Skip to main content

Accountsservice

7 CVEs product

Monthly

CVE-2022-1804 MEDIUM PATCH This Month

accountsservice no longer drops permissions when writting .pam_environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Accountsservice Ubuntu Linux Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-3297 HIGH POC This Week

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Ubuntu Accountsservice +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3939 HIGH This Week

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Ubuntu Information Disclosure Accountsservice Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-16127 MEDIUM POC This Month

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Denial Of Service Accountsservice
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-16126 LOW POC Monitor

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Privilege Escalation Accountsservice
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2018-14036 MEDIUM POC PATCH This Month

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Accountsservice
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2012-2737 LOW POC Monitor

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Accountsservice
NVD
CVSS 2.0
1.9
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

accountsservice no longer drops permissions when writting .pam_environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Accountsservice Ubuntu Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Ubuntu Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Denial Of Service Accountsservice
NVD GitHub
EPSS 1% CVSS 3.3
LOW POC Monitor

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Privilege Escalation Accountsservice
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Accountsservice
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Accountsservice
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy