rpm package
opensuse/gnome-shell&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gnome-shell&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-36472 | Med | 6.5 | < 46.3.1-2.1 | 46.3.1-2.1 | May 28, 2024 | In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead t | |
| CVE-2023-43090 | — | < 45.0-2.1 | 45.0-2.1 | Sep 22, 2023 | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | ||
| CVE-2020-17489 | — | < 40.5-1.1 | 40.5-1.1 | Aug 11, 2020 | An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, | ||
| CVE-2020-12825 | — | < 40.5-1.1 | 40.5-1.1 | May 12, 2020 | libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | ||
| CVE-2019-3820 | — | < 40.5-1.1 | 40.5-1.1 | Feb 6, 2019 | It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. | ||
| CVE-2017-8288 | Hig | 8.1 | < 40.5-1.1 | 40.5-1.1 | Apr 27, 2017 | gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what a | |
| CVE-2010-4000 | — | < 3.22.2-1.1 | 3.22.2-1.1 | Nov 6, 2010 | gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
- affected < 46.3.1-2.1fixed 46.3.1-2.1
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead t
- CVE-2023-43090Sep 22, 2023affected < 45.0-2.1fixed 45.0-2.1
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
- CVE-2020-17489Aug 11, 2020affected < 40.5-1.1fixed 40.5-1.1
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time,
- CVE-2020-12825May 12, 2020affected < 40.5-1.1fixed 40.5-1.1
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
- CVE-2019-3820Feb 6, 2019affected < 40.5-1.1fixed 40.5-1.1
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
- affected < 40.5-1.1fixed 40.5-1.1
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what a
- CVE-2010-4000Nov 6, 2010affected < 3.22.2-1.1fixed 3.22.2-1.1
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.