CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20315
https://notcve.org/view.php?id=CVE-2021-20315
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. Se ha encontrado un fallo de omisión de la protección de bloqueo en algunas versiones de gnome-shell tal y como se distribuye en CentOS Stream 8, cuando las extensiones de GNOME "Application menu" o "Window list" están habilitadas. Este fallo permite a un atacante físico que tenga acceso a un sistema bloqueado matar las aplicaciones existentes e iniciar otras nuevas como el usuario bloqueado, incluso si la sesión sigue bloqueada • https://bugzilla.redhat.com/show_bug.cgi?id=2006285 • CWE-667: Improper Locking •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-17489 – gnome-shell: Password from logged-out user may be shown on login screen
https://notcve.org/view.php?id=CVE-2020-17489
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) Se detectó un problema en determinadas configuraciones de GNOME gnome-shell versiones hasta 3.36.4. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html https://security.gentoo.org/glsa/202009-08 https://usn.ubuntu.com/4464-1 https://access.redhat.com/security/cve/CVE-2020-17489 https://bugzilla.redhat.com/show_bug.cgi?id=1868418 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 4.6EPSS: 0%CPEs: 46EXPL: 0CVE-2013-7220
https://notcve.org/view.php?id=CVE-2013-7220
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. js/ui/screenShield.js en GNOME Shell (también conocido como gnome-shell) anterior a 3.8 permite a atacantes físicamente próximos ejecutar comandos arbitrarios mediante el aprovechamiento de una estación de trabajo desatendida con el foco de teclado en el campo de búsqueda de Activities. • http://www.openwall.com/lists/oss-security/2013/12/27/4 http://www.openwall.com/lists/oss-security/2013/12/27/6 http://www.openwall.com/lists/oss-security/2013/12/27/8 https://bugzilla.gnome.org/show_bug.cgi?id=686740 https://bugzilla.redhat.com/show_bug.cgi?id=1030431 https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j •
CVSS: 4.6EPSS: 0%CPEs: 60EXPL: 0CVE-2013-7221
https://notcve.org/view.php?id=CVE-2013-7221
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. La funcionalidad de bloqueo de pantalla automático en GNOME Shell (también conocido como gnome-shell) anterior a 3.10 no previene acceso al dialogo "Enter a Command", lo que permite a atacantes físicamente próximos ejecutar comandos arbitrarios aprovechandose de una estación de trabajo desatendida. • http://www.openwall.com/lists/oss-security/2013/12/27/4 http://www.openwall.com/lists/oss-security/2013/12/27/8 https://bugzilla.gnome.org/show_bug.cgi?id=708313 https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4000
https://notcve.org/view.php?id=CVE-2010-4000
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. gnome-shell en GNOME Shell v2.31.5 pone un nombre de directorio de longitud cero en la variable LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a través de un caballo de Troya en una biblioteca compartida en el directorio de trabajo actual. • https://bugzilla.redhat.com/show_bug.cgi?id=644561 • CWE-264: Permissions, Privileges, and Access Controls •