Unity Linux 20.1070e Security Update: resteasy (UTSA-2026-016699)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016699 advisory. JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could...

EUVD-2022-4144

Malicious code in bioql PyPI...

EUVD-2022-4469

Malicious code in bioql PyPI...

GHSA-HGJR-XWJ3-JFVW JBoss RESTEasy vulnerable to Improper Input Validation

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

GHSA-M2FV-3RQM-G7P5 Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider. Mitigation: If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expectin...

Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider. Mitigation: If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expectin...

CVE-2016-9606

It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. Mitigati...

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

Remote Code Execution (RCE)

resteasy-yaml-provider is vulnerable to remote code execution RCE attacks. These attacks are possible because of an incomplete fix for CVE-2016-9606 which still uses Yaml.load in the YamlProvider. This issue only affects applications which have the YamlProvider explicitly enabled by adding or...

Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 6

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.15 update on RHEL 6 (Moderate) (RHSA-2017:1254)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1254 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBos...