VYPR

rpm package

opensuse/himmelblau&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/himmelblau&distro=openSUSE%20Tumbleweed

Vulnerabilities (7)

  • CVE-2026-34397MedApr 1, 2026
    affected < 2.3.9+git0.a9fd29b-1.1fixed 2.3.9+git0.a9fd29b-1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelb

  • CVE-2026-31979Mar 11, 2026
    affected < 2.3.8+git0.dec3693-1.1fixed 2.3.8+git0.dec3693-1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_ without symlink protections. Since commit 87a51ee, PrivateTmp is explicitl

  • CVE-2026-25727Feb 6, 2026
    affected < 2.3.5+git0.9dd526c-1.1fixed 2.3.5+git0.9dd526c-1.1

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used

  • CVE-2025-58160LowAug 29, 2025
    affected < 1.2.2+git.0.2d04bca-1.1fixed 1.2.2+git.0.2d04bca-1.1

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i

  • CVE-2025-54882Aug 7, 2025
    affected < 1.2.0+git.0.6befefc-1.1fixed 1.2.0+git.0.6befefc-1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and rece

  • CVE-2025-53013MedJun 26, 2025
    affected < 0.9.17+git.0.4a97692-1.1fixed 0.9.17+git.0.4a97692-1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user

  • CVE-2024-11738Dec 6, 2024
    affected < 0.7.7+git.0.b48d0bb-1.1fixed 0.7.7+git.0.b48d0bb-1.1

    A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.