Powered by Deep Web Technologies
Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Xen Multiple Buffer Overflow and Integer Overflow 6: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities May 19, 2011 - 3:05pm Addthis PROBLEM: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities PLATFORM: XenSource Xen 3.3.1, XenSource Xen 3.3, XenSource Xen 3.2, XenSource Xen 3.1.2, XenSource Xen 3.1.1, XenSource Xen 3.0.3, XenSource Xen 4.0, XenSource Xen 3.0, RedHat Enterprise Linux Virtualization 5 server, RedHat Enterprise Linux Desktop Multi OS 5 client ,RedHat Enterprise Linux 5 server, Red Hat Fedora 15 ,and Red Hat Enterprise Linux Desktop 5 client ABSTRACT: It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the

2

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

3

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

4

V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: RealPlayer MP4 Processing Buffer Overflow Vulnerability 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when processing MP4 files and can be exploited to cause a heap-based buffer overflow via a specially crafted MP4 file. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 16.0.1.18. Addthis Related Articles U-042: Mac RealPlayer Multiple Vulnerabilities V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

5

V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Novell iPrint Client Unspecified Buffer Overflow 8: Novell iPrint Client Unspecified Buffer Overflow Vulnerability V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability May 3, 2013 - 6:00am Addthis PROBLEM: Novell iPrint Client Unspecified Buffer Overflow Vulnerability PLATFORM: Novell iPrint Client 5.x ABSTRACT: A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system REFERENCE LINKS: Secunia Advisory SA53261 Novell KB 7012344 Novell KB 7008708 CVE-2013-1091 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an unspecified error and can be exploited to cause a stack-based buffer overflow. IMPACT: Successful exploitation may allow execution of arbitrary code SOLUTION: Vendor recommendation is to update to Version 5.90

6

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

7

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

8

V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IntegraXor ActiveX Control Buffer Overflow Vulnerability 6: IntegraXor ActiveX Control Buffer Overflow Vulnerability V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability February 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in IntegraXor PLATFORM: Integraxor Versions prior to 4.x ABSTRACT: The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow. REFERENCE LINKS: Secunia Advisory SA52073 CVE-2012-4700 US-CERT Advisory IMPACT ASSESSMENT: High DISCUSSION: Successfully exploiting this vulnerability could lead to a DoS for the application or could allow an attacker to execute arbitrary code. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 4.00 build 4280.0 Addthis Related Articles

9

V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow 19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis PROBLEM: Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system. PLATFORM: Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x ABSTRACT: The vulnerability is confirmed in the following products and versions: * Kingsoft Writer 2012 version 8.1.0.3030. * Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 8.1.0.3385. REFERENCE LINKS: Secunia Advisory SA53266 CVE-2013-3934 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a

10

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

11

U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Net4Switch ipswcom ActiveX Control Buffer Overflow 8: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability February 22, 2012 - 8:00am Addthis PROBLEM: A vulnerability was reported in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system. PLATFORM: Net4Switch ipswcom ActiveX Control 1.x ABSTRACT: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. reference LINKS: Vendor Advisory Secunia Advisroy 48125 No CVE references. IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

12

V-044: IBM Informix Buffer Overflow in Processing SQL Statements...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

High DISCUSSION: IBM Informix is vulnerable to a buffer overflow caused by improper handling of unspecified SQL statements. A remote attacker with valid authentication...

13

V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Apache XML Security XPointer Expressions Processing Buffer 8: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability June 28, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Apache XML Security PLATFORM: vulnerability is reported in versions prior to 1.7.2 ABSTRACT: The vulnerability addresses the possibility of a heap overflow condition REFERENCE LINKS: Secunia Advisory SA53959 Apache Advisory CVE-2013-2210 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error within the XML Signature Reference processing code and can be exploited to cause a heap-based buffer overflow via a specially crafted document containing malformed XPointer expressions. IMPACT: Successful exploitation may allow execution of arbitrary code

14

T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: OpenSC Smart Card Serial Number Multiple Buffer Overflow 7: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities January 4, 2011 - 5:52pm Addthis PROBLEM: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities PLATFORM: Vulnerable Platform: OpenSC 0.11.13 ABSTRACT: OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. reference LINKS: SecurityFocus - OpenSC Smart Card Serial CVE-2010-4523 OpenSC: Three stack-based buffer overflows CVE-2010-4523 - Three stack-based buffer overflows

15

U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Pidgin 'mxit_show_message()' Function Stack-Based Buffer 7: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability July 9, 2012 - 7:00am Addthis PROBLEM: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability. PLATFORM: Versions prior to Pidgin 2.10.5 vulnerable. ABSTRACT: Pidgin is prone to a stack-based buffer-overflow vulnerability REFERENCE LINKS: The Vendor's Advisory Bugtraq ID: 54322 CVE-2012-3374 IMPACT ASSESSMENT: Medium Discussion: Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code. Impact: Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service

16

U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer 207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability July 9, 2012 - 7:00am Addthis PROBLEM: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability. PLATFORM: Versions prior to Pidgin 2.10.5 vulnerable. ABSTRACT: Pidgin is prone to a stack-based buffer-overflow vulnerability REFERENCE LINKS: The Vendor's Advisory Bugtraq ID: 54322 CVE-2012-3374 IMPACT ASSESSMENT: Medium Discussion: Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code. Impact: Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service

17

U-114: IBM Personal Communications WS File Processing Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: IBM Personal Communications WS File Processing Buffer 14: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability March 1, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in IBM Personal Communications, which can be exploited by malicious people to compromise a user's system. PLATFORM: versions 5.9.0 through 5.9.7 and 6.0.0 through 6.0.3. ABSTRACT: A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications. reference LINKS: Vendor Advisory Secunia Advisory 48185 CVE-2012-0201 IMPACT ASSESSMENT: High Discussion:

18

U-120: RSA SecurID Software Token Converter Unspecified Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: RSA SecurID Software Token Converter Unspecified Buffer 0: RSA SecurID Software Token Converter Unspecified Buffer Overflow Vulnerability U-120: RSA SecurID Software Token Converter Unspecified Buffer Overflow Vulnerability March 8, 2012 - 7:00am Addthis PROBLEM: RSA SecurID Software Token Converter Unspecified Buffer Overflow Vulnerability PLATFORM: RSA SecurID Software Token Converter 2.x ABSTRACT: Successful exploitation may allow execution of arbitrary code. reference LINKS: Secunia Advisory SA48297 CVE-2012-0397 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in RSA SecurID Software Token Converter, which can be exploited by malicious people to compromise a user's system. Impact: An unspecified error can be exploited to cause a buffer overflow. Solution: Update to version 2.6.1. Addthis Related Articles

19

U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root 6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges December 9, 2011 - 8:00am Addthis PROBLEM: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges. PLATFORM: Linux kernel ABSTRACT: A vulnerability was reported in the Linux Kernel. reference LINKS: The Linux Kernel Archives SecurityTracker Alert ID: 1026395 CVE-2011-4330 IMPACT ASSESSMENT: Medium Discussion: When a specially crafted Hierarchical File System (HFS) file system is mounted, a local user can to trigger a buffer overflow and execute arbitrary code on the target system with root privileges. The vulnerability resides in the hfs_mac2asc() function. Impact: A local user can obtain root privileges on the target system.

20

T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Apple QuickTime Buffer Overflows Let Remote Users Execute 4: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code August 4, 2011 - 3:33pm Addthis PROBLEM: Multiple vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Apple Quick Time prior to 7.7 ABSTRACT: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code. reference LINKS: Apple security updates SecurityTracker Alert ID: 1025884 Mac OS X: Updating your software Support Downloads QuickTime 7.7 IMPACT ASSESSMENT: High Discussion: A specially crafted PICT file can trigger a buffer overflow [CVE-2011-0245]. Mac OS X version 10.7 is not affected. A specially crafted GIF image can trigger a heap overflow [CVE-2011-0246].

