Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie

Type deb

Namespace debian

Name accountsservice

Version 23.13.9-8

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4wd1-kxpx-9ugm

vulnerability_id VCID-4wd1-kxpx-9ugm

summary An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-16127

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.38474
published_at	2026-04-01T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.3861
published_at	2026-04-02T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38634
published_at	2026-04-04T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38496
published_at	2026-04-07T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38548
published_at	2026-04-08T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38556
published_at	2026-04-09T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38567
published_at	2026-04-11T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38529
published_at	2026-04-18T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38503
published_at	2026-04-13T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38551
published_at	2026-04-16T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38449
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-16127

reference_url	https://usn.ubuntu.com/4616-1/
reference_id	USN-4616-1
reference_type
scores
url	https://usn.ubuntu.com/4616-1/

fixed_packages

url	pkg:deb/debian/accountsservice@0?distro=trixie
purl	pkg:deb/debian/accountsservice@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2020-16127

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wd1-kxpx-9ugm

url VCID-84wd-4hfs-cbdm

vulnerability_id VCID-84wd-4hfs-cbdm

summary The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4406

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16715
published_at	2026-04-01T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16885
published_at	2026-04-02T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16942
published_at	2026-04-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16725
published_at	2026-04-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1681
published_at	2026-04-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16867
published_at	2026-04-09T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16843
published_at	2026-04-11T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16798
published_at	2026-04-12T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1674
published_at	2026-04-13T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16676
published_at	2026-04-16T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16683
published_at	2026-04-18T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1672
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4406

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4406

reference_url	https://usn.ubuntu.com/1351-1/
reference_id	USN-1351-1
reference_type
scores
url	https://usn.ubuntu.com/1351-1/

fixed_packages

url	pkg:deb/debian/accountsservice@0.6.15-3?distro=trixie
purl	pkg:deb/debian/accountsservice@0.6.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.15-3%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2011-4406

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84wd-4hfs-cbdm

url VCID-91vz-futd-tkfa

vulnerability_id VCID-91vz-futd-tkfa

summary The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2737

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21749
published_at	2026-04-01T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21913
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21966
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21732
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21809
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21865
published_at	2026-04-09T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21876
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21836
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21778
published_at	2026-04-13T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.2178
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21786
published_at	2026-04-18T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21751
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2737

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2737
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2737

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679429
reference_id	679429
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679429

reference_url	https://usn.ubuntu.com/1485-1/
reference_id	USN-1485-1
reference_type
scores
url	https://usn.ubuntu.com/1485-1/

fixed_packages

url	pkg:deb/debian/accountsservice@0.6.21-6?distro=trixie
purl	pkg:deb/debian/accountsservice@0.6.21-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.21-6%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2012-2737

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91vz-futd-tkfa

url VCID-bqzt-u1sk-3fht

vulnerability_id VCID-bqzt-u1sk-3fht

summary accountsservice no longer drops permissions when writting .pam_environment

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1804

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05491
published_at	2026-04-21T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05389
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0538
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05331
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05332
published_at	2026-04-18T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05283
published_at	2026-04-01T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05326
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05357
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05375
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05409
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05432
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05401
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250

reference_id

1974250

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T12:58:36Z/

url

https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250

reference_url

https://ubuntu.com/security/notices/USN-5439-1

reference_id

USN-5439-1

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T12:58:36Z/

url

https://ubuntu.com/security/notices/USN-5439-1

reference_url	https://usn.ubuntu.com/5439-1/
reference_id	USN-5439-1
reference_type
scores
url	https://usn.ubuntu.com/5439-1/

fixed_packages

url	pkg:deb/debian/accountsservice@0?distro=trixie
purl	pkg:deb/debian/accountsservice@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2022-1804

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqzt-u1sk-3fht

url VCID-bxkw-9x1u-sbhm

vulnerability_id VCID-bxkw-9x1u-sbhm

summary accountsservice: use-after-free via a D-Bus message to the accounts-daemon process

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3297.json

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3297.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3297

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13209
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13088
published_at	2026-04-21T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13275
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13075
published_at	2026-04-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13156
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13208
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13177
published_at	2026-04-11T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13139
published_at	2026-04-12T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13087
published_at	2026-04-13T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12988
published_at	2026-04-16T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12991
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3297

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182

reference_id

2024182

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/

url

https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2218566
reference_id	2218566
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2218566

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297

reference_id

cvename.cgi?name=CVE-2023-3297

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297

reference_url

https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/

reference_id

GHSL-2023-139_accountsservice

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/

url

https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/

reference_url

https://ubuntu.com/security/notices/USN-6190-1

reference_id

USN-6190-1

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/

url

https://ubuntu.com/security/notices/USN-6190-1

reference_url	https://usn.ubuntu.com/6190-1/
reference_id	USN-6190-1
reference_type
scores
url	https://usn.ubuntu.com/6190-1/

reference_url	https://usn.ubuntu.com/6190-2/
reference_id	USN-6190-2
reference_type
scores
url	https://usn.ubuntu.com/6190-2/

fixed_packages

url	pkg:deb/debian/accountsservice@0?distro=trixie
purl	pkg:deb/debian/accountsservice@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2023-3297

