304 matches found
CVE-2026-26148
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...
March 21, 2026—KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band
March 21, 2026—KB5085516 OS Builds 26200.8039 and 26100.8039 Out-of-band This out-of-band update for Windows 11, version 25H2 and 24H2 KB5085516 is cumulative. It includes updates from previous security and non-security releases, along with an additional fix. To learn more about differences...
EUVD-2026-11332
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
EUVD-2026-11321
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
Himmelblau 安全漏洞
Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that authentication was not limited by tenant domains, allowing for attempts at...
Himmelblau 后置链接漏洞
Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 and 2.3.8 had a post-link vulnerability, which was due to insufficient protection for symbolic links, potentially allowing local privilege escalation...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...
EUVD-2026-10702
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...
CVE-2026-26148
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...
CVE-2026-26148
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...
CVE-2026-26148
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...
Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...
Microsoft Azure Entra ID 安全漏洞
Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There are security vulnerabilities associated with Microsoft Azure Entra ID. Attackers can exploit these vulnerabilities to gain higher levels of access...
PT-2026-24338
Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description An issue exists in Azure Entra ID where external initialization of trusted variables or data stores can allow an unauthorized attacker to elevate privileges locally. Recommendations At...
CVE-2026-3224
Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...
EUVD-2026-9338
Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...
CVE-2026-3224
Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...
CVE-2026-3224
Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...
CVE-2026-3224
Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...