Michael Xin

**Name of the Vulnerable Software and Affected Versions** OpenStack Neutron versions prior to 2014.1.4 OpenStack Neutron versions 2014.2.x prior to 2014.2.1 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a crash. This can be achieved by providing a crafted `dns nameservers` value in the DNS configuration. **Recommendations** For OpenStack Neutron versions prior to 2014.1.4, update to version 2014.1.4 or later. For OpenStack Neutron versions 2014.2.x prior to 2014.2.1, update to version 2014.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** OpenStack Dashboard (Horizon) versions prior to 2013.2.4 OpenStack Dashboard (Horizon) versions 2014.1 prior to 2014.1.2 OpenStack Dashboard (Horizon) Juno versions prior to Juno-2 **Description** A cross-site scripting (XSS) issue exists in the Users panel of OpenStack Dashboard (Horizon), allowing remote administrators to inject arbitrary web script or HTML via a user email address. **Recommendations** For versions prior to 2013.2.4, update to version 2013.2.4 or later. For versions 2014.1 prior to 2014.1.2, update to version 2014.1.2 or later. For Juno versions prior to Juno-2, update to Juno-2 or later.