Lucene search
+L

461 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-41303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to...

9.8CVSS7.4AI score0.76658EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 p.m.20 views

CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...

9.8CVSS9.7AI score0.93039EPSS
Exploits10
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:19 a.m.27 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Dashboards on Cloud Pak. IBM Cognos Dashboards on Cloud Pak has addressed these vulnerabilities by upgrading IBM® Java™. There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards ...

9.8CVSS9.7AI score0.03821EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:55 a.m.53 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

9.8CVSS10AI score0.03669EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 7:47 a.m.12 views

Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a vulnerability in Cassandra Reaper

Summary Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...

9.8CVSS9.7AI score0.01533EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 12:45 p.m.12 views

CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...

9.8CVSS7AI score0.01533EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/12/11 12:0 a.m.14 views

Ubuntu: Security Advisory (USN-7147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.1AI score0.0968EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2024/12/10 6:8 p.m.25 views

USN-7147-1: Apache Shiro vulnerabilities

It was discovered that Apache Shiro incorrectly handled path traversal when used with other web frameworks or path rewriting. An attacker could possibly use this issue to obtain sensitive information or administrative privileges. This update provides the corresponding fix for Ubuntu 24.04 LTS and...

9.8CVSS7AI score0.0968EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/12/10 12:0 a.m.17 views

Ubuntu 16.04 LTS / 24.04 LTS / 24.10 : Apache Shiro vulnerabilities (USN-7147-1)

The remote Ubuntu 16.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7147-1 advisory. It was discovered that Apache Shiro incorrectly handled path traversal when used with other web frameworks or path rewriting. An...

9.8CVSS7.1AI score0.0968EPSS
Exploits1References5
OSV
OSV
added 2024/12/05 2:7 p.m.3 views

USN-7139-1 shiro vulnerability

It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

9.8CVSS7.7AI score0.93039EPSS
Exploits9References2
Ubuntu
Ubuntu
added 2024/12/05 2:7 p.m.17 views

USN-7139-1: Apache Shiro vulnerability

It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

9.8CVSS8.6AI score0.93039EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2024/12/05 12:0 a.m.16 views

Ubuntu 16.04 LTS : Apache Shiro vulnerability (USN-7139-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7139-1 advisory. It was discovered that Apache Shiro used a static cipher within the Remember Me feature inside authentication by default. An attacker could possibly use this issu...

9.8CVSS8.7AI score0.93039EPSS
Exploits9References2
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.5 views

shiro: path traversal attack may lead to authentication bypass

A flaw was found in Apache Shiro, which may allow a path traversal attack. When this issue is combined with the path rewriting feature, it can lead to an authentication bypass...

6.5CVSS5.7AI score0.01177EPSS
Exploits0References4
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.41 views

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack (CVE-2023-34478)

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...

9.8CVSS7AI score0.01533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/12 5:16 p.m.34 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable directory traversal due to Apache Shiro (CVE-2023-34478)

Summary IBM Sterling Partner Engagement Manager uses Apache Shiro. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34478 DESCRIPTION: Apache Shiro could allow a remote authenticated attacker to traverse directories on the system, cause...

9.8CVSS9.2AI score0.01533EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/12 12:0 a.m.8 views

The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications, related to interpretation conflicts, allows attackers to bypass authentication procedures.

The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures using a specially crafted HTTP reques...

7.8CVSS7.2AI score0.01553EPSS
Exploits0References12Affected Software5
Tenable Nessus
Tenable Nessus
added 2024/03/08 12:0 a.m.118 views

IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)

The version of IBM Engineering Requirements Management DOORS formerly IBM Rational DOORS installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory. - Apache Shiro before 1.9.1, A RegexRequestMatcher can b...

10CVSS7.2AI score0.99999EPSS
Exploits140References72
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/07 11:42 a.m.23 views

Security Bulletin: Vulnerability in Apache Shiro affects IBM WebSphere Service Registry and Repository

Summary A bypass access restrictions vulnerability in Apache Shiro CVE-2023-22602 affects IBM WebSphere Service Registry and Repository. This bulletin identifies the steps to take to address this vulnerability. Vulnerability Details CVEID:CVE-2023-22602 DESCRIPTION: Apache Shiro could allow a...

7.5CVSS7.4AI score0.01553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 4:54 p.m.75 views

Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository

Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...

9.8CVSS10AI score0.99615EPSS
Exploits14Affected Software1
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.5 views

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...

5.4CVSS6.2AI score0.00394EPSS
Exploits1References2
Rows per page
Query Builder