Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Red Hat Enterprise Linux Number Of NVD 1704 CRITICAL 140 HIGH 597 MEDIUM 814 LOW 152
URL https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation Full support is 5.5 years from release.
Maintenance support (security updates only) is for 3.5 years.
After that, extended support is available for a fee.
Tag
  • Linux
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 https://access.redhat.com/ja/articles/16476
2 https://access.redhat.com/support/policy/updates/errata
3 https://access.redhat.com/articles/3078
4 https://access.redhat.com/security
5 https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
151 Red Hat Enterprise Linux 10.2 10.2 May 19, 2026 May 20, 2025 7 18 16 3
152 Red Hat Enterprise Linux 9 9.7 Nov. 11, 2025 May 17, 2022 9 134 183 18
153 Red Hat Enterprise Linux 8 8.10 May 22, 2024 May 7, 2019 May 30, 2029 48 321 454 51
154 Red Hat Enterprise Linux 7 7.9 Sept. 29, 2020 Dec. 11, 2013 Aug. 6, 2020 June 30, 2024 96 277 280 47
155 Red Hat Enterprise Linux 6 6.10 June 19, 2018 Nov. 9, 2010 May 10, 2022 Nov. 30, 2020 June 30, 2024 76 170 212 56
156 Red Hat Enterprise Linux 5 5.11 Sept. 16, 2014 March 15, 2007 March 31, 2017 Nov. 30, 2020 24 59 89 40
157 Red Hat Enterprise Linux 4 4.5 Feb. 29, 2012 March 31, 2017 5 30 29 16
158 Red Hat Enterprise Linux 3 3.0 0 33 44 17
159 Red Hat Enterprise Linux 2 2.1 Update 7 April 28, 2005 0 32 37 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
151 6.1
-
MEDIUM
Network
The course upload preview contained an XSS risk for users uploading unsafe data. CWE-79
Cross-site Scripting
CVE-2023-5547 cpe:2.3:o:redhat:enterprise_linux:7.0:* 2024-11-21 17:41
2023-11-10
Show GitHub Exploit DB Packet Storm
152 5.4
-
MEDIUM
Network
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. CWE-79
Cross-site Scripting
CVE-2023-5546 cpe:2.3:o:redhat:enterprise_linux:7.0:* 2024-11-21 17:41
2023-11-10
Show GitHub Exploit DB Packet Storm
153 5.4
-
MEDIUM
Network
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. CWE-79
CWE-639
Cross-site Scripting
 Authorization Bypass Through User-Controlled Key
CVE-2023-5544 cpe:2.3:o:redhat:enterprise_linux:7.0:* 2024-11-21 17:41
2023-11-10
Show GitHub Exploit DB Packet Storm
154 6.4
-
MEDIUM
Local
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the … CWE-416
 Use After Free
CVE-2023-39198 cpe:2.3:o:redhat:enterprise_linux:9.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
2024-11-21 17:14
2023-11-10
Show GitHub Exploit DB Packet Storm
155 3.8
-
LOW
Physics
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to t… CWE-125
Out-of-bounds Read
CVE-2023-4535 cpe:2.3:o:redhat:enterprise_linux:9.0:* 2024-11-21 17:35
2023-11-7
Show GitHub Exploit DB Packet Storm
156 6.4
-
MEDIUM
Physics
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage … CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2023-40661 cpe:2.3:o:redhat:enterprise_linux:9.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
2024-11-21 17:19
2023-11-7
Show GitHub Exploit DB Packet Storm
157 6.6
-
MEDIUM
Physics
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-40660 cpe:2.3:o:redhat:enterprise_linux:9.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
2024-11-23 13:15
2023-11-7
Show GitHub Exploit DB Packet Storm
158 5.5
-
MEDIUM
Local
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service … CWE-755
 Improper Handling of Exceptional Conditions
CVE-2023-5090 cpe:2.3:o:redhat:enterprise_linux:9.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
2024-11-21 17:41
2023-11-6
Show GitHub Exploit DB Packet Storm
159 6.5
-
MEDIUM
Network
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be bloc… NVD-CWE-noinfo
CVE-2023-42669 cpe:2.3:o:redhat:enterprise_linux:9.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
2024-11-21 17:22
2023-11-6
Show GitHub Exploit DB Packet Storm
160 7.0
-
HIGH
Local
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, fo… CWE-662
 Improper Synchronization
CVE-2023-5088 cpe:2.3:o:redhat:enterprise_linux:9.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux…
2024-11-21 17:41
2023-11-3
Show GitHub Exploit DB Packet Storm