CVEDB API

Vulnerabilities

Vulnerable Software

Freedesktop: >> Accountsservice >> 0.6.14 Security Vulnerabilities

CVE-2020-16126

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

CVSS Score

3.3

EPSS Score

0.016

Published

2020-11-11

CVE-2020-16127

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

CVSS Score

2.8

EPSS Score

0.0

Published

2020-11-11

CVE-2018-14036

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

CVSS Score

6.5

EPSS Score

0.06

Published

2018-07-13

Page 1

Vulnerabilities

Vulnerable Software

Freedesktop: >> Accountsservice >> 0.6.14 Security Vulnerabilities

Products

Pricing

Contact Us