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP StorageWorks File Migration Agent Buffer Overflows Let 6: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. 1. (ZDI-12-127) The specific flaw exists within the HsmCfgSvc.exe service

22

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability.

23

V-169: Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Linux Kernel "iscsi_add_notunderstood_response()" Buffer 9: Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow Vulnerability V-169: Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow Vulnerability June 3, 2013 - 12:01am Addthis PROBLEM: Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow Vulnerability PLATFORM: Linux Kernel 3.0.x Linux Kernel 3.2.x Linux Kernel 3.4.x Linux Kernel 3.9.x ABSTRACT: A vulnerability has been reported in Linux Kernel. REFERENCE LINKS: Secunia Advisory SA53670 Red Hat Bugzilla - Bug 968036 CVE-2013-2850 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within the "iscsi_add_notunderstood_response()" function (drivers/target/iscsi/iscsi_target_parameters.c) when parsing keys and can

24

U-115: Novell GroupWise Client Address Book Processing Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Novell GroupWise Client Address Book Processing Buffer 5: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability March 2, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in in Novell GroupWise Client. PLATFORM: versions 8.0 through 8.02 HP3. ABSTRACT: The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address. reference LINKS: Vendor Advisory Secunia Advisory 48199 CVE-2011-4189 IMPACT ASSESSMENT: High Discussion: The GroupWise 8 Client for Windows is vulnerable to an exploit where a malformed address book could cause heap memory corruption, which could lead to remote code execution under the privilege of the user that opened the

25

V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: VLC Media Player Buffer Overflow in HTML Subtitle Parser 0: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code January 2, 2013 - 1:00am Addthis PROBLEM: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code PLATFORM: VLC Media Player 2.0.4, possibly earlier versions ABSTRACT: Some vulnerabilities have been reported in VLC Media Player REFERENCE LINKS: SecurityTracker Alert ID: 1027929 Secunia Advisory SA51692 IMPACT ASSESSMENT: Medium DISCUSSION: Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors when parsing HTML subtitles in

26

V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Adobe Flash Player Buffer Overflows and Memory Corruption 8: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code November 7, 2012 - 6:00am Addthis PROBLEM: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.4.402.287 and prior for Windows and OS X; 11.2.202.243 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-24 SecurityTracker Alert ID: 1027730 CVE-2012-5274 CVE-2012-5275 CVE-2012-5276 CVE-2012-5277 CVE-2012-5278 CVE-2012-5279 CVE-2012-5280 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Adobe Flash Player. A remote user

27

V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: VLC Media Player Buffer Overflow in HTML Subtitle Parser 0: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code January 2, 2013 - 1:00am Addthis PROBLEM: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code PLATFORM: VLC Media Player 2.0.4, possibly earlier versions ABSTRACT: Some vulnerabilities have been reported in VLC Media Player REFERENCE LINKS: SecurityTracker Alert ID: 1027929 Secunia Advisory SA51692 IMPACT ASSESSMENT: Medium DISCUSSION: Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors when parsing HTML subtitles in

28

V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users  

NLE Websites -- All DOE Office Websites (Extended Search)

9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE LINKS: RealPlayer Security Vulnerabilities Secunia Advisory SA51589 SecurityTracker Alert ID: 1027893 CVE-2012-5690 CVE-2012-5691 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. A remote user can create a specially crafted RealAudio file that, when

29

U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference 8: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges March 19, 2012 - 7:00am Addthis PROBLEM: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges PLATFORM: ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0 ABSTRACT: A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system. reference LINKS: Secunia Advisory SA48378 SecurityTracker Alert ID: 1026818 CVE-2010-0405 IMPACT ASSESSMENT: Medium Discussion: A local user on a guest operating system can trigger a buffer overflow or null pointer dereference in the display drivers to execute arbitrary code

30

T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local 7: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges March 1, 2011 - 6:44pm Addthis PROBLEM: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges . PLATFORM: Linux Kernel 2.4.x, 2.6.x ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user may be able to obtain elevated privileges on the target system. A physically local user can connect a storage device with a specially crafted LDM partition table to trigger a buffer overflow in the ldm_frag_add() function in 'fs/partitions/ldm.c' and potentially execute arbitrary code with elevated privileges. reference LINKS: Security Tracker - Alert ID: 1025128

31

V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

09: Adobe Shockwave Player Buffer Overflows and Array Error Lets 09: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code October 24, 2012 - 6:00am Addthis PROBLEM: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh ABSTRACT: Several vulnerabilities were reported in Adobe Shockwave. REFERENCE LINKS: Adobe Security bulletin SecurityTracker Alert ID: 1027692 CVE-2012-4172 CVE-2012-4173 CVE-2012-4174 CVE-2012-4175 CVE-2012-4176 CVE-2012-5273 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on

32

V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec PGP Desktop Buffer Overflows Let Local Users Gain 3: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges February 18, 2013 - 12:53am Addthis PROBLEM: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges PLATFORM: Symantec PGP Desktop 10.2.x,10.1.x,10.0.x Symantec Encryption Desktop 10.3.0 ABSTRACT: Two vulnerabilities were reported in Symantec PGP Desktop. REFERENCE LINKS: Symantec Security Advisory SYM13-001 Bugtraq ID: 57170 SecurityTracker Alert ID: 1028145 CVE-2012-4351 CVE-2012-4352 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can trigger an integer overflow in 'pgpwded.sys' to execute arbitrary code on the target system [CVE-2012-4351]. On Windows XP and Windows Sever 2003, a local user can trigger a buffer

33

T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local 7: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges March 1, 2011 - 6:44pm Addthis PROBLEM: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges . PLATFORM: Linux Kernel 2.4.x, 2.6.x ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user may be able to obtain elevated privileges on the target system. A physically local user can connect a storage device with a specially crafted LDM partition table to trigger a buffer overflow in the ldm_frag_add() function in 'fs/partitions/ldm.c' and potentially execute arbitrary code with elevated privileges. reference LINKS: Security Tracker - Alert ID: 1025128

34

V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: PuTTY SSH Handshake Integer Overflow Vulnerabilities 3: PuTTY SSH Handshake Integer Overflow Vulnerabilities V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities August 7, 2013 - 6:00am Addthis PROBLEM: SEARCH-LAB has reported some vulnerabilities in PuTTY PLATFORM: PuTTY 0.x ABSTRACT: The vulnerabilities can be exploited by malicious people to potentially compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520 CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerabilities are caused due to some integer overflow errors when handling the SSH handshake and can be exploited to cause heap-based buffer overflows via a negative handshake message length. IMPACT: Successful exploitation of may allow execution of arbitrary code

35

T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

664: Apache Santuario Buffer Overflow Lets Remote Users Deny 664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service July 8, 2011 - 12:32pm Addthis PROBLEM: A vulnerability was reported in Apache Santuario. A remote user can cause denial of service conditions. PLATFORM: Prior to 1.6.1 - Apache Santuario XML Security for C++ library versions prior to V1.6.1 ABSTRACT: A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker. reference LINKS: SecurityTracker Alert ID: 1025755 Bugzilla: 719698: CVE-2011-2516 xml-security-c The Apache Software Foundation - CVE-2011-2516

36

T-583: Linux Kernel OSF Partition Table Buffer Overflow Lets Local Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

