Threats Tagged 'cve-2026-35387'

Red Hat Discovery is a tool used to inspect and report environment data such as system counts, operating systems, and configuration details within a network. The advisory references multiple CVEs including CVE-2025-62718 affecting Red Hat Discovery and related products. The vendor advisory does not indicate any available fixes or patches for these vulnerabilities as of the publication date. No known exploits are reported in the wild. The severity is assessed as high based on the advisory metadata, but detailed impact specifics are not provided. The advisory suggests installing containers via discovery-installer RPM but does not explicitly state this as a remediation for the vulnerabilities. No geographic targeting is indicated. Patch status is not confirmed; users should consult the official Red Hat advisory for updates.

Multiple security vulnerabilities have been identified in OpenSSH as used in Red Hat Enterprise Linux 9. 6 Extended Update Support. These include privilege escalation via the scp legacy protocol, security bypass through mishandling of the authorized_keys principals option, information disclosure from unintended cryptographic algorithm usage, low integrity impact from unconfirmed proxy-mode multiplexing sessions, and arbitrary command execution via shell metacharacters in usernames. Red Hat has issued an important security advisory addressing these issues with updated OpenSSH packages. The vulnerabilities affect various architectures including x86_64, s390x, ppc64le, and aarch64. The update is rated as important by Red Hat Product Security and is available for affected systems. Users should apply the update as per Red Hat's guidance to remediate these vulnerabilities.

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.