Canonical Accountsservice vulnerabilities
4 known vulnerabilities affecting canonical/accountsservice.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2022-1804MEDIUMCVSS 5.5fixed in 22.07.5-2ubuntu1.32025-03-25
CVE-2022-1804 [MEDIUM] CWE-269 CVE-2022-1804: accountsservice no longer drops permissions when writting .pam_environment
accountsservice no longer drops permissions when writting .pam_environment
nvd
CVE-2023-3297HIGHCVSS 7.8fixed in 23.13.9-2ubuntu2fixed in 22.08.8-1ubuntu7.1+2 more2023-09-01
CVE-2023-3297 [HIGH] CWE-416 CVE-2023-3297: In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerabilit
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
nvd
CVE-2021-3939HIGHCVSS 7.8≥ 0.6.55-0ubuntu12\~20.04, < 0.6.55-0ubuntu12\~20.05≥ 0.6.55-0ubuntu13, < 0.6.55-0ubuntu13.3+1 more2021-11-17
CVE-2021-3939 [HIGH] CWE-590 CVE-2021-3939: Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.pat
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13
nvd
CVE-2011-4406LOWCVSS 3.6≤ 0.6.142014-04-16
CVE-2011-4406 [LOW] CWE-264 CVE-2011-4406: The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges wh
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
nvd