583: Linux Kernel OSF Partition Table Buffer Overflow Lets Local 583: Linux Kernel OSF Partition Table Buffer Overflow Lets Local Users Obtain Information T-583: Linux Kernel OSF Partition Table Buffer Overflow Lets Local Users Obtain Information March 18, 2011 - 5:15pm Addthis PROBLEM: A vulnerability was reported in the Linux Kernel. A local user can obtain information from kernel memory. PLATFORM: Version(s): 2.4.x, 2.6.x ABSTRACT: A local user can create a storage device with specially crafted OSF partition tables. When the kernel automatically evaluates the partition tables, a buffer overflow may occur and data from kernel heap space may leak to user-space. reference LINKS: http://www.securitytracker.com/id/1025225 CVE-2011-1163 http://www.kernel.org/ IMPACT ASSESSMENT: Moderate Discussion: A local user can create a storage device with specially crafted OSF

37

T-695: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

95: Avaya Aura Application Server Buffer Overflow in 95: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code T-695: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code August 17, 2011 - 3:23pm Addthis PROBLEM: A vulnerability was reported in Avaya Aura Application Server (Nortel Media Application Server). PLATFORM: Avaya Aura Application Server 5300 version(s): 1.0, 2.0 ABSTRACT: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code. reference LINKS: Avaya Advisory: 100146108 Security Tracker Alert ID: 1025942 IMPACT ASSESSMENT: Medium Discussion: A flaw was found in one of the Media Application Server listening processes. If a remote attacker was able to successfully establish a

38

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Informix Genero libpng Integer Overflow Vulnerability 4: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT ASSESSMENT: Medium DISCUSSION: The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix

39

V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote  

NLE Websites -- All DOE Office Websites (Extended Search)

8: RealPlayer Buffer Overflow and Memory Corruption Error Let 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS: Security Tracker Alert ID 1028953 RealNetworks Security Bulletin CVE-2013-4973 CVE-2013-4974 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create a specially crafted RMP file that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target system. A remote user can create a specially crafted RealMedia file that, when

40

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

202: Apple QuickTime Multiple Stack Overflow Vulnerabilities 202: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Stack Overflow Vulnerabilities 2: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

42

U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

54: IBM Rational ClearQuest ActiveX Control Buffer Overflow 54: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability April 24, 2012 - 7:00am Addthis PROBLEM: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability PLATFORM: Versions 7.1.1 through 7.1.2.5, 8.0, and 8.0.0.1. ABSTRACT: A vulnerability was reported in IBM Rational ClearQuest. A remote user can cause arbitrary code to be executed on the target user's system. reference links: SecurityTracker Alert ID: 1026958 Secunia Advisory SA48933 CVE-2012-0708 IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a function prototype mismatch in the "RegisterSchemaRepoFromFileByDbSet()" function in the IBM Rational ClearQuest ActiveX control (cqole.dll). This can be exploited to cause a

43

U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

54: IBM Rational ClearQuest ActiveX Control Buffer Overflow 54: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability April 24, 2012 - 7:00am Addthis PROBLEM: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability PLATFORM: Versions 7.1.1 through 7.1.2.5, 8.0, and 8.0.0.1. ABSTRACT: A vulnerability was reported in IBM Rational ClearQuest. A remote user can cause arbitrary code to be executed on the target user's system. reference links: SecurityTracker Alert ID: 1026958 Secunia Advisory SA48933 CVE-2012-0708 IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a function prototype mismatch in the "RegisterSchemaRepoFromFileByDbSet()" function in the IBM Rational ClearQuest ActiveX control (cqole.dll). This can be exploited to cause a

44

V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability 3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability April 1, 2013 - 1:26am Addthis PROBLEM: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability PLATFORM: VMware ESX Server 4.x VMware ESXi 4.x VMware ESXi 5.x ABSTRACT: A vulnerability has been reported in VMware ESX and ESXi REFERENCE LINKS: VMware ESXi security update Secunia Advisory SA52844 CVE-2012-5134 IMPACT ASSESSMENT: High DISCUSSION: The ESXi userworld libxml2 library has been updated to resolve a security issue IMPACT: VMware ESX and ESXi can be exploited by malicious people to compromise a vulnerable system SOLUTION: The vendor has issued a fix, VMware ESXi 5.0, Patch Release ESXi500-201303001 (2044373) Addthis Related Articles U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets

45

ARMORY: An automatic security testing tool for buffer overflow defect detection  

Science Conference Proceedings (OSTI)

Program Buffer Overflow Defects (PBODs) are the stepping stones of Buffer Overflow Attacks (BOAs), which are one of the most dangerous security threats to the Internet. In this paper, we propose a kernel-based security testing tool, named ARMORY, for ...

Li-Han Chen, Fu-Hau Hsu, Yanling Hwang, Mu-Chun Su, Wei-Shinn Ku, Chi-Hsuan Chang

2013-10-01T23:59:59.000Z

46

T-559: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Stack-based buffer overflow in oninit in IBM Informix 9: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution T-559: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution February 17, 2011 - 7:00am Addthis PROBLEM: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution. PLATFORM: IBM Informix Dynamic Server (IDS) 11.50 ABSTRACT: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. reference LINKS: Security Database - Reference - CVE-2011-1033 CVE Details - Reference - CVE-2011-1033

47

T-556: BMC PATROL Agent Service Daemon stack-based buffer overflow |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: BMC PATROL Agent Service Daemon stack-based buffer overflow 6: BMC PATROL Agent Service Daemon stack-based buffer overflow T-556: BMC PATROL Agent Service Daemon stack-based buffer overflow February 14, 2011 - 7:07am Addthis PROBLEM: BMC PATROL Agent Service Daemon stack-based buffer overflow PLATFORM: BMC Performance Affected software versions: BMC Performance Analysis for Servers 7.4.00 - 7.5.10 BMC Performance Analyzer for Servers 7.4.00 - 7.5.10 BMC Performance Assurance for Servers 7.4.00 - 7.5.10 BMC Performance Assurance for Virtual Servers 7.4.00 - 7.5.10 ABSTRACT: Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through

48

T-660: OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-660: OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That T-660: OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code T-660: OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code July 5, 2011 - 7:06am Addthis PROBLEM: A vulnerability was reported in OpenSSH. A remote user can execute arbitrary code on the target system. PLATFORM: FreeBSD releases greater than 5.2.1 : 3.5p1 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: SecurityTracker Alert ID: 1025739 Open SSH Security Update IMPACT ASSESSMENT: High Discussion: A remote user can send a specially crafted username value to trigger a buffer overflow in the pam_thread() function and execute arbitrary code on

49

U-043: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Attachmate Reflection Buffer Overflow in FTP Client Lets 3: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code U-043: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code November 22, 2011 - 8:00am Addthis PROBLEM: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code. PLATFORM: 14.1.1173 and prior versions The following product versions are affected: Reflection for HP version 14.x Reflection for UNIX and OpenVMS version 14.x Reflection for ReGIS Graphics version 14.x Reflection for IBM version 14.x Reflection X version 14.x ABSTRACT: A remote server can execute arbitrary code on the connected target system. reference LINKS: Security Updates and Reflection Attachmate Support Lifecycle Attachmate Downloads

50

V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute 5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code January 9, 2013 - 12:10am Addthis PROBLEM: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.5.502.135 and earlier versions for Windows Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh Adobe Flash Player 11.2.202.258 and earlier versions for Linux Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. ABSTRACT: Security updates available for Adobe Flash Player REFERENCE LINKS: Adobe Security Bulletin APSB13-01 SecurityTracker Alert ID: 1027950

51

U-043: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Attachmate Reflection Buffer Overflow in FTP Client Lets 3: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code U-043: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code November 22, 2011 - 8:00am Addthis PROBLEM: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code. PLATFORM: 14.1.1173 and prior versions The following product versions are affected: Reflection for HP version 14.x Reflection for UNIX and OpenVMS version 14.x Reflection for ReGIS Graphics version 14.x Reflection for IBM version 14.x Reflection X version 14.x ABSTRACT: A remote server can execute arbitrary code on the connected target system. reference LINKS: Security Updates and Reflection Attachmate Support Lifecycle Attachmate Downloads

52

Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures  

Science Conference Proceedings (OSTI)

Security enforcement inlined into user threads often delays the protected programs; inlined resource reclamation may interrupt program execution and defer resource release. We propose software cruising, a novel technique that migrates security ... Keywords: buffer overflow, concurrency, lock-free, multicore, non-blocking algorithms, program monitor, software cruising

Qiang Zeng; Dinghao Wu; Peng Liu

2011-06-01T23:59:59.000Z

53

U-115: Novell GroupWise Client Address Book Processing Buffer...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Other Agencies You are here Home U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability U-115: Novell GroupWise Client Address Book...

