CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 2CVE-2023-3297 – Ubuntu Security Notice USN-6190-1
https://notcve.org/view.php?id=CVE-2023-3297
28 Jun 2023 — In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. en Ubuntu AccountsService un atacante local no privilegiado puede desencadenar una vulnerabilidad de uso de memoria previamente liberada en accountsservice enviando mensajes D-Bus al accounts-daemon process. USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubu... • https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3939 – Free of static data in accountsservice
https://notcve.org/view.php?id=CVE-2021-3939
17 Nov 2021 — Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1. Unas modificaciones específicas de Ubuntu a accountsservice (en el archivo de parche debian/patches/0010-set-language.patch) causaron... • https://packetstorm.news/files/id/172848 • CWE-590: Free of Memory not on the Heap CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4406
https://notcve.org/view.php?id=CVE-2011-4406
16 Apr 2014 — The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. El paquete Ubuntu AccountsService anterior a 0.6.14-1git1ubuntu1.1 no elimina debidamente privilegios cuando se cambian configuraciones de lenguaje, lo que permite a usuarios locales modificar archivos arbitrarios a través de vectores no especificados. • http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/accountsservice/oneiric-updates/revision/21 • CWE-264: Permissions, Privileges, and Access Controls •