| Red Hat Enterprise Linux | Number Of NVD | 1680 | CRITICAL | 135 | HIGH | 590 | MEDIUM | 803 | LOW | 151 |
| URL | https://www.redhat.com/technologies/linux-platforms/enterprise-linux | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | Full support is 5.5 years from release. Maintenance support (security updates only) is for 3.5 years. After that, extended support is available for a fee. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://access.redhat.com/ja/articles/16476 | ||
| 2 | https://access.redhat.com/support/policy/updates/errata | ||
| 3 | https://access.redhat.com/articles/3078 | ||
| 4 | https://access.redhat.com/security | ||
| 5 | https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Red Hat Enterprise Linux 9 | 9.7 | Nov. 11, 2025 | May 17, 2022 | 4 | 127 | 172 | 17 | |||
| 2 | Red Hat Enterprise Linux 8 | 8.10 | May 22, 2024 | May 7, 2019 | May 30, 2029 | 43 | 314 | 444 | 50 | ||
| 3 | Red Hat Enterprise Linux 7 | 7.9 | Sept. 29, 2020 | Dec. 11, 2013 | Aug. 6, 2020 | June 30, 2024 | 91 | 270 | 270 | 46 | |
| 4 | Red Hat Enterprise Linux 6 | 6.10 | June 19, 2018 | Nov. 9, 2010 | May 10, 2022 | Nov. 30, 2020 | June 30, 2024 | 72 | 169 | 210 | 55 |
| 5 | Red Hat Enterprise Linux 5 | 5.11 | Sept. 16, 2014 | March 15, 2007 | March 31, 2017 | Nov. 30, 2020 | 24 | 59 | 89 | 40 | |
| 6 | Red Hat Enterprise Linux 4 | 4.5 | Feb. 29, 2012 | March 31, 2017 | 5 | 30 | 29 | 16 | |||
| 7 | Red Hat Enterprise Linux 3 | 3.0 | 0 | 33 | 44 | 17 | |||||
| 8 | Red Hat Enterprise Linux 2 | 2.1 Update 7 | April 28, 2005 | 0 | 32 | 37 | 6 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 |
5.5 - |
MEDIUM
Local |
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre… |
CWE-434
Unrestricted Upload of File with Dangerous Type |
CVE-2026-5704 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-23 05:08 2026-04-7 |
Show | GitHub Exploit DB Packet Storm | ||||
| 2 |
7.5 - |
HIGH
Network |
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) pac… |
CWE-190
Integer Overflow or Wraparound |
CVE-2026-35092 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-8 01:35 2026-04-1 |
Show | GitHub Exploit DB Packet Storm | ||||
| 3 |
8.2 - |
HIGH
Network |
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User… |
CWE-253
Incorrect Check of Function Return Value |
CVE-2026-35091 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-8 01:34 2026-04-1 |
Show | GitHub Exploit DB Packet Storm | ||||
| 4 |
9.8 - |
CRITICAL
Network |
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially c… |
CWE-190
Integer Overflow or Wraparound |
CVE-2026-5121 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-23 16:16 2026-03-30 |
Show | GitHub Exploit DB Packet Storm | ||||
| 5 |
7.5 - |
HIGH
Network |
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters se… Update |
CWE-824
Access of Uninitialized Pointer |
CVE-2026-2100 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:10.0:* |
2026-04-25 11:16 2026-03-27 |
Show | GitHub Exploit DB Packet Storm | ||||
| 6 |
3.1 - |
LOW
Network |
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listin… |
CWE-476
NULL Pointer Dereference |
CVE-2026-0968 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:10.0:* |
2026-04-14 05:15 2026-03-27 |
Show | GitHub Exploit DB Packet Storm | ||||
| 7 |
8.2 - |
HIGH
Network |
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a … |
CWE-825
Expired Pointer Dereference |
CVE-2026-2436 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-22 00:48 2026-03-27 |
Show | GitHub Exploit DB Packet Storm | ||||
| 8 |
5.5 - |
MEDIUM
Local |
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unboun… |
CWE-770
Allocation of Resources Without Limits or Throttling |
CVE-2026-4897 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-22 01:29 2026-03-27 |
Show | GitHub Exploit DB Packet Storm | ||||
| 9 |
7.8 - |
HIGH
Local |
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. T… |
CWE-190
Integer Overflow or Wraparound |
CVE-2026-4775 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-22 01:34 2026-03-25 |
Show | GitHub Exploit DB Packet Storm | ||||
| 10 |
7.5 - |
HIGH
Network |
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes paramet… |
CWE-770
Allocation of Resources Without Limits or Throttling |
CVE-2026-3260 |
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux… |
2026-04-9 04:11 2026-03-24 |
Show | GitHub Exploit DB Packet Storm |