54

T-559: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution  

Energy.gov (U.S. Department of Energy (DOE))

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement

55

T-559: Stack-based buffer overflow in oninit in IBM Informix...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw...

56

U-216: HP StorageWorks File Migration Agent Buffer Overflows...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

not properly validate the size of the root path specified and proceeds to copy the string into a fixed-length buffer on the stack. This can be exploited to execute arbitrary...

57

T-588: HP Virtual SAN Appliance Stack Overflow | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-588: HP Virtual SAN Appliance Stack Overflow T-588: HP Virtual SAN Appliance Stack Overflow T-588: HP Virtual SAN Appliance Stack Overflow March 25, 2011 - 5:05pm Addthis PROBLEM: HP Virtual SAN Appliance Stack Overflow in 'hydra.exe' Lets Remote Users Execute Arbitrary Code. PLATFORM: HP StorageWorks P4000 Virtual SAN Appliance Software ABSTRACT: A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Secunia advisory 34782 SecurityTracker Alert ID: 1025249 ZDI-11-111 Bugtraq ID: 47005 IMPACT ASSESSMENT: High Discussion: Hewlett-Packard Virtual SAN Appliance is prone to a remote buffer-overflow vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in

58

T-562: Novell ZENworks Configuration Management novell-tftp.exe Buffer  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Novell ZENworks Configuration Management novell-tftp.exe 2: Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow T-562: Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow February 22, 2011 - 7:00am Addthis PROBLEM: Novell ZENworks Buffer Overflow in TFTPD. PLATFORM: Novell ZENworks Configuration Management 10.x, Novell ZENworks Configuration Management 11.x ABSTRACT: A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in novell-tftp.exe when parsing requests. This can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to UDP port 69. The vulnerability is reported in versions 10.3.1, 10.3.2, and 11.0.

59

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities 3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities January 26, 2011 - 7:35am Addthis PROBLEM: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. PLATFORM: Wireshark 0.8.20 through 1.2.8. ABSTRACT: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application. reference LINKS: Securityfocus IMPACT ASSESSMENT: Medium Discussion: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.Exploiting these issues may allow attackers to crash the

60

T-548: Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe buffer  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

48: Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe 48: Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe buffer overflow T-548: Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe buffer overflow February 2, 2011 - 7:15am Addthis PROBLEM: Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe buffer overflow. PLATFORM: Novell Zenworks Handheld Management 7 ABSTRACT: Novell ZENworks Handheld Management (ZHM) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ZfHIPCnd.exe Access Point process. By sending a specially-crafted request to TCP port 2400, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash. reference LINKS: TippingPoint: Zero Day Initiative Redhat - CVE-2010-0742 Novell ZENworks - CVE-2010-0742

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Using semantic templates to study vulnerabilities recorded in large software repositories  

Science Conference Proceedings (OSTI)

Software repositories are rich sources of information about vulnerabilities that occur during a product's lifecycle. Although available, such information is scattered across numerous databases. Furthermore, in large software repositories, a single vulnerability ... Keywords: CVE, CWE, buffer overflow, fix patterns, ontology, semantic template, software repository, vulnerability

Yan Wu; Robin A. Gandhi; Harvey Siy

2010-05-01T23:59:59.000Z

62

V-211: IBM iNotes Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

63

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Shockwave Player Multiple Vulnerabilities 1: Adobe Shockwave Player Multiple Vulnerabilities V-131: Adobe Shockwave Player Multiple Vulnerabilities April 11, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Shockwave Player PLATFORM: The vulnerabilities are reported in versions 12.0.0.112 and prior ABSTRACT: This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system REFERENCE LINKS: Secunia Advisory: SA52981 Adobe Security Bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385 CVE-2013-1386 IMPACT ASSESSMENT: High DISCUSSION: This update resolves : 1) A buffer overflow vulnerability that could lead to code execution 2) Memory corruption vulnerabilities that could lead to code execution 3) Memory leakage vulnerability that could be exploited to reduce the

64

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

65

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

66

U-172: OpenOffice.org Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: OpenOffice.org Two Vulnerabilities 72: OpenOffice.org Two Vulnerabilities U-172: OpenOffice.org Two Vulnerabilities May 18, 2012 - 7:00am Addthis PROBLEM: OpenOffice.org Two Vulnerabilities PLATFORM: OpenOffice.org 3.3, Other versions may also be affected. ABSTRACT: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system. Reference LINKS: Secunia Advisory SA46992 CVE-2012-1149 CVE-2012-2149 IMPACT ASSESSMENT: High Discussion: 1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file. 2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect

67

Nuclear reactor overflow line  

DOE Patents (OSTI)

The overflow line for the reactor vessel of a liquid-metal-cooled nuclear reactor includes means for establishing and maintaining a continuous bleed flow of coolant amounting to 5 to 10% of the total coolant flow through the overflow line to prevent thermal shock to the overflow line when the reactor is restarted following a trip. Preferably a tube is disposed concentrically just inside the overflow line extending from a point just inside the reactor vessel to an overflow tank and a suction line is provided opening into the body of liquid metal in the reactor vessel and into the annulus between the overflow line and the inner tube.

Severson, Wayne J. (Pittsburgh, PA)

1976-01-01T23:59:59.000Z

68

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google Picasa BMP and TIFF Images Processing Vulnerabilities 6: Google Picasa BMP and TIFF Images Processing Vulnerabilities V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities March 21, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been discovered in Google Picasa PLATFORM: Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac ABSTRACT: Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA51652 Picasa Release Notes IMPACT ASSESSMENT: High DISCUSSION: 1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field. 2) The application bundles a vulnerable version of LibTIFF.

