1274 matches found
CVE-2026-44681
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...
CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
CVE-2026-45108
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
CVE-2026-45108
Himmelblau (interoperability suite for Microsoft Azure Entra ID and Intune) contains an authentication bypass in the Device Authorization Grant (DAG) flow for versions 2.0.0–3.1.4 and 2.3.0–2.3.10. The root cause is in token_validate, which verified domain aliases but did not ensure the authentic...
EUVD-2026-32633
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
PT-2026-44079
Name of the Vulnerable Software and Affected Versions Himmelblau versions 2.0.0 through 3.1.4 Himmelblau versions prior to 2.3.11 Description An authentication bypass exists in the Device Authorization Grant DAG flow, which is a process allowing devices with limited input capabilities to be...
Security update for xen
This update for xen fixes the following issues CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant tabl...
SUSE-SU-2026:2066-1 Security update for xen
This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558:...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: Do not leak snaprwsem when handlecapgrant is called on an IMPORT operation. When handlecapgrant is called on an IMPORT operation, the snaprwsem resource is held, and the function is expected to release it before returning...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: xen: Speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to...
Astra Linux – Vulnerability in Linux 5.10, Linux
Linux block and network PV device frontends do not zero memory regions before sharing them with the backend CVE-2022-26365, CVE-2022-33740. Additionally, the granularity of the grant table does not allow sharing smaller than a 4K page, resulting in unrelated data residing in the same 4K page as...
Astra Linux – Vulnerability in Linux 5.10, Linux
Linux block and network PV device frontends do not zero memory regions before sharing them with the backend CVE-2022-26365, CVE-2022-33740. Additionally, the granularity of the grant table does not allow sharing smaller than a 4K page, resulting in unrelated data residing in the same 4K page as...