MINI-3356-J2H2-WJV4

Bulletin has no description...

CVE-2026-3356

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...

CVE-2026-3356

creationtimestamp| type| source ---|---|--- 2026-03-31 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01 2026-03-31 21:19:21+00:00| published-proof-of-concept| Telegram/fvcDlylB6Q78KniI1pBDCXqCziRIFy6eVM6L3PvvuY9d-E4 2026-04-01 04:30:31+00:00| seen|...

EUVD-2026-3356

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2025-3356

creationtimestamp| type| source ---|---|--- 2025-10-30 21:42:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4gwjyxe3w2a...

CVE-2025-3356

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view, overwrite, or append to arbitrary files on the system...

CVE-2024-3356

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/modsettings/controller.php?action=add. The manipulation of the argument type leads to sql injection...

Rockwell Automation Stratix Multiple Vulnerabilities in Cisco IOS Software Metadata (CVE-2014-3356)

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device. The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker coul...

CVE-2023-3356

creationtimestamp| type| source ---|---|--- 2023-08-30 18:12:32+00:00| seen| https://t.me/cibsecurity/69446...

CVE-2023-3356 Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2023-3356

CVE-2023-3356 affects the Subscribers Text Counter WordPress plugin (pre-1.7.1). The issue is a CSRF vulnerability that allows an authenticated attacker (logged-in admin) to update plugin settings without proper CSRF protection, which can lead to Stored XSS due to insufficient sanitisation/escapi...

SUSE SLES15 Security Update : dpdk (SUSE-SU-2022:3356-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3356-1 advisory. - A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by...

Ubuntu 14.04 LTS / 16.04 LTS : Expat vulnerability (USN-3356-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3356-1 advisory. It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang,...

CVE-2017-3356

CVE-2017-3356 affects Oracle Marketing in Oracle E-Business Suite (subcomponent: User Interface). Affected versions include 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Marketing, ...

CVE-2016-3356

CVE-2016-3356 affects Microsoft Windows 10 (Creator/1607 era) where the Graphics Device Interface (GDI) mishandles memory objects, allowing remote code execution via a crafted document or web content. The root cause involves improper handling of memory objects in GDI, enabling an attacker to run ...

CVE-2016-3356

The Graphics Device Interface GDI in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability."...

MS16-106: Security Update for Microsoft Graphics Component (3185848)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in Windows kernel-mode drivers due to improper handling of objects in memory. An authenticated, remote attacker can exploit these,...

Debian DSA-3356-1 : openldap - security update

Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet. %NASLMINLEVEL 7030...

CVE-2015-3356

CVE-2015-3356 affects the Drupal Tadaa! module (7.x, prior to 7.x-1.4). The vulnerability arises from multiple unprotected CSRF vectors that allow a logged-in attacker with the module permission to perform actions such as enabling/disabling modules or changing configuration by coaxing a user to m...

Cisco IOS XE Software Multiple IPv6 Metadata Flow Vulnerabilities (cisco-sa-20140924-metadata)

According to its self-reported version, the version of Cisco IOS XE running on the remote host is affected by two vulnerabilities in the IPv6 metadata flow feature due to improper handling of RSVP packets. A remote attacker can exploit this issue by sending specially crafted RSVP flows to cause t...