Inscreva-se no feed

In a previous blog post, we mentioned the ongoing work to overhaul our CVE pages and we are happy to announce those changes are now live. If you navigate to any CVE from our Red Hat CVE Database or an external source like a search engine, you'll be presented with the new user interface that displays important information and metadata about a specific CVE that is relevant to Red Hat's products.

Is my product affected?

We've combined the information about affected products, affected packages, and released errata into a single master table that can you can filter and order, presenting a much cleaner look and feel than the previous version. The individual rows in the table may also show product and package-specific impacts and CVSS scores where applicable.

For example, CVE-2019-10161 that affected the "libvirt" package in various versions of Red Hat Enterprise Linux had an overall impact of Important with a CVSS v3 score of 8.8. For Red Hat Enterprise Linux 6 however, because the impact of this vulnerability was limited to a denial of service, the security impact was lowered to Moderate with a CVSS v3 score of 7.3. Browsing to the "score details" also allows you to see a more detailed breakdown of the CVSS score specific to that product and package to the overall vulnerability CVSS score.

When a product reaches a particular support phase, fixing vulnerabilities of a certain impact may no longer be supported. These products are shown with a state of "Out of support scope" and will include a link to their lifecycle document, which covers the product's entire support schedule and the conditions for each support phase.

Why is Red Hat's CVSS score different?

Our Understanding Red Hat security ratings page explains how Red Hat classifies vulnerabilities by impact, how we use CVSS to rate vulnerabilities, and why our CVSS scores may differ from those displayed in the NIST National Vulnerability Database (NVD). For every CVE, we now show a side-by-side breakdown of Red Hat's CVSS score and the CVSS score present in NVD. When the scores differ by a large margin, a comment may be shown explaining why that is. See CVE-2019-7609 as an example.

What does "Will not fix" mean?

At the bottom of every CVE page you will find an FAQ section that answers some common questions that we get asked frequently, such as what it means that a product is marked as "Will not fix". The FAQ section may be expanded in the future to cover CVE-specific questions and answers, and more content may be included as we identify common problems with understanding our security data.

What Else?

A number of small improvements that contribute to the overall cleaner look were also made. If a CVE has an existing Vulnerability Response article, it will be linked under the CVE's description. Each CWE is now expanded to provide a textual description of the CWE or a combination of CWEs that classify this CVE. For example, CVE-2019-11477 had a CWE-190->CWE-400 combination of CWEs, which translates to an Integer Overflow or Wraparound leading to Uncontrolled Resource Consumption.

Red Hat is committed to providing the best security data for our products to the general public. If you have any questions or comments about the new CVE page look or any of the information displayed, please send an email to

Martin Prpic is a senior software engineer at Red Hat.

Sobre o autor


Navegue por canal

automation icon


Últimas novidades em automação de TI para empresas de tecnologia, equipes e ambientes

AI icon

Inteligência artificial

Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente

open hybrid cloud icon

Nuvem híbrida aberta

Veja como construímos um futuro mais flexível com a nuvem híbrida

security icon


Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias

edge icon

Edge computing

Saiba quais são as atualizações nas plataformas que simplificam as operações na borda

Infrastructure icon


Saiba o que há de mais recente na plataforma Linux empresarial líder mundial

application development icon


Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações

Original series icon

Programas originais

Veja as histórias divertidas de criadores e líderes em tecnologia empresarial