69

U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Novell GroupWise Internet Agent "Content-Length" Integer 1: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability September 17, 2012 - 6:00am Addthis PROBLEM: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability PLATFORM: The vulnerability is confirmed in version 8.0.2 HP3 and reported in version 2012. Other versions may also be affected. ABSTRACT: A vulnerability was reported in Novell GroupWise Internet Agent reference LINKS: Novell SecurityTracker Alert ID: 1027536 Secunia Advisory SA50622 CVE-2012-0271 IMPACT ASSESSMENT: Medium Discussion: A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via

70

Overflow and losses in a network queue with a self-similar input  

Science Conference Proceedings (OSTI)

This paper considers a discrete time queuing system that models a communication network multiplexer which is fed by a self-similar packet traffic. The model has a finite buffer of size h, a number of servers with unit service ... Keywords: buffer overflow, communications networks, long-range dependence, self-similarity

Boris Tsybakov; Nicolas D. Georganas

2000-01-01T23:59:59.000Z

71

U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users 131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code March 22, 2012 - 3:47am Addthis PROBLEM: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Photoshop CS5 12.x ABSTRACT: Successful exploitation may allow execution of arbitrary code reference LINKS: SecurityTracker Alert ID: 1026831 Secunia Advisory: SA48457 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted TIFF file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target

72

V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets 4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges April 15, 2013 - 1:30am Addthis PROBLEM: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges PLATFORM: Cisco AnyConnect Secure Mobility Client Cisco Secure Desktop ABSTRACT: Some vulnerabilities were reported in Cisco AnyConnect Secure Mobility Client. REFERENCE LINKS: Cisco Security Notice CVE-2013-1172 Cisco Security Notice CVE-2013-1173 SecurityTracker Alert ID: 1028425 CVE-2013-1172 CVE-2013-1173 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can trigger a heap overflow in the Cisco Host Scan component to execute arbitrary code on the target system with System privileges

73

U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute 80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code January 12, 2012 - 9:00am Addthis PROBLEM: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code PLATFORM: Linux ABSTRACT: A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Linux Kernel Update SecurityTracker Alert ID: 1026512 CVE-2012-0038 Red Hat Bugzilla Bug 773280 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a filesystem that, when mounted by the target user, will execute arbitrary code on the target user's system. Impact: A remote user can create a specially crafted filesystem that, when mounted

74

U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

36: Microsoft JScript and VBScript Engine Integer Overflow Lets 36: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code August 15, 2012 - 7:00am Addthis PROBLEM: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 5.8 ABSTRACT: Execution of arbitrary code via network A remote user can cause arbitrary code to be executed on the target REFERENCE LINKS: technet.microsoft.com/en-us/security/bulletin/ms12-056 http://www.securitytracker.com/id/1027392 CVE-2012-2523 Impact assessment: Medium Discussion: Vulnerability was reported in Microsoft JScript and VBScript. A remote user can cause arbitrary code to be executed on the target user's system. A

75

T-695: Avaya Aura Application Server Buffer Overflow in 'cstore...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

to 1.0.2 (MCP11.0.0.02011-01-07-1526 with MAS QFE patch: QFE-platform-6.0.244-0001.zip), or upgrade to MAS 2.0 with Patch Bundle 10 or later. Avaya strongly recommends that...

76

U-043: Attachmate Reflection Buffer Overflow in FTP Client Lets...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

for HP version 14.x Reflection for UNIX and OpenVMS version 14.x Reflection for ReGIS Graphics version 14.x Reflection for IBM version 14.x Reflection X version 14.x ABSTRACT: A...

77

Cyclogenesis in the Denmark Strait Overflow Plume  

Science Conference Proceedings (OSTI)

A densely spaced hydrographic survey of the northern Irminger Basin together with satellite-tracked near-surface drifters confirm the intense mesoscale variability within and above the Denmark Strait overflow. In particular, the drifters show ...

Johann H. Jungclaus; Janko Hauser; Rolf H. Käse

2001-11-01T23:59:59.000Z

78

National Vulnerability Database Full Vulnerability Listing  

Science Conference Proceedings (OSTI)

NVD Complete Vulnerability Listing. This web page contains direct links to every National Vulnerability Database vulnerability entry. ...

79

Marginal Sea Overflows and the Upper Ocean Interaction  

Science Conference Proceedings (OSTI)

Marginal sea overflows and the overlying upper ocean are coupled in the vertical by two distinct mechanisms—by an interfacial mass flux from the upper ocean to the overflow layer that accompanies entrainment and by a divergent eddy flux ...

Shinichiro Kida; Jiayan Yang; James F. Price

2009-02-01T23:59:59.000Z

80

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

211: IBM iNotes Multiple Vulnerabilities 211: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer...

82

The Upper-Oceanic Response to Overflows: A Mechanism for the Azores Current  

Science Conference Proceedings (OSTI)

The oceanic response to overflows is explored using a two-layer isopycnal model. Overflows enter the open ocean as dense gravity currents that flow along and down the continental slope. While descending the slope, overflows typically double their ...

Shinichiro Kida; James F. Price; Jiayan Yang

2008-04-01T23:59:59.000Z

83

Argonne's Vulnerability  

NLE Websites -- All DOE Office Websites (Extended Search)

finding finding and fixing security flaws Argonne's Vulnerability assessment Team VAT researchers spend their workdays devising and demonstrating ways to defeat a wide variety of security devices, systems, and programs, ranging from electronic voting machines and global positioning systems (GPS) to nuclear safeguards programs and biometrics-based access control. This involves analyzing the security features, reverse-engineering the technology or

84

Generalized Conditions for Hydraulic Criticality of Oceanic Overflows  

Science Conference Proceedings (OSTI)

Two methods for assessing the hydraulic criticality of an observed or modeled overflow are discussed. The methods are valid for single-layer deep flows with arbitrary potential vorticity and cross section. The first method is based on a purely ...

Larry Pratt; Karl Helfrich

2005-10-01T23:59:59.000Z

85

Causes of Changes in the Denmark Strait Overflow  

Science Conference Proceedings (OSTI)

The warming Nordic seas potentially tend to decrease the overflow across the Greenland–Iceland–Scotland Ridge (GISR) system. Recent observations by Macrander et al. document a significant drop in the intensity of outflowing Denmark Strait ...

Armin Köhl; Rolf H. Käse; Detlef Stammer; Nuno Serra

2007-06-01T23:59:59.000Z

86

Is the Faroe Bank Channel Overflow Hydraulically Controlled?  

Science Conference Proceedings (OSTI)

The overflow of dense water from the Nordic Seas through the Faroe Bank Channel (FBC) has attributes suggesting hydraulic control—primarily an asymmetry across the sill reminiscent of flow over a dam. However, this aspect has never been confirmed ...

James B. Girton; Lawrence J. Pratt; David A. Sutherland; James F. Price

2006-12-01T23:59:59.000Z

87

U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Multiple Flaws Let Remote Users Execute Arbitrary Code T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code U-126: Cisco...

88

U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerabilit...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. reference LINKS: Vendor Advisory Secunia Advisroy 48125 No CVE references. IMPACT...

89

BUFFERED WELL FIELD OUTLINES  

U.S. Energy Information Administration (EIA) Indexed Site

OIL & GAS FIELD OUTLINES FROM BUFFERED WELLS The VBA Code below builds oil & gas field boundary outlines (polygons) from buffered wells (points). Input well points layer must be a...

90

Dissipation of Turbulent Kinetic Energy Inferred from Seagliders: An Application to the Eastern Nordic Seas Overflows  

Science Conference Proceedings (OSTI)

Turbulent mixing is an important process controlling the descent rate, water mass modification, and volume transport augmentation due to entrainment in the dense overflows across the Greenland–Scotland Ridge. These overflows, along with entrained ...

Nicholas Beaird; Ilker Fer; Peter Rhines; Charles Eriksen

2012-12-01T23:59:59.000Z

91

Improving Oceanic Overflow Representation in Climate Models: The Gravity Current Entrainment Climate Process Team  

Science Conference Proceedings (OSTI)

Oceanic overflows are bottom-trapped density currents originating in semienclosed basins, such as the Nordic seas, or on continental shelves, such as the Antarctic shelf. Overflows are the source of most of the abyssal waters, and therefore play ...

Sonya Legg; Tal Ezer; Laura Jackson; Bruce Briegleb; Gokhan Danabasoglu; William Large; Wanli Wu; Yeon Chang; Tamay M. Özgökmen; Hartmut Peters; Xiaobiao Xu; Eric P. Chassignet; Arnold L. Gordon; Stephen Griffies; Robert Hallberg; Jim Price; Ulrike Riemenschneider; Jiayan Yang

2009-05-01T23:59:59.000Z

92

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

buffer overflow. http:energy.govcioarticlesu-152-openssl-asn1d2ireadbio-der-format-data-processing-vulnerability Page EA-1886: Big Sky Regional Carbon Sequestration...