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxkw-9x1u-sbhm

url VCID-chd6-4yfy-x7hg

vulnerability_id VCID-chd6-4yfy-x7hg

summary An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-16126

reference_id

reference_type

scores

value	0.01989
scoring_system	epss
scoring_elements	0.83541
published_at	2026-04-01T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83553
published_at	2026-04-02T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83568
published_at	2026-04-04T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83569
published_at	2026-04-07T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83593
published_at	2026-04-08T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83602
published_at	2026-04-09T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83617
published_at	2026-04-11T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83611
published_at	2026-04-12T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83606
published_at	2026-04-13T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83641
published_at	2026-04-16T12:55:00Z

value	0.01989
scoring_system	epss
scoring_elements	0.83642
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-16126

reference_url	https://usn.ubuntu.com/4616-1/
reference_id	USN-4616-1
reference_type
scores
url	https://usn.ubuntu.com/4616-1/

reference_url	https://usn.ubuntu.com/4616-2/
reference_id	USN-4616-2
reference_type
scores
url	https://usn.ubuntu.com/4616-2/

fixed_packages

url	pkg:deb/debian/accountsservice@0?distro=trixie
purl	pkg:deb/debian/accountsservice@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2020-16126

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chd6-4yfy-x7hg

url VCID-p9ht-pahu-wbea

vulnerability_id VCID-p9ht-pahu-wbea

summary accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14036

reference_id

reference_type

scores

value	0.01239
scoring_system	epss
scoring_elements	0.79188
published_at	2026-04-01T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79258
published_at	2026-04-21T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79245
published_at	2026-04-12T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79233
published_at	2026-04-13T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79257
published_at	2026-04-18T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79195
published_at	2026-04-02T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79218
published_at	2026-04-04T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79203
published_at	2026-04-07T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79229
published_at	2026-04-08T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79236
published_at	2026-04-09T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.7926
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14036

reference_url	https://bugs.freedesktop.org/show_bug.cgi?id=107085
reference_id
reference_type
scores
url	https://bugs.freedesktop.org/show_bug.cgi?id=107085

reference_url	https://bugzilla.suse.com/show_bug.cgi?id=1099699
reference_id
reference_type
scores
url	https://bugzilla.suse.com/show_bug.cgi?id=1099699

reference_url	https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a
reference_id
reference_type
scores
url	https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	http://www.openwall.com/lists/oss-security/2018/07/02/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2018/07/02/2

reference_url	http://www.securityfocus.com/bid/104757
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104757

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1601019
reference_id	1601019
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1601019

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828
reference_id	903828
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:accountsservice::::::::
reference_id	cpe:2.3:a:freedesktop:accountsservice::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:accountsservice::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14036

reference_id

CVE-2018-14036

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14036

reference_url	https://access.redhat.com/errata/RHSA-2018:3140
reference_id	RHSA-2018:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3140

reference_url	https://usn.ubuntu.com/4616-1/
reference_id	USN-4616-1
reference_type
scores
url	https://usn.ubuntu.com/4616-1/

reference_url	https://usn.ubuntu.com/4616-2/
reference_id	USN-4616-2
reference_type
scores
url	https://usn.ubuntu.com/4616-2/

fixed_packages

url	pkg:deb/debian/accountsservice@0.6.45-2?distro=trixie
purl	pkg:deb/debian/accountsservice@0.6.45-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.45-2%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2018-14036

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9ht-pahu-wbea

url VCID-pnj9-7czc-pqfc

vulnerability_id VCID-pnj9-7czc-pqfc

summary Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3939

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31592
published_at	2026-04-01T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31724
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31769
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31587
published_at	2026-04-07T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.3164
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31669
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31673
published_at	2026-04-11T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31631
published_at	2026-04-12T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31595
published_at	2026-04-13T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.3163
published_at	2026-04-16T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31608
published_at	2026-04-18T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31576
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3939

reference_url	https://usn.ubuntu.com/5149-1/
reference_id	USN-5149-1
reference_type
scores
url	https://usn.ubuntu.com/5149-1/

fixed_packages

url	pkg:deb/debian/accountsservice@0?distro=trixie
purl	pkg:deb/debian/accountsservice@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie

url pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4tn-cs9p-v7eh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2021-3939

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnj9-7czc-pqfc

url VCID-y4tn-cs9p-v7eh

vulnerability_id VCID-y4tn-cs9p-v7eh

summary accountsservice: local encrypted password disclosure when changing password

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6655.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6655.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6655

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.05962
published_at	2026-04-01T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.05995
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06029
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06013
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06052
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0609
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0608
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06075
published_at	2026-04-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06066
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06031
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06039
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06189
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6655

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6655
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6655

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1130538
reference_id	1130538
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1130538

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757912
reference_id	757912
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757912

reference_url	https://usn.ubuntu.com/6687-1/
reference_id	USN-6687-1
reference_type
scores
url	https://usn.ubuntu.com/6687-1/

fixed_packages

url	pkg:deb/debian/accountsservice@22.08.8-4?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-4%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
purl	pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie

url	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
purl	pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

aliases CVE-2012-6655

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4tn-cs9p-v7eh

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie

Package Instance