pkg:Debian/shiro

All known vulnerabilities

• CRITICAL9.8CVE-2016-4437⚠ KEVImproper Access Control in Apache Shiro
  from 0, < 1.2.5-1
• CRITICAL9.8CVE-2023-34478Path Traversal in Apache Shiro
  from 0
• CRITICAL9.8Apache Shiro Authentication Bypass vulnerability
  from 0
• CRITICAL9.8Improper Authorization in Apache Shiro
  from 0
• CRITICAL9.8Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
  from 0
• CRITICAL9.8shiro - security update
  from 0, < 1.2.3-1+deb8u1
• CRITICAL9.8shiro - security update
  from 0, < 1.3.2-4+deb11u1
• CRITICAL9.8shiro - security update
  from 0, < 1.3.2-4+deb11u1
• CRITICAL9.8shiro - security update
  from 0, < 1.3.2-1+deb9u1
• CRITICAL9.8Authentication bypass in Apache Shiro
  from 0, < 1.3.2-4+deb11u1
• HIGH7.5Apache Shiro Interpretation Conflict vulnerability
  from 0
• HIGH7.5Improper Access Control in Apache Shiro
  from 0, < 1.3.2-1
• HIGH7.5shiro - security update
  from 0, < 1.3.2-1+deb9u2
• HIGH7.5shiro - security update
  from 0, < 1.3.2-4+deb11u1
• HIGH7.5Improper input validation in Apache Shiro
  from 0
• MEDIUM6.5Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute.
  from 0
• MEDIUM6.5Default configurations of Apache Shiro have a session fixation vulnerability.
  from 0
• MEDIUM6.5Apache Shiro vulnerable to path traversal
  from 0, < 1.3.2-4+deb11u1
• MEDIUM6.1Open redirect in Apache Shiro
  from 0
• MEDIUM5.3Apache Shiro has an Authentication Bypass
  from 0
• LOW2.5Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
  from 0
• —Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authenticatio…
  from 0, < 1.2.3-1