rpm package
opensuse/himmelblau&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/himmelblau&distro=openSUSE%20Leap%2016.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-31979 | — | < 2.3.8+git0.dec3693-160000.1.1 | 2.3.8+git0.dec3693-160000.1.1 | Mar 11, 2026 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_ without symlink protections. Since commit 87a51ee, PrivateTmp is explicitl | ||
| CVE-2026-25727 | — | < 2.3.8+git0.dec3693-160000.1.1 | 2.3.8+git0.dec3693-160000.1.1 | Feb 6, 2026 | time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used | ||
| CVE-2025-59044 | Med | 4.4 | < 0.9.23+git.0.9776141-160000.1.1 | 0.9.23+git.0.9776141-160000.1.1 | Sep 9, 2025 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple | |
| CVE-2025-58160 | Low | — | < 2.3.8+git0.dec3693-160000.1.1 | 2.3.8+git0.dec3693-160000.1.1 | Aug 29, 2025 | tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i | |
| CVE-2025-54882 | — | < 2.3.8+git0.dec3693-160000.1.1 | 2.3.8+git0.dec3693-160000.1.1 | Aug 7, 2025 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and rece |
- CVE-2026-31979Mar 11, 2026affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_ without symlink protections. Since commit 87a51ee, PrivateTmp is explicitl
- CVE-2026-25727Feb 6, 2026affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used
- affected < 0.9.23+git.0.9776141-160000.1.1fixed 0.9.23+git.0.9776141-160000.1.1
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple
- affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i
- CVE-2025-54882Aug 7, 2025affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and rece