Software Detail

Software Informaton Top

Operating Systems

Software Detail

Red Hat Enterprise Linux

Number Of NVD

1680

CRITICAL

135

HIGH

590

MEDIUM

803

LOW

151

URL	https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation	Full support is 5.5 years from release. Maintenance support (security updates only) is for 3.5 years. After that, extended support is available for a fee.
Tag	Linux 商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://access.redhat.com/ja/articles/16476
2			https://access.redhat.com/support/policy/updates/errata
3			https://access.redhat.com/articles/3078
4			https://access.redhat.com/security
5			https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
31	Red Hat Enterprise Linux 9	9.7	Nov. 11, 2025	May 17, 2022				4	127	172	17
32	Red Hat Enterprise Linux 8	8.10	May 22, 2024	May 7, 2019	May 30, 2029			43	314	444	50
33	Red Hat Enterprise Linux 7	7.9	Sept. 29, 2020	Dec. 11, 2013	Aug. 6, 2020	June 30, 2024		91	270	270	46
34	Red Hat Enterprise Linux 6	6.10	June 19, 2018	Nov. 9, 2010	May 10, 2022	Nov. 30, 2020	June 30, 2024	72	169	210	55
35	Red Hat Enterprise Linux 5	5.11	Sept. 16, 2014	March 15, 2007	March 31, 2017		Nov. 30, 2020	24	59	89	40
36	Red Hat Enterprise Linux 4	4.5			Feb. 29, 2012		March 31, 2017	5	30	29	16
37	Red Hat Enterprise Linux 3	3.0						0	33	44	17
38	Red Hat Enterprise Linux 2	2.1 Update 7	April 28, 2005					0	32	37	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
31	7.5 -	HIGH Network	A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it…	CWE-22 Path Traversal	CVE-2024-12088	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

32	7.5 -	HIGH Network	A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even …	CWE-22 Path Traversal	CVE-2024-12087	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

33	6.8 -	MEDIUM Network	A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. D…	CWE-390 Detection of Error Condition Without Action	CVE-2024-12086	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

34	7.5 -	HIGH Network	A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checks…	CWE-908 Use of Uninitialized Resource	CVE-2024-12085	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2026-04-15 07:16 2025-01-15	Show	GitHub Exploit DB Packet Storm

35	5.3 -	MEDIUM Network	In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.	NVD-CWE-noinfo	CVE-2024-49395	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-14 22:33 2024-11-12	Show	GitHub Exploit DB Packet Storm

36	5.3 -	MEDIUM Network	In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original …	CWE-347 Improper Verification of Cryptographic Signature	CVE-2024-49394	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-14 22:38 2024-11-12	Show	GitHub Exploit DB Packet Storm

37	5.9 -	MEDIUM Network	In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of th…	CWE-347 Improper Verification of Cryptographic Signature	CVE-2024-49393	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-14 23:31 2024-11-12	Show	GitHub Exploit DB Packet Storm

38	7.8 -	HIGH Local	In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blind…	CWE-125 Out-of-bounds Read	CVE-2024-50074	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-9 01:15 2024-10-29	Show	GitHub Exploit DB Packet Storm

39	8.2 -	HIGH Network	A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw a…	CWE-59 Link Following	CVE-2024-9341	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*	2024-11-23 04:34 2024-10-2	Show	GitHub Exploit DB Packet Storm

40	5.5 -	MEDIUM Local	A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivi…	-	CVE-2024-8354	cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…	2024-11-21 18:53 2024-09-19	Show	GitHub Exploit DB Packet Storm