Software Detail

Software Informaton Top

Operating Systems

Software Detail

Red Hat Enterprise Linux

Number Of NVD

1680

CRITICAL

135

HIGH

590

MEDIUM

803

LOW

151

URL	https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation	Full support is 5.5 years from release. Maintenance support (security updates only) is for 3.5 years. After that, extended support is available for a fee.
Tag	商用ライセンス有り Linux

Add Information URL

No	Type	Name	URL
1			https://access.redhat.com/ja/articles/16476
2			https://access.redhat.com/support/policy/updates/errata
3			https://access.redhat.com/articles/3078
4			https://access.redhat.com/security
5			https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
1001	Red Hat Enterprise Linux 9	9.7	Nov. 11, 2025	May 17, 2022				4	127	172	17
1002	Red Hat Enterprise Linux 8	8.10	May 22, 2024	May 7, 2019	May 30, 2029			43	314	444	50
1003	Red Hat Enterprise Linux 7	7.9	Sept. 29, 2020	Dec. 11, 2013	Aug. 6, 2020	June 30, 2024		91	270	270	46
1004	Red Hat Enterprise Linux 6	6.10	June 19, 2018	Nov. 9, 2010	May 10, 2022	Nov. 30, 2020	June 30, 2024	72	169	210	55
1005	Red Hat Enterprise Linux 5	5.11	Sept. 16, 2014	March 15, 2007	March 31, 2017		Nov. 30, 2020	24	59	89	40
1006	Red Hat Enterprise Linux 4	4.5			Feb. 29, 2012		March 31, 2017	5	30	29	16
1007	Red Hat Enterprise Linux 3	3.0						0	33	44	17
1008	Red Hat Enterprise Linux 2	2.1 Update 7	April 28, 2005					0	32	37	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
1001	7.5 5.0	HIGH Network	An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame …	CWE-125 Out-of-bounds Read	CVE-2018-20615	cpe:2.3:o:redhat:enterprise_linux:7.6:* cpe:2.3:o:redhat:enterprise_linux:7.5:* cpe:2.3:o:redhat:enterprise_linux…	2024-11-21 13:01 2019-03-22	Show	GitHub Exploit DB Packet Storm

1002	7.5 5.0	HIGH Network	Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated atta…	-	CVE-2019-3816	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 13:42 2019-03-15	Show	GitHub Exploit DB Packet Storm

1003	6.1 4.3	MEDIUM Network	An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by …	CWE-93 CRLF Injection	CVE-2019-9741	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 13:52 2019-03-13	Show	GitHub Exploit DB Packet Storm

1004	9.8 5.0	CRITICAL Network	Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (cr…	NVD-CWE-noinfo	CVE-2019-9636	cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.5:*	2024-11-21 13:52 2019-03-9	Show	GitHub Exploit DB Packet Storm

1005	5.5 4.9	MEDIUM Local	In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SM…	CWE-476 NULL Pointer Dereference	CVE-2019-9213	cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:*	2024-11-21 13:51 2019-03-6	Show	GitHub Exploit DB Packet Storm

1006	9.8 7.5	CRITICAL Network	In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspec…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2018-20784	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 13:02 2019-02-23	Show	GitHub Exploit DB Packet Storm

1007	9.8 7.5	CRITICAL Network	SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.	CWE-89 SQL Injection	CVE-2019-7164	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 13:47 2019-02-20	Show	GitHub Exploit DB Packet Storm

1008	7.8 7.2	HIGH Local	In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.	CWE-416 Use After Free	CVE-2019-8912	cpe:2.3:o:redhat:enterprise_linux:7.0:*	2024-11-21 13:50 2019-02-19	Show	GitHub Exploit DB Packet Storm

1009	8.1 6.8	HIGH Network	In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.	CWE-362 CWE-416 Race Condition Use After Free	CVE-2019-6974	cpe:2.3:o:redhat:enterprise_linux:7.0:*	2024-11-21 13:47 2019-02-16	Show	GitHub Exploit DB Packet Storm

1010	8.6 9.3	HIGH Local	runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to e…	CWE-78 OS Command	CVE-2019-5736	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 13:45 2019-02-12	Show	GitHub Exploit DB Packet Storm