VYPR

rpm package

suse/himmelblau&distro=SUSE Linux Enterprise Server for SAP applications 16.0

pkg:rpm/suse/himmelblau&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Vulnerabilities (6)

  • CVE-2026-45108HigMay 27, 2026
    affected < 2.3.11+git1.116c6763-160000.1.1fixed 2.3.11+git1.116c6763-160000.1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to

  • CVE-2026-31979Mar 11, 2026
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_ without symlink protections. Since commit 87a51ee, PrivateTmp is explicitl

  • CVE-2026-25727Feb 6, 2026
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used

  • CVE-2025-59044MedSep 9, 2025
    affected < 0.9.23+git.0.9776141-160000.1.1fixed 0.9.23+git.0.9776141-160000.1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple

  • CVE-2025-58160LowAug 29, 2025
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i

  • CVE-2025-54882Aug 7, 2025
    affected < 2.3.8+git0.dec3693-160000.1.1fixed 2.3.8+git0.dec3693-160000.1.1

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and rece