Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/87765?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "type": "deb", "namespace": "debian", "name": "accountsservice", "version": "23.13.9-7", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "23.13.9-8", "latest_non_vulnerable_version": "23.13.9-8", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58465?format=api", "vulnerability_id": "VCID-2ums-yvkp-m3hg", "summary": "In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3297.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3297.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3297" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182", "reference_id": "2024182", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218566", "reference_id": "2218566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297", "reference_id": "cvename.cgi?name=CVE-2023-3297", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297" }, { "reference_url": "https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/", "reference_id": "GHSL-2023-139_accountsservice", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/" }, { "reference_url": "https://ubuntu.com/security/notices/USN-6190-1", "reference_id": "USN-6190-1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://ubuntu.com/security/notices/USN-6190-1" }, { "reference_url": "https://usn.ubuntu.com/6190-1/", "reference_id": "USN-6190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6190-1/" }, { "reference_url": "https://usn.ubuntu.com/6190-2/", "reference_id": "USN-6190-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6190-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-3297" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ums-yvkp-m3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58461?format=api", "vulnerability_id": "VCID-6j3a-5beq-mqcq", "summary": "An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01989", "scoring_system": "epss", "scoring_elements": "0.83927", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01989", "scoring_system": "epss", "scoring_elements": "0.8395", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16126" }, { "reference_url": "https://usn.ubuntu.com/4616-1/", "reference_id": "USN-4616-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-1/" }, { "reference_url": "https://usn.ubuntu.com/4616-2/", "reference_id": "USN-4616-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-16126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6j3a-5beq-mqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58463?format=api", "vulnerability_id": "VCID-dwbd-qj5c-yqa8", "summary": "Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31113", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3939" }, { "reference_url": "https://usn.ubuntu.com/5149-1/", "reference_id": "USN-5149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5149-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3939" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwbd-qj5c-yqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58457?format=api", "vulnerability_id": "VCID-hybg-f7m1-kud7", "summary": "The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17023", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.171", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4406" }, { "reference_url": "https://usn.ubuntu.com/1351-1/", "reference_id": "USN-1351-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1351-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87762?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.15-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hybg-f7m1-kud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58460?format=api", "vulnerability_id": "VCID-k4kq-fbtc-1qbt", "summary": "Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79577", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79603", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601019", "reference_id": "1601019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601019" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828", "reference_id": "903828", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://usn.ubuntu.com/4616-1/", "reference_id": "USN-4616-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-1/" }, { "reference_url": "https://usn.ubuntu.com/4616-2/", "reference_id": "USN-4616-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87768?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.45-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.45-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14036" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4kq-fbtc-1qbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58458?format=api", "vulnerability_id": "VCID-kf75-tbup-5qcg", "summary": "The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21971", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2737" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679429", "reference_id": "679429", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679429" }, { "reference_url": "https://usn.ubuntu.com/1485-1/", "reference_id": "USN-1485-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1485-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87766?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.21-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.21-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2737" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf75-tbup-5qcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58464?format=api", "vulnerability_id": "VCID-ryr9-rxuf-sugb", "summary": "accountsservice no longer drops permissions when writting .pam_environment", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20245", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20319", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250", "reference_id": "1974250", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T12:58:36Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250" }, { "reference_url": "https://ubuntu.com/security/notices/USN-5439-1", "reference_id": "USN-5439-1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T12:58:36Z/" } ], "url": "https://ubuntu.com/security/notices/USN-5439-1" }, { "reference_url": "https://usn.ubuntu.com/5439-1/", "reference_id": "USN-5439-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5439-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-1804" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryr9-rxuf-sugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58462?format=api", "vulnerability_id": "VCID-vr1s-re3z-vbh7", "summary": "An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38261", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38349", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16127" }, { "reference_url": "https://usn.ubuntu.com/4616-1/", "reference_id": "USN-4616-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-16127" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vr1s-re3z-vbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58459?format=api", "vulnerability_id": "VCID-yq42-b126-vfhz", "summary": "An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6655.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6655.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06591", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06622", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6655", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1130538", "reference_id": "1130538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1130538" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757912", "reference_id": "757912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757912" }, { "reference_url": "https://usn.ubuntu.com/6687-1/", "reference_id": "USN-6687-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6687-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87767?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-6655" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yq42-b126-vfhz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }