VulnerableCode Package Details - pkg:rpm/redhat/rh-sso7-libunix-dbus-java@0.8.0-2.jbcs?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-2g8t-qjp5-ebc7 Aliases: CVE-2016-8629 GHSA-778x-2mqv-w6xw	Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.	There are no reported fixed by versions.
VCID-85y2-ejk7-qud9 Aliases: CVE-2017-2585 GHSA-w6gv-3r3v-gwgj	Information Exposure Keycloak has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.	There are no reported fixed by versions.
VCID-tzmu-y1p4-8bac Aliases: CVE-2016-9589 GHSA-p4xg-cpr9-vwvj	Uncontrolled Resource Consumption Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2g8t-qjp5-ebc7
Aliases:
CVE-2016-8629
GHSA-778x-2mqv-w6xw

Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.

There are no reported fixed by versions.

VCID-85y2-ejk7-qud9
Aliases:
CVE-2017-2585
GHSA-w6gv-3r3v-gwgj

Information Exposure Keycloak has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.

There are no reported fixed by versions.

VCID-tzmu-y1p4-8bac
Aliases:
CVE-2016-9589
GHSA-p4xg-cpr9-vwvj

Uncontrolled Resource Consumption Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:31:43.045409+00:00	RedHat Importer	Affected by	VCID-tzmu-y1p4-8bac	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9589.json	38.0.0
2026-04-01T14:31:13.644332+00:00	RedHat Importer	Affected by	VCID-85y2-ejk7-qud9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2585.json	38.0.0
2026-04-01T14:31:13.361959+00:00	RedHat Importer	Affected by	VCID-2g8t-qjp5-ebc7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8629.json	38.0.0