Accountsservice

This hub aggregates every CVE we track for Accountsservice, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 9 most recently published vulnerabilities affecting Accountsservice.

• CVE-2022-1804Accountsservice incorrectly drops privileges5.5Mar 25, 2025
• CVE-2023-3297In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.8.1Sep 1, 2023
• CVE-2021-3939Free of static data in accountsservice7.8Nov 17, 2021
• CVE-2020-16127accountsservice .pam_environment infinite loop2.8Nov 11, 2020
• CVE-2020-16126accountsservice drops ruid, allows unprivileged users to send it signals3.3Nov 11, 2020
• CVE-2012-6655An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.3.3Nov 27, 2019
• CVE-2018-14036Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.6.5Jul 13, 2018
• CVE-2011-4406The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified...3.6Apr 16, 2014
• CVE-2012-2737The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache direc...1.9Jul 22, 2012