Software Detail

Software Informaton Top

Operating Systems

Software Detail

Red Hat Enterprise Linux

Number Of NVD

1680

CRITICAL

135

HIGH

590

MEDIUM

803

LOW

151

URL	https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation	Full support is 5.5 years from release. Maintenance support (security updates only) is for 3.5 years. After that, extended support is available for a fee.
Tag	商用ライセンス有り Linux

Add Information URL

No	Type	Name	URL
1			https://access.redhat.com/ja/articles/16476
2			https://access.redhat.com/support/policy/updates/errata
3			https://access.redhat.com/articles/3078
4			https://access.redhat.com/security
5			https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
131	Red Hat Enterprise Linux 9	9.7	Nov. 11, 2025	May 17, 2022				4	127	172	17
132	Red Hat Enterprise Linux 8	8.10	May 22, 2024	May 7, 2019	May 30, 2029			43	314	444	50
133	Red Hat Enterprise Linux 7	7.9	Sept. 29, 2020	Dec. 11, 2013	Aug. 6, 2020	June 30, 2024		91	270	270	46
134	Red Hat Enterprise Linux 6	6.10	June 19, 2018	Nov. 9, 2010	May 10, 2022	Nov. 30, 2020	June 30, 2024	72	169	210	55
135	Red Hat Enterprise Linux 5	5.11	Sept. 16, 2014	March 15, 2007	March 31, 2017		Nov. 30, 2020	24	59	89	40
136	Red Hat Enterprise Linux 4	4.5			Feb. 29, 2012		March 31, 2017	5	30	29	16
137	Red Hat Enterprise Linux 3	3.0						0	33	44	17
138	Red Hat Enterprise Linux 2	2.1 Update 7	April 28, 2005					0	32	37	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
131	3.8 -	LOW Physics	An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to t…	CWE-125 Out-of-bounds Read	CVE-2023-4535	cpe:2.3:o:redhat:enterprise_linux:9.0:*	2024-11-21 17:35 2023-11-7	Show	GitHub Exploit DB Packet Storm

132	6.4 -	MEDIUM Physics	Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2023-40661	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 17:19 2023-11-7	Show	GitHub Exploit DB Packet Storm

133	6.6 -	MEDIUM Physics	A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2023-40660	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-23 13:15 2023-11-7	Show	GitHub Exploit DB Packet Storm

134	5.5 -	MEDIUM Local	A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service …	CWE-755 Improper Handling of Exceptional Conditions	CVE-2023-5090	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 17:41 2023-11-6	Show	GitHub Exploit DB Packet Storm

135	6.5 -	MEDIUM Network	A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be bloc…	NVD-CWE-noinfo	CVE-2023-42669	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 17:22 2023-11-6	Show	GitHub Exploit DB Packet Storm

136	7.0 -	HIGH Local	A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, fo…	CWE-662 Improper Synchronization	CVE-2023-5088	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…	2024-11-21 17:41 2023-11-3	Show	GitHub Exploit DB Packet Storm

137	9.8 -	CRITICAL Network	A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect S…	CWE-22 Path Traversal	CVE-2023-3961	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 17:18 2023-11-3	Show	GitHub Exploit DB Packet Storm

138	7.0 -	HIGH Local	A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local u…	CWE-416 Use After Free	CVE-2023-1476	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 16:39 2023-11-3	Show	GitHub Exploit DB Packet Storm

139	7.5 -	HIGH Network	A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum s…	CWE-755 Improper Handling of Exceptional Conditions	CVE-2023-5824	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…	2024-11-21 17:42 2023-11-3	Show	GitHub Exploit DB Packet Storm

140	6.5 -	MEDIUM Network	A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignor…	CWE-276 Incorrect Default Permissions	CVE-2023-4091	cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-21 17:34 2023-11-3	Show	GitHub Exploit DB Packet Storm