VDB
GCVE-110-MAGEIA-2016-248
GCVE-110-MAGEIA-2016-248
Advisory Published
Updated libvirt packages fix security vulnerability:
Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC
password does not work as documented in Libvirt, a virtualisation abstraction
library. When the password on a VNC server is set to the empty string,
authentication on the VNC server will be disabled, allowing any user to connect,
despite the documentation declaring that setting an empty password for the VNC
server prevents all client connections. With this update the behaviour is
enforced by setting the password expiration to "now" (CVE-2016-5008).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libvirt | 1.2.9.3-1.4.mga5 (unaffected), 0 (affected) | — |
Aliases
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.