Security Bulletin: Due to use of Connect2id Nimbus JOSE+JWT, IBM Watson Studio in Cloud Pak for Data is affected by denial of service

Summary Connect2id Nimbus JOSE+JWT is used by Watson Studio in Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration cou...

CVE-2023-5534 AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...

CVE-2023-5212

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take ove...

CVE-2021-43954: File and network resource enumeration via SSRF in DefaultRepositoryAdminService

Affected versions of Atlassian Fisheye and Crucible allow remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery SSRF vulnerability in the DefaultRepositoryAdminService class. When runni...