CVE-2014-3367
https://notcve.org/view.php?id=CVE-2014-3367
Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524. Vulnerabilidad de XSS en el componente vCloud Director en Cisco Nexus 1000V InterCloud para VMware permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor no especificado, también conocido como Bug ID CSCuq90524. • http://secunia.com/advisories/61426 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367 http://www.securityfocus.com/bid/70010 http://www.securitytracker.com/id/1030881 https://exchange.xforce.ibmcloud.com/vulnerabilities/96126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0685
https://notcve.org/view.php?id=CVE-2014-0685
Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) y anteriores para VMware permite a atacantes remotos evadir declaraciones de denegación ACL a través de paquetes (1) IGMPv2 o (2) IGMPv3 manipulados, también conocido como Bug ID CSCug61691. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685 http://tools.cisco.com/security/center/viewAlert.x?alertId=34130 • CWE-264: Permissions, Privileges, and Access Controls •