VulnerableCode Package Details - pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4wd1-kxpx-9ugm	An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.	CVE-2020-16127
VCID-84wd-4hfs-cbdm	The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.	CVE-2011-4406
VCID-91vz-futd-tkfa	The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.	CVE-2012-2737
VCID-bqzt-u1sk-3fht	accountsservice no longer drops permissions when writting .pam_environment	CVE-2022-1804
VCID-bxkw-9x1u-sbhm	accountsservice: use-after-free via a D-Bus message to the accounts-daemon process	CVE-2023-3297
VCID-chd6-4yfy-x7hg	An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.	CVE-2020-16126
VCID-p9ht-pahu-wbea	accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c	CVE-2018-14036
VCID-pnj9-7czc-pqfc	Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.	CVE-2021-3939
VCID-y4tn-cs9p-v7eh	accountsservice: local encrypted password disclosure when changing password	CVE-2012-6655

Vulnerability

Summary

Aliases

VCID-4wd1-kxpx-9ugm

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

CVE-2020-16127

VCID-84wd-4hfs-cbdm

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

CVE-2011-4406

VCID-91vz-futd-tkfa

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

CVE-2012-2737

VCID-bqzt-u1sk-3fht

accountsservice no longer drops permissions when writting .pam_environment

CVE-2022-1804

VCID-bxkw-9x1u-sbhm

accountsservice: use-after-free via a D-Bus message to the accounts-daemon process

CVE-2023-3297

VCID-chd6-4yfy-x7hg

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

CVE-2020-16126

VCID-p9ht-pahu-wbea

accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c

CVE-2018-14036

VCID-pnj9-7czc-pqfc

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

CVE-2021-3939

VCID-y4tn-cs9p-v7eh

accountsservice: local encrypted password disclosure when changing password

CVE-2012-6655

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:18:18.864571+00:00	Debian Importer	Fixing	VCID-91vz-futd-tkfa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:08:03.983796+00:00	Debian Importer	Fixing	VCID-4wd1-kxpx-9ugm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:58:16.806110+00:00	Debian Importer	Fixing	VCID-bxkw-9x1u-sbhm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:46:57.153016+00:00	Debian Importer	Fixing	VCID-84wd-4hfs-cbdm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:46:46.067508+00:00	Debian Importer	Fixing	VCID-p9ht-pahu-wbea	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:44:30.667682+00:00	Debian Importer	Fixing	VCID-bqzt-u1sk-3fht	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:14:13.611154+00:00	Debian Importer	Fixing	VCID-pnj9-7czc-pqfc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:01:23.789886+00:00	Debian Importer	Fixing	VCID-chd6-4yfy-x7hg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:09:56.977001+00:00	Debian Importer	Fixing	VCID-91vz-futd-tkfa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T09:02:01.758572+00:00	Debian Importer	Fixing	VCID-4wd1-kxpx-9ugm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:54:38.450387+00:00	Debian Importer	Fixing	VCID-bxkw-9x1u-sbhm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:17:45.563618+00:00	Debian Importer	Fixing	VCID-84wd-4hfs-cbdm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:17:36.478840+00:00	Debian Importer	Fixing	VCID-p9ht-pahu-wbea	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:15:49.978549+00:00	Debian Importer	Fixing	VCID-bqzt-u1sk-3fht	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:53:00.877958+00:00	Debian Importer	Fixing	VCID-pnj9-7czc-pqfc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:43:16.827197+00:00	Debian Importer	Fixing	VCID-chd6-4yfy-x7hg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:19:29.835652+00:00	Debian Importer	Fixing	VCID-y4tn-cs9p-v7eh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:18:02.925109+00:00	Debian Importer	Fixing	VCID-91vz-futd-tkfa	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:28.112903+00:00	Debian Importer	Fixing	VCID-4wd1-kxpx-9ugm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:48.714565+00:00	Debian Importer	Fixing	VCID-bxkw-9x1u-sbhm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:25.191622+00:00	Debian Importer	Fixing	VCID-84wd-4hfs-cbdm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:25.016724+00:00	Debian Importer	Fixing	VCID-p9ht-pahu-wbea	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:16.457013+00:00	Debian Importer	Fixing	VCID-bqzt-u1sk-3fht	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:25.158729+00:00	Debian Importer	Fixing	VCID-pnj9-7czc-pqfc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:45.915008+00:00	Debian Importer	Fixing	VCID-chd6-4yfy-x7hg	https://security-tracker.debian.org/tracker/data/json	38.1.0