Freedesktop Accountsservice vulnerabilities
3 known vulnerabilities affecting freedesktop/accountsservice.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2020-16127MEDIUMCVSS 5.5fixed in 0.6.55≥ 0.6.35-0ubuntu7.3, < 0.6.35-0ubuntu7.3+esm2+4 more2020-11-11
CVE-2020-16127 [MEDIUM] CWE-20 CVE-2020-16127: An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among othe
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
nvd
CVE-2020-16126LOWCVSS 3.3fixed in 0.6.55≥ 0.6.35-0ubuntu7.3, < 0.6.35-0ubuntu7.3+esm2+4 more2020-11-11
CVE-2020-16126 [LOW] CWE-269 CVE-2020-16126: An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among othe
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
nvd
CVE-2018-14036MEDIUMCVSS 6.5fixed in 0.6.502018-07-13
CVE-2018-14036 [MEDIUM] CWE-22 CVE-2018-14036: Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insuffi
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
nvd