Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Red Hat Enterprise Linux Number Of NVD 1680 CRITICAL 135 HIGH 590 MEDIUM 803 LOW 151
URL https://www.redhat.com/technologies/linux-platforms/enterprise-linux
Explanation Full support is 5.5 years from release.
Maintenance support (security updates only) is for 3.5 years.
After that, extended support is available for a fee.
Tag
  • 商用ライセンス有り
  • Linux
Add Information URL
No Type Name URL
1 https://access.redhat.com/ja/articles/16476
2 https://access.redhat.com/support/policy/updates/errata
3 https://access.redhat.com/articles/3078
4 https://access.redhat.com/security
5 https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
461 Red Hat Enterprise Linux 9 9.7 Nov. 11, 2025 May 17, 2022 4 127 172 17
462 Red Hat Enterprise Linux 8 8.10 May 22, 2024 May 7, 2019 May 30, 2029 43 314 444 50
463 Red Hat Enterprise Linux 7 7.9 Sept. 29, 2020 Dec. 11, 2013 Aug. 6, 2020 June 30, 2024 91 270 270 46
464 Red Hat Enterprise Linux 6 6.10 June 19, 2018 Nov. 9, 2010 May 10, 2022 Nov. 30, 2020 June 30, 2024 72 169 210 55
465 Red Hat Enterprise Linux 5 5.11 Sept. 16, 2014 March 15, 2007 March 31, 2017 Nov. 30, 2020 24 59 89 40
466 Red Hat Enterprise Linux 4 4.5 Feb. 29, 2012 March 31, 2017 5 30 29 16
467 Red Hat Enterprise Linux 3 3.0 0 33 44 17
468 Red Hat Enterprise Linux 2 2.1 Update 7 April 28, 2005 0 32 37 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
461 7.8
7.2 		HIGH
Local 		A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users accor… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2021-4034 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:36
2022-01-29 		Show GitHub Exploit DB Packet Storm
462 6.5
4.9 		MEDIUM
Local 		A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's no… CWE-476
 NULL Pointer Dereference 		CVE-2021-4145 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:36
2022-01-26 		Show GitHub Exploit DB Packet Storm
463 7.8
7.2 		HIGH
Local 		AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. CWE-787
 Out-of-bounds Write 		CVE-2021-45417 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*
cpe:2.3:o:redhat:enterprise_linux… 		2024-11-21 15:32
2022-01-21 		Show GitHub Exploit DB Packet Storm
464 6.5
4.0 		MEDIUM
Network 		Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last… CWE-22
Path Traversal 		CVE-2022-21682 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:45
2022-01-14 		Show GitHub Exploit DB Packet Storm
465 8.6
6.8 		HIGH
Local 		Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at i… CWE-276
Incorrect Default Permissions  		CVE-2021-43860 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:29
2022-01-13 		Show GitHub Exploit DB Packet Storm
466 7.5
5.0 		HIGH
Network 		CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CWE-565
 Reliance on Cookies without Validation and Integrity Checking 		CVE-2021-41819 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:26
2022-01-1 		Show GitHub Exploit DB Packet Storm
467 7.5
5.0 		HIGH
Network 		Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2021-41817 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:* 		2024-11-21 15:26
2022-01-1 		Show GitHub Exploit DB Packet Storm
468 7.1
5.8 		HIGH
Local 		vim is vulnerable to Out-of-bounds Read - CVE-2021-4166 cpe:2.3:o:redhat:enterprise_linux:8.0:* 2024-11-21 15:37
2021-12-26 		Show GitHub Exploit DB Packet Storm
469 4.3
4.3 		MEDIUM
Network 		A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function… - CVE-2021-3622 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux… 		2024-11-21 15:22
2021-12-24 		Show GitHub Exploit DB Packet Storm
470 8.8
9.3 		HIGH
Network 		A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into … CWE-78
OS Command  		CVE-2021-3621 cpe:2.3:o:redhat:enterprise_linux:8.0:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*
cpe:2.3:o:redhat:enterprise_linux… 		2024-11-21 15:22
2021-12-24 		Show GitHub Exploit DB Packet Storm