GCVE - cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Canonical (`bedcba35-8c3d-5a60-8532-2ba876a6ec88`)
Product	Accountsservice (`ba7e58da-e535-5c81-96dd-1b1dce0d517b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-3297`	vulnerable	2026-06-03 14:52:40.379328	Details available HIGH (8.1) In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Published: 2023-09-01T20:49:43.576Z Updated: 2024-09-30T20:19:08.943Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6190-1 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/ https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-1804`	vulnerable	2026-06-03 14:45:59.651233	Accountsservice incorrectly drops privileges MEDIUM (5.5) accountsservice no longer drops permissions when writting .pam_environment Published: 2025-03-25T12:28:08.041Z Updated: 2025-03-25T12:58:47.368Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250 https://ubuntu.com/security/notices/USN-5439-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3939`	vulnerable	2026-06-03 14:45:13.518368	Free of static data in accountsservice HIGH (7.8) Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1. Published: 2021-11-17T03:15:10.949Z Updated: 2024-09-16T18:02:58.362Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5149-1 https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149 http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4406`	vulnerable	2026-06-03 14:31:24.527707	Details available The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. Published: 2014-04-16T18:00:00.000Z Updated: 2024-08-07T00:09:18.393Z Open on db.gcve.eu Reference links http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4406.html http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21 http://www.ubuntu.com/usn/USN-1351-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.