VulnerableCode Package Details - pkg:deb/debian/gnome-shell@3.38.6-1~deb11u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-wd4d-axry-aaas Aliases: CVE-2024-36472	In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.	47.0-3 Affected by 0 other vulnerabilities. 47.1-2 Affected by 0 other vulnerabilities. 47.2-1 Affected by 0 other vulnerabilities. 47.3-1 Affected by 0 other vulnerabilities. 48.0-1 Affected by 0 other vulnerabilities. 48.1-1 Affected by 0 other vulnerabilities. 48.2-3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-wd4d-axry-aaas
Aliases:
CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

47.0-3
Affected by 0 other vulnerabilities.

47.1-2
Affected by 0 other vulnerabilities.

47.2-1
Affected by 0 other vulnerabilities.

47.3-1
Affected by 0 other vulnerabilities.

48.0-1
Affected by 0 other vulnerabilities.

48.1-1
Affected by 0 other vulnerabilities.

48.2-3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1fhr-kq6r-aaak	A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.	CVE-2023-43090
VCID-35uj-bty2-aaac	An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)	CVE-2020-17489
VCID-9s2f-7kdf-aaam	The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.	CVE-2012-4427

Vulnerability

Summary

Aliases

VCID-1fhr-kq6r-aaak

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

CVE-2023-43090

VCID-35uj-bty2-aaac

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

CVE-2020-17489

VCID-9s2f-7kdf-aaam

The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.

CVE-2012-4427

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:12:47.702296+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T03:39:50.122720+00:00	Debian Oval Importer	Fixing	VCID-35uj-bty2-aaac	None	36.1.3
2025-06-21T02:45:10.509835+00:00	Debian Importer	Affected by	VCID-wd4d-axry-aaas	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T01:51:39.179564+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	None	36.1.3
2025-06-21T00:41:45.006201+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T19:54:11.034390+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	36.1.3
2025-06-08T13:09:41.580129+00:00	Debian Oval Importer	Fixing	VCID-35uj-bty2-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:44:05.926976+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-07T21:13:50.264365+00:00	Debian Oval Importer	Fixing	VCID-35uj-bty2-aaac	None	36.1.0
2025-06-07T19:14:59.555206+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	None	36.1.0
2025-06-05T14:00:24.160761+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	36.1.0
2025-04-12T18:57:22.500437+00:00	Debian Oval Importer	Fixing	VCID-35uj-bty2-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:26:01.717440+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-07T19:43:53.715722+00:00	Debian Oval Importer	Fixing	VCID-35uj-bty2-aaac	None	36.0.0
2025-04-07T17:52:47.795729+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	None	36.0.0
2025-04-06T15:43:11.866785+00:00	Debian Importer	Fixing	VCID-1fhr-kq6r-aaak	None	36.0.0
2025-04-04T05:31:50.255949+00:00	Debian Importer	Affected by	VCID-wd4d-axry-aaas	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T03:24:45.033959+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-03T22:59:24.799501+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	36.0.0
2025-02-21T23:30:47.088021+00:00	Debian Importer	Affected by	VCID-wd4d-axry-aaas	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T13:45:21.927353+00:00	Debian Importer	Fixing	VCID-1fhr-kq6r-aaak	None	35.1.0
2025-02-18T10:48:06.381258+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	35.1.0
2025-02-18T10:48:05.671823+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	https://security-tracker.debian.org/tracker/data/json	35.1.0
2024-11-29T06:58:57.015267+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-11-24T10:50:46.169687+00:00	Debian Importer	Affected by	VCID-wd4d-axry-aaas	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-21T07:48:51.067330+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	35.0.0
2024-11-21T07:48:50.397460+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-19T07:41:44.208132+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	34.3.2
2024-11-19T07:41:43.530812+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	https://security-tracker.debian.org/tracker/data/json	34.3.2
2024-10-14T13:24:17.602188+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-10-11T06:44:12.382138+00:00	Debian Importer	Affected by	VCID-wd4d-axry-aaas	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-10-08T08:32:29.403538+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	34.0.2
2024-10-08T08:32:28.547996+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-09-21T09:54:33.741926+00:00	Debian Oval Importer	Fixing	VCID-9s2f-7kdf-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1
2024-09-17T23:18:52.753184+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	None	34.0.1
2024-09-17T23:18:52.059076+00:00	Debian Importer	Fixing	VCID-9s2f-7kdf-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-05-20T14:18:51.135990+00:00	Debian Importer	Fixing	VCID-1fhr-kq6r-aaak	None	34.0.0rc4

2025-06-21T18:12:47.702296+00:00

Debian Oval Importer

Fixing

Next non-vulnerable version	48.2-3
Latest non-vulnerable version	48.2-3
Risk	3.4