93

BUFFERED WELL FIELD OUTLINES  

U.S. Energy Information Administration (EIA) Indexed Site

OIL & GAS FIELD OUTLINES FROM BUFFERED WELLS OIL & GAS FIELD OUTLINES FROM BUFFERED WELLS The VBA Code below builds oil & gas field boundary outlines (polygons) from buffered wells (points). Input well points layer must be a feature class (FC) with the following attributes: Field_name Buffer distance (can be unique for each well to represent reservoirs with different drainage radii) ...see figure below. Copy the code into a new module. Inputs: In ArcMap, data frame named "Task 1" Well FC as first layer (layer 0). Output: Polygon feature class in same GDB as the well points FC, with one polygon field record (may be multiple polygon rings) per field_name. Overlapping buffers for the same field name are dissolved and unioned (see figure below). Adds an attribute PCTFEDLAND which can be populated using the VBA

94

Software Vulnerability Taxonomy Consolidation  

SciTech Connect

In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to system administrators, software developers and vulnerability researchers is not yet achieved, this work has resulted in the most exhaustive collection of vulnerability data to date.

Polepeddi, S

2004-12-08T23:59:59.000Z

95

Quantifying software vulnerability  

Science Conference Proceedings (OSTI)

The technique known as ACE Analysis allows researchers to quantify a hardware structure's Architectural Vulnerability Factor (AVF) using simulation. This allows researchers to understand a hardware structure's vulnerability to soft errors and consider ... Keywords: fault tolerance, modeling, soft errors

Vilas Sridharan; David R. Kaeli

2008-05-01T23:59:59.000Z

96

Tornado Vulnerability in Texas  

Science Conference Proceedings (OSTI)

Tornado vulnerability depends on the incidence of and societal exposure to tornadoes for a particular location. This study assesses the vulnerability of Texas counties to tornadoes using tornado incidence and societal exposure composite scores. ...

Richard W. Dixon; Todd W. Moore

2012-01-01T23:59:59.000Z

97

NSTB Summarizes Vulnerable Areas  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Commonly Found in Energy Control Systems Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. The paper "Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems" describes the vulnerabilities and recommended strategies for mitigating them. It should be of use to asset owners and operators, control system vendors, system integrators, and third-party vendors interested in enhancing the security characteristics of current and future products.

98

Mining Local Buffer Data  

Science Conference Proceedings (OSTI)

Web mining employs the techniques of data mining to extract information from the Web for a variety of purposes. The usual sources of data are the log files of WWW or proxy servers. The paper examines the possibility of using the local browser buffer ... Keywords: Behavioural Targeting, Browser Cache, Cacheability, Data Mining, Heaps Law, Internet, Latency, Zipf Law

Andrzej Siemi?ski

2008-06-01T23:59:59.000Z

99

Philosophy on Vulnerability Assessments  

NLE Websites -- All DOE Office Websites (Extended Search)

capabilities/vat/assess/ capabilities/vat/assess/ ARGONNE NATIONAL LABORATORY, Nuclear Engineering Division, 9700 South Cass Ave., Argonne, IL Philosophy on Vulnerability Assessments Argonne Vulnerability Assessment Team Roger G. Johnston, Ph.D., CPP , 630-252-6168 1. There are a number of conventional tools for finding security vulnerabilities. These include security surveys, risk management, design basis threat, CARVER Method, Delphi Method, software vulnerability assessment tools, infrastructure modeling, etc. 2. These tools have some value, and indeed we have used them all. 3. Experience has shown, however, that these methods do not usually result in dramatic improvements to security, nor do they reliably predict catastrophic security incidents that

100

Transport and Dynamics of the Panay Sill Overflow in the Philippine Seas  

Science Conference Proceedings (OSTI)

Observations of stratification and currents between June 2007 and March 2009 reveal a strong overflow between 400- and 570-m depth from the Panay Strait into the Sulu Sea. The overflow water is derived from approximately 400 m deep in the South ...

Zachary D. Tessler; Arnold L. Gordon; Larry J. Pratt; Janet Sprintall

2010-12-01T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

fia-12-0023-matter-thomas-r-thielen Article U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability The vulnerability is caused due to an error...

102

Energy vulnerability relationships  

Science Conference Proceedings (OSTI)

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

103

Oracle Log Buffer Queueing  

SciTech Connect

The purpose of this document is to investigate Oracle database log buffer queuing and its affect on the ability to load data using a specialized data loading system. Experiments were carried out on a Linux system using an Oracle 9.2 database. Previous experiments on a Sun 4800 running Solaris had shown that 100,000 entities per minute was an achievable rate. The question was then asked, can we do this on Linux, and where are the bottlenecks? A secondary question was also lurking, how can the loading be further scaled to handle even higher throughput requirements? Testing was conducted using a Dell PowerEdge 6650 server with four CPUs and a Dell PowerVault 220s RAID array with 14 36GB drives and 128 MB of cache. Oracle Enterprise Edition 9.2.0.4 was used for the database and Red Hat Linux Advanced Server 2.1 was used for the operating system. This document will detail the maximum observed throughputs using the same test suite that was used for the Sun tests. A detailed description of the testing performed along with an analysis of bottlenecks encountered will be made. Issues related to Oracle and Linux will also be detailed and some recommendations based on the findings.

Rivenes, A S

2004-12-08T23:59:59.000Z

104

Plutonium Vulnerability Management Plan  

Science Conference Proceedings (OSTI)

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

105

Overflow Waters at the Iceland-Faroe Ridge Observed in Multi-Year Seaglider Surveys  

Science Conference Proceedings (OSTI)

This paper presents new observations of the overflow waters downstream of the Faroe Bank Channel (FBC) and the Iceland-Faroe Ridge (IFR). Between 2006 and 2009, over 17,400 hydrographic profiles were collected during quarterly deployments in the ...

N. L. Beaird; P. B. Rhines; C. C. Eriksen

106

Descent and Modification of the Overflow Plume in the Denmark Strait  

Science Conference Proceedings (OSTI)

Bulk properties of the Denmark Strait overflow (DSO) plume observed in velocity and hydrography surveys undertaken in 1997 and 1998 are described. Despite the presence of considerable short-term variability, it is found that the pathway and ...

James B. Girton; Thomas B. Sanford

2003-07-01T23:59:59.000Z

107

Fates and travel times of Denmark Strait Overflow Water in the Irminger Basin  

Science Conference Proceedings (OSTI)

The Denmark Strait Overflow (DSO) supplies about one third of the North Atlantic Deep Water and is critical to the global thermohaline circulation. Knowledge of the pathways of DSO through the Irminger Basin and its transformation there is still ...

Inga Koszalka; Thomas W. N. Haine; Marcello G. Magaldi

108

Vulnerability due to Nocturnal Tornadoes  

Science Conference Proceedings (OSTI)

This study investigates the human vulnerability caused by tornadoes that occurred between sunset and sunrise from 1880 to 2007. Nocturnal tornadoes are theorized to enhance vulnerability because they are difficult to spot and occur when the ...

Walker S. Ashley; Andrew J. Krmenec; Rick Schwantes

2008-10-01T23:59:59.000Z

109

Electrodialysis operation with buffer solution  

DOE Patents (OSTI)

A new method for improving the efficiency of electrodialysis (ED) cells and stacks, in particular those used in chemical synthesis. The process entails adding a buffer solution to the stack for subsequent depletion in the stack during electrolysis. The buffer solution is regenerated continuously after depletion. This buffer process serves to control the hydrogen ion or hydroxide ion concentration so as to protect the active sites of electrodialysis membranes. The process enables electrodialysis processing options for products that are sensitive to pH changes.

