Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Red Hat Enterprise Linux Number Of NVD 1711 CRITICAL 141 HIGH 603 MEDIUM 814 LOW 152
URL https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation Full support is 5.5 years from release.
Maintenance support (security updates only) is for 3.5 years.
After that, extended support is available for a fee.
Tag
  • Linux
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 https://access.redhat.com/ja/articles/16476
2 https://access.redhat.com/support/policy/updates/errata
3 https://access.redhat.com/articles/3078
4 https://access.redhat.com/security
5 https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
491 Red Hat Enterprise Linux 10.2 10.2 May 19, 2026 May 20, 2025 8 24 16 3
492 Red Hat Enterprise Linux 9 9.7 Nov. 11, 2025 May 17, 2022 10 140 183 18
493 Red Hat Enterprise Linux 8 8.10 May 22, 2024 May 7, 2019 May 30, 2029 49 327 454 51
494 Red Hat Enterprise Linux 7 7.9 Sept. 29, 2020 Dec. 11, 2013 Aug. 6, 2020 June 30, 2024 97 283 280 47
495 Red Hat Enterprise Linux 6 6.10 June 19, 2018 Nov. 9, 2010 May 10, 2022 Nov. 30, 2020 June 30, 2024 77 176 212 56
496 Red Hat Enterprise Linux 5 5.11 Sept. 16, 2014 March 15, 2007 March 31, 2017 Nov. 30, 2020 24 59 89 40
497 Red Hat Enterprise Linux 4 4.5 Feb. 29, 2012 March 31, 2017 5 30 29 16
498 Red Hat Enterprise Linux 3 3.0 0 33 44 17
499 Red Hat Enterprise Linux 2 2.1 Update 7 April 28, 2005 0 32 37 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
491 8.8
7.2
HIGH
Local
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation b… CWE-416
 Use After Free
CVE-2021-4154 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:37
2022-02-5
Show GitHub Exploit DB Packet Storm
492 7.8
7.2
HIGH
Local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users accor… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write
CVE-2021-4034 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:36
2022-01-29
Show GitHub Exploit DB Packet Storm
493 6.5
4.9
MEDIUM
Local
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's no… CWE-476
 NULL Pointer Dereference
CVE-2021-4145 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:36
2022-01-26
Show GitHub Exploit DB Packet Storm
494 7.8
7.2
HIGH
Local
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. CWE-787
 Out-of-bounds Write
CVE-2021-45417 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*
cpe:2.3:o:redhat:enterprise_linux…
2024-11-21 15:32
2022-01-21
Show GitHub Exploit DB Packet Storm
495 6.5
4.0
MEDIUM
Network
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last… CWE-22
Path Traversal
CVE-2022-21682 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:45
2022-01-14
Show GitHub Exploit DB Packet Storm
496 8.6
6.8
HIGH
Local
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at i… CWE-276
Incorrect Default Permissions 
CVE-2021-43860 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:29
2022-01-13
Show GitHub Exploit DB Packet Storm
497 7.5
5.0
HIGH
Network
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CWE-565
 Reliance on Cookies without Validation and Integrity Checking
CVE-2021-41819 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:26
2022-01-1
Show GitHub Exploit DB Packet Storm
498 7.5
5.0
HIGH
Network
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CWE-1333
 Inefficient Regular Expression Complexity
CVE-2021-41817 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*
2024-11-21 15:26
2022-01-1
Show GitHub Exploit DB Packet Storm
499 7.1
5.8
HIGH
Local
vim is vulnerable to Out-of-bounds Read - CVE-2021-4166 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:37
2021-12-26
Show GitHub Exploit DB Packet Storm
500 4.3
4.3
MEDIUM
Network
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function… - CVE-2021-3622 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux…
2024-11-21 15:22
2021-12-24
Show GitHub Exploit DB Packet Storm