Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-16127 | 1 Freedesktop | 1 Accountsservice | 2020-11-24 | 2.1 LOW | 5.5 MEDIUM |
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. | |||||
CVE-2020-16126 | 1 Freedesktop | 1 Accountsservice | 2020-11-24 | 2.1 LOW | 3.3 LOW |
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | |||||
CVE-2018-14036 | 1 Freedesktop | 1 Accountsservice | 2018-09-06 | 4.0 MEDIUM | 6.5 MEDIUM |
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. |