Hryn, John N. (Naperville, IL); Daniels, Edward J. (Orland Park, IL); Krumdick, Greg K. (Crete, IL)

2009-12-15T23:59:59.000Z

110

Guide to Critical Infrastructure Protection Cyber Vulnerability...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized...

111

Security Automation and the National Vulnerability Database  

Science Conference Proceedings (OSTI)

... 6 Page 7. National Vulnerability Database Role Receive CVE ... Environmental Integrity ... Use Case: Vulnerability Management CVE 2012-3544 30 ...

2013-06-05T23:59:59.000Z

112

HEPA Filter Vulnerability Assessment  

SciTech Connect

This assessment of High Efficiency Particulate Air (HEPA) filter vulnerability was requested by the USDOE Office of River Protection (ORP) to satisfy a DOE-HQ directive to evaluate the effect of filter degradation on the facility authorization basis assumptions. Within the scope of this assessment are ventilation system HEPA filters that are classified as Safety-Class (SC) or Safety-Significant (SS) components that perform an accident mitigation function. The objective of the assessment is to verify whether HEPA filters that perform a safety function during an accident are likely to perform as intended to limit release of hazardous or radioactive materials, considering factors that could degrade the filters. Filter degradation factors considered include aging, wetting of filters, exposure to high temperature, exposure to corrosive or reactive chemicals, and exposure to radiation. Screening and evaluation criteria were developed by a site-wide group of HVAC engineers and HEPA filter experts from published empirical data. For River Protection Project (RPP) filters, the only degradation factor that exceeded the screening threshold was for filter aging. Subsequent evaluation of the effect of filter aging on the filter strength was conducted, and the results were compared with required performance to meet the conditions assumed in the RPP Authorization Basis (AB). It was found that the reduction in filter strength due to aging does not affect the filter performance requirements as specified in the AB. A portion of the HEPA filter vulnerability assessment is being conducted by the ORP and is not part of the scope of this study. The ORP is conducting an assessment of the existing policies and programs relating to maintenance, testing, and change-out of HEPA filters used for SC/SS service. This document presents the results of a HEPA filter vulnerability assessment conducted for the River protection project as requested by the DOE Office of River Protection.

GUSTAVSON, R.D.

2000-05-11T23:59:59.000Z

113

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

114

Securing software : an evaluation of static source code analyzers  

E-Print Network (OSTI)

This thesis evaluated five static analysis tools--Polyspace C Verifier, ARCHER, BOON, Splint, and UNO--using 14 code examples that illustrated actual buffer overflow vulnerabilities found in various versions of Sendmail, ...

Zitser, Misha, 1979-

2003-01-01T23:59:59.000Z

115

Transparent run-time defense against stack smashing attacks  

Science Conference Proceedings (OSTI)

The exploitation of buffer overflow vulnerabilities in process stacks constitutes a significant portion of security attacks. We present two new methods to detect and handle such attacks. In contrast to previous work, the new methods work with any existing ...

Arash Baratloo; Navjot Singh; Timothy Tsai

2000-06-01T23:59:59.000Z

116

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE))

The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides...

117

NSTB Summarizes Vulnerable Areas | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. NSTB Summarizes Vulnerable Areas More Documents & Publications...

118

Doped LZO buffer layers for laminated conductors  

DOE Patents (OSTI)

A laminated conductor includes a metallic substrate having a surface, a biaxially textured buffer layer supported by the surface of the substrate, the biaxially textured buffer layer comprising LZO and a dopant for mitigating metal diffusion through the LZO, and a biaxially textured conductor layer supported by the biaxially textured buffer layer.

Paranthaman, Mariappan Parans (Knoxville, TN); Schoop, Urs (Westborough, MA); Goyal, Amit (Knoxville, TN); Thieme, Cornelis Leo Hans (Westborough, MA); Verebelyi, Darren T. (Oxford, MA); Rupich, Martin W. (Framingham, MA)

2010-03-23T23:59:59.000Z

119

Energy Spending and Vulnerable Households  

E-Print Network (OSTI)

 off than before. In particular large households with low  incomes seem to have been adversely affected by the new tariff structures since  they have comparably large energy expenditure (Bennet et al., 2002).    5. Vulnerable Households and Energy Spending  The...  tariffs can play an important part in the public debate  on  eradicating  fuel  poverty  and  helping  the  vulnerable  households.  Smart  metering  can  provide  consumers  with  information  on  the  actual  energy  consumption and might  lead  to...

Jamasb, Tooraj; Meier, Helena

2011-01-26T23:59:59.000Z

120

Buffered Electrochemical Polishing of Niobium  

SciTech Connect

The standard preparation of superconducting radio-frequency (SRF) cavities made of pure niobium include the removal of a 'damaged' surface layer, by buffered chemical polishing (BCP) or electropolishing (EP), after the cavities are formed. The performance of the cavities is characterized by a sharp degradation of the quality factor when the surface magnetic field exceeds about 90 mT, a phenomenon referred to as 'Q-drop'. In cavities made of polycrystalline fine grain (ASTM 5) niobium, the Q-drop can be significantly reduced by a low-temperature ({approx} 120 C) 'in-situ' baking of the cavity if the chemical treatment was EP rather than BCP. As part of the effort to understand this phenomenon, we investigated the effect of introducing a polarization potential during buffered chemical polishing, creating a process which is between the standard BCP and EP. While preliminary results on the application of this process to Nb cavities have been previously reported, in this contribution we focus on the characterization of this novel electrochemical process by measuring polarization curves, etching rates, surface finish, electrochemical impedance and the effects of temperature and electrolyte composition. In particular, it is shown that the anodic potential of Nb during BCP reduces the etching rate and improves the surface finish.

Gianluigi Ciovati, Hui Tian, Sean Corcoran

2011-03-01T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

Formation of an Azores Current Due to Mediterranean Overflow in a Modeling Study of the North Atlantic  

Science Conference Proceedings (OSTI)

A mechanism for the formation of the Azores Current is proposed. On the basis of observations and model results, it is argued that the primary cause of the Azores Current is the water mass transformation associated with the Mediterranean overflow ...

Yanli Jia

2000-09-01T23:59:59.000Z

122

A Deep-Towed ADCP-CTD Instrument Package Developed for Abyssal Overflow Measurements in the Northeastern Caribbean Sea  

Science Conference Proceedings (OSTI)

A deep-towed instrument package has been developed to study the velocity and tracer signature of abyssal overflows in the northeastern Caribbean. Primary package components include a conductivity-temperature-depth (CTD) instrument and an acoustic ...

David M. Fratantoni; William E. Johns

1996-06-01T23:59:59.000Z

123

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

124

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5, 2012 5, 2012 U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system March 2, 2012 U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address. March 1, 2012 U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability A vulnerability in WorkStation files (.ws) by IBM Personal Communications

125

Linked Stack Buffer Management for Shared-Stacks  

Science Conference Proceedings (OSTI)

Severe memory constraint of wireless sensor networks (WSN) causes lots of problems such as irrecoverable stack overflow and out-of-memory failure. These problems motivated to develop efficient memory management schemes for WSNs. A shared-stack is the ...

Boncheol Gu; Junyoung Heo; Yookun Cho; Younghwan Kim

2008-06-01T23:59:59.000Z

126

Coastal Impacts, Adaptation, and Vulnerabilities  

E-Print Network (OSTI)

· Robert R. Twilley, Louisiana State University · Jordan West, U.S. Environmental Protection Agency Chapter and Restoration Authority of Louisiana · Richard Raynie, Coastal Protection and Restoration Authority of Louisiana.3.7 Emergency Response, Recovery, and Vulnerability Reduction 4.3.8 Coastal and Nearshore Oil and Ga0 4.4 Human

Kossin, James P.

