From 5477cdafa2dbc462ef714a89b76eacabab8efeb0 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Mon, 21 Aug 2023 12:00:35 +0000
Subject: [PATCH] Auto-Update: 2023-08-21T12:00:32.059045+00:00

---
 CVE-2023/CVE-2023-34xx/CVE-2023-3481.json | 59 +++++++++++++++++++++++
 CVE-2023/CVE-2023-44xx/CVE-2023-4453.json | 59 +++++++++++++++++++++++
 CVE-2023/CVE-2023-44xx/CVE-2023-4454.json | 59 +++++++++++++++++++++++
 CVE-2023/CVE-2023-44xx/CVE-2023-4455.json | 59 +++++++++++++++++++++++
 README.md                                 | 15 +++---
 5 files changed, 244 insertions(+), 7 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-34xx/CVE-2023-3481.json
 create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4453.json
 create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4454.json
 create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4455.json

diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3481.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3481.json
new file mode 100644
index 00000000000..340480ab0d1
--- /dev/null
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3481.json
@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3481",
+  "sourceIdentifier": "cve-coordination@google.com",
+  "published": "2023-08-21T11:15:07.360",
+  "lastModified": "2023-08-21T11:15:07.360",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension.\u00a0"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@google.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@google.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-116"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-80"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/GoogleChromeLabs/critters/security/advisories/GHSA-cx3j-qqxj-9597",
+      "source": "cve-coordination@google.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4453.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4453.json
new file mode 100644
index 00000000000..a18cd283f6a
--- /dev/null
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4453.json
@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4453",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-08-21T10:15:09.567",
+  "lastModified": "2023-08-21T10:15:09.567",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4454.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4454.json
new file mode 100644
index 00000000000..a7b1fcf828d
--- /dev/null
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4454.json
@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4454",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-08-21T10:15:09.943",
+  "lastModified": "2023-08-21T10:15:09.943",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/wallabag/wallabag/commit/78b0b55c40511e1f22d5bbb4897aa10fca68441c",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4455.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4455.json
new file mode 100644
index 00000000000..eac1191aeb3
--- /dev/null
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4455.json
@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4455",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-08-21T10:15:10.037",
+  "lastModified": "2023-08-21T10:15:10.037",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/wallabag/wallabag/commit/ffcc5c9062fcc8cd922d7d6d65edbe5efae96806",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index bb67b2f8973..93526c0fbc0 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-08-21T10:00:30.422036+00:00
+2023-08-21T12:00:32.059045+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-08-21T09:15:10.430000+00:00
+2023-08-21T11:15:07.360000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,16 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-223050
+223054
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `4`
 
-* [CVE-2023-39543](CVE-2023/CVE-2023-395xx/CVE-2023-39543.json) (`2023-08-21T09:15:09.433`)
-* [CVE-2023-39939](CVE-2023/CVE-2023-399xx/CVE-2023-39939.json) (`2023-08-21T09:15:10.280`)
-* [CVE-2023-40068](CVE-2023/CVE-2023-400xx/CVE-2023-40068.json) (`2023-08-21T09:15:10.430`)
+* [CVE-2023-4453](CVE-2023/CVE-2023-44xx/CVE-2023-4453.json) (`2023-08-21T10:15:09.567`)
+* [CVE-2023-4454](CVE-2023/CVE-2023-44xx/CVE-2023-4454.json) (`2023-08-21T10:15:09.943`)
+* [CVE-2023-4455](CVE-2023/CVE-2023-44xx/CVE-2023-4455.json) (`2023-08-21T10:15:10.037`)
+* [CVE-2023-3481](CVE-2023/CVE-2023-34xx/CVE-2023-3481.json) (`2023-08-21T11:15:07.360`)
 
 
 ### CVEs modified in the last Commit