Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Red Hat Enterprise Linux Number Of NVD 1711 CRITICAL 141 HIGH 603 MEDIUM 814 LOW 152
URL https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation Full support is 5.5 years from release.
Maintenance support (security updates only) is for 3.5 years.
After that, extended support is available for a fee.
Tag
  • Linux
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 https://access.redhat.com/ja/articles/16476
2 https://access.redhat.com/support/policy/updates/errata
3 https://access.redhat.com/articles/3078
4 https://access.redhat.com/security
5 https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
501 Red Hat Enterprise Linux 10.2 10.2 May 19, 2026 May 20, 2025 8 24 16 3
502 Red Hat Enterprise Linux 9 9.7 Nov. 11, 2025 May 17, 2022 10 140 183 18
503 Red Hat Enterprise Linux 8 8.10 May 22, 2024 May 7, 2019 May 30, 2029 49 327 454 51
504 Red Hat Enterprise Linux 7 7.9 Sept. 29, 2020 Dec. 11, 2013 Aug. 6, 2020 June 30, 2024 97 283 280 47
505 Red Hat Enterprise Linux 6 6.10 June 19, 2018 Nov. 9, 2010 May 10, 2022 Nov. 30, 2020 June 30, 2024 77 176 212 56
506 Red Hat Enterprise Linux 5 5.11 Sept. 16, 2014 March 15, 2007 March 31, 2017 Nov. 30, 2020 24 59 89 40
507 Red Hat Enterprise Linux 4 4.5 Feb. 29, 2012 March 31, 2017 5 30 29 16
508 Red Hat Enterprise Linux 3 3.0 0 33 44 17
509 Red Hat Enterprise Linux 2 2.1 Update 7 April 28, 2005 0 32 37 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
501 8.8
9.3
HIGH
Network
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into … CWE-78
OS Command 
CVE-2021-3621 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*
cpe:2.3:o:redhat:enterprise_linux…
2024-11-21 15:22
2021-12-24
Show GitHub Exploit DB Packet Storm
502 6.5
6.4
MEDIUM
Network
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` A… CWE-200
CWE-346
Information Exposure
 Origin Validation Error
CVE-2021-4024 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:36
2021-12-24
Show GitHub Exploit DB Packet Storm
503 7.8
6.8
HIGH
Local
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of… NVD-CWE-noinfo
CVE-2021-45463 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*
2024-11-21 15:32
2021-12-23
Show GitHub Exploit DB Packet Storm
504 7.0
4.4
HIGH
Local
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a s… CWE-362
Race Condition
CVE-2021-44733 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:31
2021-12-23
Show GitHub Exploit DB Packet Storm
505 7.8
6.8
HIGH
Local
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated b… CWE-787
 Out-of-bounds Write
CVE-2021-45078 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:31
2021-12-16
Show GitHub Exploit DB Packet Storm
506 7.5
6.0
HIGH
Network
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectio… CWE-502
 Deserialization of Untrusted Data
CVE-2021-4104 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*
cpe:2.3:o:redhat:enterprise_linux…
2024-11-21 15:36
2021-12-14
Show GitHub Exploit DB Packet Storm
507 9.1
6.4
CRITICAL
Network
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs pas… - CVE-2021-4048 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:36
2021-12-9
Show GitHub Exploit DB Packet Storm
508 4.2
6.3
MEDIUM
Local
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availabilit… - CVE-2021-3802 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:22
2021-11-30
Show GitHub Exploit DB Packet Storm
509 5.6
6.8
MEDIUM
Network
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Do… CWE-79
Cross-site Scripting
CVE-2021-3672 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.7:*
cpe:2.3:o:redhat:enterprise_linux…
2024-11-21 15:22
2021-11-24
Show GitHub Exploit DB Packet Storm
510 8.1
5.1
HIGH
Network
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate ver… CWE-295
Improper Certificate Validation 
CVE-2021-3935 cpe:2.3:o:redhat:enterprise_linux:7.0:* 2024-11-21 15:22
2021-11-23
Show GitHub Exploit DB Packet Storm