CVE-2016-5008
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5008
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5008.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-5008
- Downstream
- Related
- Published
- 2016-07-13T15:59:05.873Z
- Modified
- 2025-11-14T04:41:02.004235Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
- References
-
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html
- http://www.securityfocus.com/bid/91562
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/
- https://usn.ubuntu.com/3576-1/
- http://rhn.redhat.com/errata/RHSA-2016-2577.html
- http://security.libvirt.org/2016/0001.html
- http://www.debian.org/security/2016/dsa-3613
- https://bugzilla.redhat.com/show_bug.cgi?id=1180092
Affected packages
Git / github.com/libvirt/libvirt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libvirt/libvirt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
CVE-2011-1146
CVE-2011-1486
CVE-2011-2178
CVE-2012-3411
CVE-2012-3445
CVE-2012-4423
CVE-2013-0170
CVE-2013-1962
CVE-2013-2218
CVE-2013-2230
CVE-2013-4153
CVE-2013-4154
CVE-2013-4239
CVE-2013-4291
CVE-2013-4292
CVE-2013-4296
CVE-2013-4297
CVE-2013-4311
CVE-2013-4399
CVE-2013-4400-1
CVE-2013-4400-2
CVE-2013-4400-3
CVE-2013-4401
CVE-2013-5651
CVE-2013-6436
CVE-2013-6457
CVE-2013-6458-1
CVE-2013-6458-2
CVE-2013-6458-3
CVE-2013-6458-4
CVE-2013-7336
CVE-2014-0028
CVE-2014-0179
CVE-2014-1447-1
CVE-2014-1447-2
CVE-2014-3633
CVE-2014-3657
CVE-2014-7823
CVE-2014-8131-1
CVE-2014-8131-2
CVE-2014-8135
CVE-2014-8136
CVE-2015-0236-1
CVE-2015-0236-2
CVE-2015-5247-1
CVE-2015-5247-2
CVE-2015-5247-3
CVE-2015-5313
LIBVIRT_0_0_3
LIBVIRT_0_0_4
LIBVIRT_0_0_5
LIBVIRT_0_1_0
LIBVIRT_0_1_1
LIBVIRT_0_1_10
LIBVIRT_0_1_11
LIBVIRT_0_1_3
LIBVIRT_0_1_4
LIBVIRT_0_1_6
LIBVIRT_0_1_7
LIBVIRT_0_1_8
LIBVIRT_0_1_9
LIBVIRT_0_2_0
LIBVIRT_0_2_1
LIBVIRT_0_2_2
LIBVIRT_0_3_0
LIBVIRT_0_3_1
LIBVIRT_0_3_2
LIBVIRT_0_3_3
LIBVIRT_0_4_1
LIBVIRT_0_4_2
LIBVIRT_0_4_4
LIBVIRT_0_4_6
LIBVIRT_0_5_0
LIBVIRT_0_5_1
LIBVIRT_0_6_0
LIBVIRT_0_6_1
LIBVIRT_0_6_2
LIBVIRT_0_6_3
LIBVIRT_0_6_4
LIBVIRT_0_6_5
LIBVIR_0_0_1
LIBVIR_0_0_2
LIVIRT_0_2_3
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.1.0
v0.1.1
v0.1.10
v0.1.11
v0.1.3
v0.1.4
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.10.0
v0.10.0-rc0
v0.10.0-rc1
v0.10.0-rc2
v0.10.1
v0.10.2
v0.10.2-rc1
v0.10.2-rc2
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.1
v0.4.2
v0.4.4
v0.4.6
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.9.0
v0.9.1
v0.9.10
v0.9.10-rc1
v0.9.10-rc2
v0.9.11
v0.9.11-rc1
v0.9.11-rc2
v0.9.12
v0.9.12-rc1
v0.9.12-rc2
v0.9.13
v0.9.13-rc1
v0.9.13-rc2
v0.9.2
v0.9.3
v0.9.3-rc1
v0.9.3-rc2
v0.9.4
v0.9.4-rc1
v0.9.4-rc2
v0.9.5
v0.9.5-rc1
v0.9.5-rc2
v0.9.5-rc3
v0.9.6
v0.9.7
v0.9.7-rc1
v0.9.8
v0.9.8-rc1
v0.9.8-rc2
v0.9.9
v0.9.9-rc1
v0.9.9-rc2
v1.*
v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.1
v1.0.1-rc1
v1.0.1-rc2
v1.0.2
v1.0.2-rc1
v1.0.2-rc2
v1.0.3
v1.0.3-rc1
v1.0.3-rc2
v1.0.4
v1.0.4-rc1
v1.0.4-rc2
v1.0.5
v1.0.5-rc1
v1.0.6
v1.0.6-rc1
v1.0.6-rc2
v1.1.0
v1.1.0-rc1
v1.1.0-rc2
v1.1.1
v1.1.1-rc1
v1.1.1-rc2
v1.1.2
v1.1.2-rc1
v1.1.2-rc2
v1.1.3
v1.1.3-rc1
v1.1.3-rc2
v1.1.4
v1.1.4-rc1
v1.1.4-rc2
v1.2.0
v1.2.0-rc1
v1.2.0-rc2
v1.2.1
v1.2.1-rc1
v1.2.1-rc2
v1.2.10
v1.2.10-rc1
v1.2.10-rc2
v1.2.11
v1.2.11-rc1
v1.2.11-rc2
v1.2.12
v1.2.12-rc1
v1.2.12-rc2
v1.2.13
v1.2.13-rc1
v1.2.13-rc2
v1.2.14
v1.2.14-rc1
v1.2.14-rc2
v1.2.15
v1.2.15-rc1
v1.2.15-rc2
v1.2.16
v1.2.16-rc1
v1.2.16-rc2
v1.2.17
v1.2.17-rc1
v1.2.17-rc2
v1.2.18
v1.2.18-rc1
v1.2.18-rc2
v1.2.19
v1.2.19-rc1
v1.2.19-rc2
v1.2.2
v1.2.2-rc1
v1.2.2-rc2
v1.2.20
v1.2.20-rc1
v1.2.20-rc2
v1.2.21
v1.2.21-rc1
v1.2.21-rc2
v1.2.3
v1.2.3-rc1
v1.2.3-rc2
v1.2.4
v1.2.4-rc1
v1.2.4-rc2
v1.2.5
v1.2.5-rc1
v1.2.5-rc2
v1.2.6
v1.2.6-rc1
v1.2.6-rc2
v1.2.7
v1.2.7-rc1
v1.2.7-rc2
v1.2.8
v1.2.8-rc1
v1.2.8-rc2
v1.2.9
v1.2.9-rc1
v1.2.9-rc2
v1.3.0
v1.3.0-rc1
v1.3.0-rc2
v1.3.1
v1.3.1-rc1
v1.3.1-rc2
v1.3.2
v1.3.2-rc1
v1.3.2-rc2
v1.3.3
v1.3.3-rc1
v1.3.3-rc2
v1.3.4
v1.3.4-rc1
v1.3.4-rc2
v1.3.5
v1.3.5-rc1