GCVE - cpe:2.3:a:freedesktop:accountsservice:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:accountsservice:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Accountsservice (`a16c1fde-e5f8-5d44-b823-3347b7d34be5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/accountsservice`	purl2cpe	2026-06-01 10:14:03.746908
`pkg:deb/ubuntu/accountsservice`	purl2cpe	2026-06-01 10:14:03.746911
`pkg:github/freedesktop/accountsservice`	purl2cpe	2026-06-01 10:14:03.746915
`pkg:gitlab/redhat/accountsservice`	purl2cpe	2026-06-01 10:14:03.746918
`pkg:rpm/centos/accountsservice`	purl2cpe	2026-06-01 10:14:03.746921
`pkg:rpm/fedora/accountsservice`	purl2cpe	2026-06-01 10:14:03.746924
`pkg:rpm/opensuse/accountsservice`	purl2cpe	2026-06-01 10:14:03.746927

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-16127`	vulnerable	2026-06-03 14:41:47.192982	accountsservice .pam_environment infinite loop LOW (2.8) An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. Published: 2020-11-11T04:10:15.512Z Updated: 2024-09-16T17:58:49.219Z Open on db.gcve.eu Reference links https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16126`	vulnerable	2026-06-03 14:41:47.192571	accountsservice drops ruid, allows unprivileged users to send it signals LOW (3.3) An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. Published: 2020-11-11T04:10:15.043Z Updated: 2024-09-16T17:15:27.923Z Open on db.gcve.eu Reference links https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-14036`	vulnerable	2026-06-03 14:38:11.819935	Details available Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. Published: 2018-07-13T12:00:00.000Z Updated: 2024-08-05T09:21:40.788Z Open on db.gcve.eu Reference links https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a http://www.openwall.com/lists/oss-security/2018/07/02/2 https://bugs.freedesktop.org/show_bug.cgi?id=107085 http://www.securityfocus.com/bid/104757 https://bugzilla.suse.com/show_bug.cgi?id=1099699	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.