VYPR

rpm package

opensuse/himmelblau&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/himmelblau&distro=openSUSE%20Leap%2016.0

Vulnerabilities (5)

  • CVE-2026-31979Mar 11, 2026
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_ without symlink protections. Since commit 87a51ee, PrivateTmp is explicitl

  • CVE-2026-25727Feb 6, 2026
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used

  • CVE-2025-59044MedSep 9, 2025
    affected < 0.9.23+git.0.9776141-160000.1.1fixed 0.9.23+git.0.9776141-160000.1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple

  • CVE-2025-58160LowAug 29, 2025
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i

  • CVE-2025-54882Aug 7, 2025
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and rece