Vulnerabilities > Siemens

DATE CVE VULNERABILITY TITLE RISK
2019-12-09 CVE-2019-19645 Uncontrolled Recursion vulnerability in multiple products
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
local
low complexity
sqlite netapp oracle tenable siemens CWE-674
5.5
5.5
2019-12-05 CVE-2019-19317 Incorrect Conversion between Numeric Types vulnerability in multiple products
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
sqlite netapp oracle siemens CWE-681
critical
 9.8
9.8
2019-11-27 CVE-2019-19242 NULL Pointer Dereference vulnerability in multiple products
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
network
high complexity
sqlite canonical redhat oracle siemens CWE-476
5.9
5.9
2019-11-27 CVE-2019-13936 Cross-site Scripting vulnerability in Siemens Polarion 19.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability.
network
low complexity
siemens CWE-79
5.4
5.4
2019-11-27 CVE-2019-13935 Cross-site Scripting vulnerability in Siemens Polarion 19.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability.
network
low complexity
siemens CWE-79
5.4
5.4
2019-11-27 CVE-2019-13934 Cross-site Scripting vulnerability in Siemens Polarion 19.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability.
network
low complexity
siemens CWE-79
5.4
5.4
2019-11-25 CVE-2019-19244 sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
network
low complexity
sqlite canonical oracle siemens
7.5
7.5
2019-10-30 CVE-2018-16417 Command Injection vulnerability in multiple products
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
network
low complexity
arubanetworks siemens CWE-77
7.5
7.5
2019-10-29 CVE-2019-15681 Improper Initialization vulnerability in multiple products
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure.
network
low complexity
libvnc-project canonical debian siemens CWE-665
7.5
7.5
2019-10-10 CVE-2019-13929 Use of Insufficiently Random Values vulnerability in Siemens Simatic IT Uadm
A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3).
network
low complexity
siemens CWE-330
6.5
6.5