atajos de teclado y, pot... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8288 – Ubuntu Security Notice USN-7052-1
https://notcve.org/view.php?id=CVE-2017-8288
27 Apr 2017 — gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. ... • http://www.securityfocus.com/bid/98070 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2014-7300 – gnome-shell: lockscreen bypass with printscreen key
https://notcve.org/view.php?id=CVE-2014-7300
25 Dec 2014 — GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. GNOME Shell 3.14.x anterior a 3.14.1, cuando se utiliza la característica Screen Lock, no se limita el... • http://openwall.com/lists/oss-security/2014/09/29/17 • CWE-305: Authentication Bypass by Primary Weakness CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 46EXPL: 0CVE-2013-7220
https://notcve.org/view.php?id=CVE-2013-7220
29 Apr 2014 — js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. js/ui/screenShield.js en GNOME Shell (también conocido como gnome-shell) anterior a 3.8 permite a atacantes físicamente próximos ejecutar comandos arbitrarios mediante el aprovechamiento de una estación de trabajo desatendida con el foco de teclado en el campo de búsqueda de Activities. • http://www.openwall.com/lists/oss-security/2013/12/27/4 •
CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2013-7221
https://notcve.org/view.php?id=CVE-2013-7221
29 Apr 2014 — The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. La funcionalidad de bloqueo de pantalla automático en GNOME Shell (también conocido como gnome-shell) anterior a 3.10 no previene acceso al dialogo "Enter a Command", lo que permite a atacantes físicamente próximos ejecutar comandos arbitrarios aprovechan... • http://www.openwall.com/lists/oss-security/2013/12/27/4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2012-4427
https://notcve.org/view.php?id=CVE-2012-4427
01 Oct 2012 — The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. El complemento gnome-shell v3.4.1 en GNOME permite a atacantes remotos forzar la descarga e instalación de extensiones arbitrarias desde extensions.gnome.org a través de una página modificada. • http://www.openwall.com/lists/oss-security/2012/09/08/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •