Software Detail

Software Informaton Top

Operating Systems

Software Detail

Red Hat Enterprise Linux

Number Of NVD

1701

CRITICAL

140

HIGH

597

MEDIUM

812

LOW

151

URL	https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation	Full support is 5.5 years from release. Maintenance support (security updates only) is for 3.5 years. After that, extended support is available for a fee.
Tag	Linux 商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://access.redhat.com/ja/articles/16476
2			https://access.redhat.com/support/policy/updates/errata
3			https://access.redhat.com/articles/3078
4			https://access.redhat.com/security
5			https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
51	Red Hat Enterprise Linux 9	9.7	Nov. 11, 2025	May 17, 2022				9	134	181	17
52	Red Hat Enterprise Linux 8	8.10	May 22, 2024	May 7, 2019	May 30, 2029			48	321	452	50
53	Red Hat Enterprise Linux 7	7.9	Sept. 29, 2020	Dec. 11, 2013	Aug. 6, 2020	June 30, 2024		96	277	278	46
54	Red Hat Enterprise Linux 6	6.10	June 19, 2018	Nov. 9, 2010	May 10, 2022	Nov. 30, 2020	June 30, 2024	76	170	210	55
55	Red Hat Enterprise Linux 5	5.11	Sept. 16, 2014	March 15, 2007	March 31, 2017		Nov. 30, 2020	24	59	89	40
56	Red Hat Enterprise Linux 4	4.5			Feb. 29, 2012		March 31, 2017	5	30	29	16
57	Red Hat Enterprise Linux 3	3.0						0	33	44	17
58	Red Hat Enterprise Linux 2	2.1 Update 7	April 28, 2005					0	32	37	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
51	6.8 -	MEDIUM Network	A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occur…	-	CVE-2025-26465	cpe:2.3:o:redhat:enterprise_linux:9.0:*	2025-03-6 03:54 2025-02-19	Show	GitHub Exploit DB Packet Storm

52	7.5 -	HIGH Network	A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it…	CWE-22 Path Traversal	CVE-2024-12088	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

53	7.5 -	HIGH Network	A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even …	CWE-22 Path Traversal	CVE-2024-12087	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

54	6.8 -	MEDIUM Network	A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. D…	CWE-390 Detection of Error Condition Without Action	CVE-2024-12086	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

55	7.5 -	HIGH Network	A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checks…	CWE-908 Use of Uninitialized Resource	CVE-2024-12085	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

56	5.3 -	MEDIUM Network	In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.	NVD-CWE-noinfo	CVE-2024-49395	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-14 22:33 2024-11-12	Show	GitHub Exploit DB Packet Storm

57	5.3 -	MEDIUM Network	In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original …	CWE-347 Improper Verification of Cryptographic Signature	CVE-2024-49394	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-14 22:38 2024-11-12	Show	GitHub Exploit DB Packet Storm

58	5.9 -	MEDIUM Network	In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of th…	CWE-347 Improper Verification of Cryptographic Signature	CVE-2024-49393	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-14 23:31 2024-11-12	Show	GitHub Exploit DB Packet Storm

59	7.8 -	HIGH Local	In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blind…	CWE-125 Out-of-bounds Read	CVE-2024-50074	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-9 01:15 2024-10-29	Show	GitHub Exploit DB Packet Storm

60	8.2 -	HIGH Network	A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw a…	CWE-59 Link Following	CVE-2024-9341	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-23 04:34 2024-10-2	Show	GitHub Exploit DB Packet Storm