Christoph Anton Mitterer

**Name of the Vulnerable Software and Affected Versions** libvirt versions prior to 2.0.0 **Description** The issue allows remote attackers to bypass authentication and establish a VNC session by connecting to the server when the password on a VNC server is set to an empty string. **Recommendations** For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider setting a non-empty password for the VNC server to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** maildrop versions 2.3.0 and earlier **Description** The issue allows local users to gain privileges via a crafted .mailfilter file in a user's home directory. This occurs when maildrop is run by root with the -d option, as it uses the gid of root for execution of the .mailfilter file. **Recommendations** For versions 2.3.0 and earlier, consider restricting access to the .mailfilter file to prevent exploitation until a fix is available. As a temporary workaround, avoid running maildrop with the -d option as root to minimize the risk of privilege escalation.