8.6
CVE-2025-2730 - H3C Magic BE18000 HTTP POST Request getssidname command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to commaโฆ
8.6
CVE-2025-2729 - H3C Magic BE18000 HTTP POST Request networkSetup command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to coโฆ
8.6
CVE-2025-2728 - H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. Itโฆ
8.6
CVE-2025-2727 - H3C Magic NX30 Pro HTTP POST Request getNetworkStatus command injection
A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required fโฆ
8.6
CVE-2025-2726 - H3C Magic BE18000 HTTP POST Request esps command injection
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leaโฆ
8.6
CVE-2025-2725 - H3C Magic BE18000 HTTP POST Request auth command injection
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads toโฆ
3.3
CVE-2025-2724 - libgsf: GNOME libgsf sorting_key_copy out-of-bounds
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sortinโฆ
5.3
CVE-2025-2723 - libgsf: GNOME libgsf gsf_property_settings_collec heap-based overflow
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [as] the buffer pointed to by "data" must have "len" validโฆ
0.0
CVE-2025-2722 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [because] p_n_param is an input-output parameter indicatinโฆ
0.0
CVE-2025-2721 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [as] the buffer pointed to by "data" must have "len" validโฆ