Lucene search
K

184 matches found

Prion
Prion
added 2020/11/11 4:15 a.m.23 views

Design/Logic Flaw

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion...

2.1CVSS4.1AI score0.00541EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/11/11 4:10 a.m.36 views

CVE-2020-16126 accountsservice drops ruid, allows unprivileged users to send it signals

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion...

3.3CVSS3.9AI score0.00541EPSS
Exploits2References1
CVE
CVE
added 2020/11/11 4:10 a.m.157 views

CVE-2020-16127

CVE-2020-16127 is described as an Ubuntu-specific modification to AccountsService prior to version 0.6.55-0ubuntu13.2 that would perform unbounded reads of user-controlled ~/.pam_environment files, enabling an infinite loop if /dev/zero is symlinked to that location. The impact cited is a local i...

5.5CVSS4.5AI score0.00409EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2020/11/11 4:10 a.m.164 views

CVE-2020-16126

The CVE-2020-16126 issue affects Ubuntu’s AccountsService in versions older than 0.6.55-0ubuntu13.2, where an Ubuntu-specific modification dropped the ruid, allowing untrusted users to send signals to AccountsService and hindering its handling of D-Bus messages (denial of service). Remediation: u...

3.3CVSS4.5AI score0.00541EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/11/11 4:10 a.m.29 views

CVE-2020-16127 accountsservice .pam_environment infinite loop

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled /.pamenvironment files, allowing an infinite loop if /dev/zero is symlinked to this location...

2.8CVSS5.4AI score0.00409EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2020/11/11 4:10 a.m.29 views

CVE-2020-16127

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled /.pamenvironment files, allowing an infinite loop if /dev/zero is symlinked to this location...

5.5CVSS5.9AI score0.00409EPSS
Exploits2
Debian CVE
Debian CVE
added 2020/11/11 4:10 a.m.38 views

CVE-2020-16126

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion...

3.3CVSS5.6AI score0.00541EPSS
Exploits2
Ubuntu
Ubuntu
added 2020/11/04 12:7 p.m.66 views

USN-4616-2: AccountsService vulnerabilities

USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause...

6.5CVSS6.5AI score0.03086EPSS
Exploits3
OSV
OSV
added 2020/11/04 12:7 p.m.1 views

USN-4616-2 accountsservice vulnerabilities

USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause...

6.5CVSS6.7AI score0.03086EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2020/11/04 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-4616-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6AI score0.03086EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2020/11/04 12:0 a.m.31 views

Ubuntu 18.04 LTS / 20.04 LTS : GDM vulnerability (USN-4614-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4614-1 advisory. Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker ab...

7.2CVSS7.2AI score0.01109EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/11/04 12:0 a.m.36 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : AccountsService vulnerabilities (USN-4616-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4616-1 advisory. Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cau...

6.5CVSS6.5AI score0.03086EPSS
Exploits4References4
Ubuntu
Ubuntu
added 2020/11/03 3:16 p.m.97 views

USN-4616-1: AccountsService vulnerabilities

Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. CVE-2020-16126 Kevin Backhouse discovered that AccountsService incorrectly handled reading...

6.5CVSS6.5AI score0.03086EPSS
Exploits4
Ubuntu
Ubuntu
added 2020/11/03 3:0 p.m.103 views

USN-4614-1: GDM vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

7.2CVSS7.2AI score0.01109EPSS
Exploits1
OSV
OSV
added 2020/11/03 3:0 p.m.6 views

USN-4614-1 gdm3 vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

7.2CVSS7.3AI score0.01109EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/11/03 12:0 a.m.25 views

CVE-2020-16127

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled /.pamenvironment files, allowing an infinite loop if /dev/zero is symlinked to this location...

5.5CVSS6.5AI score0.00409EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2020/11/03 12:0 a.m.34 views

CVE-2020-16126

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion...

3.3CVSS6.5AI score0.00541EPSS
Exploits2References3
OSV
OSV
added 2020/11/03 12:0 a.m.1 views

UBUNTU-CVE-2020-16126

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion...

3.3CVSS6.4AI score0.00541EPSS
Exploits2References4
OSV
OSV
added 2020/11/03 12:0 a.m.1 views

UBUNTU-CVE-2020-16127

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled /.pamenvironment files, allowing an infinite loop if /dev/zero is symlinked to this location...

5.5CVSS6.5AI score0.00409EPSS
Exploits2References3
Oracle linux
Oracle linux
added 2020/05/05 12:0 a.m.65 views

GNOME security, bug fix, and enhancement update

accountsservice 0.6.50-8 - Dont set HasNoUsers=true if realmd has providers Related: 1750516 appstream-data 8-20191129 - Regenerate the RHEL metadata to include the latest evince changes - Resolves: 1768461 clutter 1.26.2-8 - rebuild to get the new in 8.2.0 - plus address 1785233 evince 3.28.4-4 ...

8.8CVSS7.5AI score0.0207EPSS
Exploits2
Rows per page
Query Builder