127

Understanding cyber threats and vulnerabilities  

Science Conference Proceedings (OSTI)

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ... Keywords: actor, critical infrastructure, cyber crime, cyber terrorism, cyber threat, cyber vulnerabilities

Eric Luiijf

2012-01-01T23:59:59.000Z

128

Specifying memory consistency of write buffer multiprocessors  

Science Conference Proceedings (OSTI)

Write buffering is one of many successful mechanisms that improves the performance and scalability of multiprocessors. However, it leads to more complex memory system behavior, which cannot be described using intuitive consistency models, such as Sequential ... Keywords: Memory consistency framework, alpha, coherence, partial store order, relaxed memory order, sequential consistency, sparc multiprocessors, total store order, write-buffer architectures

Lisa Higham; Lillanne Jackson; Jalal Kawash

2007-02-01T23:59:59.000Z

129

Approximating the buffer allocation problem using epochs  

Science Conference Proceedings (OSTI)

The correctness of applications that perform asynchronous message passing typically relies on the underlying hardware having a sufficient amount of memory (message buffers) to hold all undelivered messages-such applications may deadlock when executed ... Keywords: Buffer allocation, Complexity, Message passing systems, Parallel and distributed programming

Jan Bíkgaard Pedersen; Alex Brodsky; Jeffrey Sampson

2008-09-01T23:59:59.000Z

130

Buffer management in relational database systems  

Science Conference Proceedings (OSTI)

The hot-set model, characterizing the buffer requirements of relational queries, is presented. This model allows the system to determine the optimal buffer space to be allocated to a query; it can also be used by the query optimizer to derive efficient ...

Giovanni Maria Sacco; Mario Schkolnick

1986-12-01T23:59:59.000Z

131

V-207: Wireshark Multiple Denial of Service Vulnerabilities ...  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

132

V-019: Google Chrome Multiple Vulnerabilities | Department of...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Google Chrome Multiple Vulnerabilities V-019: Google Chrome Multiple Vulnerabilities November 8, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

133

NEHRP - Hazard Vulnerability and Disaster Resiliency ...  

Science Conference Proceedings (OSTI)

... Hazard Vulnerability and Disaster Resiliency. 2013. ... gaps for achieving resilience in the ... protection, emergency response, business continuity, and ...

134

Dynamic buffer management using per-queue thresholds: Research Articles  

Science Conference Proceedings (OSTI)

Shared buffer switches consist of a memory pool completely shared among output ports of a switch. Shared buffer switches achieve low packet loss performance as buffer space is allocated in a flexible manner. However, this type of buffered switches suffers ... Keywords: buffer management, dynamic thresholds, shared memory switch

B. Gazi; Z. Ghassemlooy

2007-05-01T23:59:59.000Z

135

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2, 2012 2, 2012 U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address. February 22, 2012 U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. February 16, 2012 U-105:Oracle Java SE Critical Patch Update Advisory Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

136

Vulnerability Assessment Team (VAT) - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability Assessment Team Vulnerability Assessment Team VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

137

Smart buildings with electric vehicle interconnection as buffer...  

NLE Websites -- All DOE Office Websites (Extended Search)

buildings with electric vehicle interconnection as buffer for local renewables? Title Smart buildings with electric vehicle interconnection as buffer for local renewables?...

138

EPSB (Electronic Partially Shared Buffering): A Buffering Scheme for Asynchronous and Variable Length Optical Routing for the Edge Optical Packet Switch  

Science Conference Proceedings (OSTI)

We propose a new buffering scheme for wavelength division multiplexing (WDM) packet switching: the Electronic Partially Shared Buffering (EPSB) scheme. This buffering scheme incorporates separate buffers (i.e., electronic buffers) for all the outputs ...

Huhnkuk Lim; Chang-Soo Park

2002-01-01T23:59:59.000Z

139

NV: Nessus Vulnerability Visualization for the Web  

SciTech Connect

Network vulnerability is a critical component of network se- curity. Yet vulnerability analysis has received relatively lit- tle attention from the security visualization community. In this paper we describe nv, a web-based Nessus vulnerability visualization. Nv utilizes treemaps and linked histograms to allow system administrators to discover, analyze, and man- age vulnerabilities on their networks. In addition to visual- izing single Nessus scans, nv supports the analysis of sequen- tial scans by showing which vulnerabilities have been fixed, remain open, or are newly discovered. Nv was also designed to operate completely in-browser, to avoid sending sensitive data to outside servers. We discuss the design of nv, as well as provide case studies demonstrating vulnerability analysis workflows which include a multiple-node testbed and data from the 2011 VAST Challenge.

Harrison, Lane [University of North Carolina, Charlotte; Spahn, Riley B [ORNL; Iannacone, Michael D [ORNL; Downing, Evan P [ORNL; Goodall, John R [ORNL

2012-01-01T23:59:59.000Z

140

Mining Bug Databases for Unidentified Software Vulnerabilities  

SciTech Connect

Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

2012-06-01T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

Assessing Network Infrastructure Vulnerabilities to Physical ...  

Science Conference Proceedings (OSTI)

... networks, air traffic control systems, and water distribution systems ... is that we consider the vulnerability to this ... States is buried in the ground within a ...

1999-11-05T23:59:59.000Z

142

U-198: IBM Lotus Expeditor Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

143

Vulnerability analysis of three remote voting methods  

E-Print Network (OSTI)

This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities.

Enguehard, Chantal

2009-01-01T23:59:59.000Z

144

Seals Applications - Vulnerability Assessment Team - Nuclear...  

NLE Websites -- All DOE Office Websites (Extended Search)

Physical Security Maxims Read the Security Maxims Devil's Dictionary of Security Terms For more information: Vulnerability Assessment Section Sect. Manager: Roger G....

145

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

146

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This...

147

Multics Security Evaluation (Volume II): Vulnerability Analysis  

Science Conference Proceedings (OSTI)

Page 1. ESD-TR-74-J93, Vor. II ' MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS Pau r A. Karger, 2Lt ...

2013-04-15T23:59:59.000Z

148

Toward a Resiliency and Vulnerability Observatory Network ...  

Science Conference Proceedings (OSTI)

... is already undertaking extensive investment in its ... vulnerability or more generally, equity, should permeate all ... etc.), parcel and/or tax portfolio data ...

2009-02-05T23:59:59.000Z

149

Fast Algorithms for Slew-Constrained Minimum Cost Buffering  

Science Conference Proceedings (OSTI)

As a prevalent constraint, sharp slew rate is often required in circuit design, which causes a huge demand for buffering resources. This problem requires ultrafast buffering techniques to handle large volume of nets while also minimizing buffering cost. ... Keywords: Buffer insertion, NP-complete, input slew, interconnect, slew constraint

Shiyan Hu; C. J. Alpert; Jiang Hu; S. K. Karandikar; Zhuo Li; Weiping Shi; C. N. Sze

2007-11-01T23:59:59.000Z

150

An efficient net ordering algorithm for buffer insertion  

Science Conference Proceedings (OSTI)

There are efficient algorithms for net-based buffer insertion but they lead to sub-optimal path delays or unnecessarily large number of buffers due to their lack of global view. This can increase power consumption as well as die area. The ordering of ... Keywords: buffer insertion, buffer usage, net ordering

Hamid Reza Kheirabadi; Morteza Saheb Zamani

2007-03-01T23:59:59.000Z

151

U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

26: Cisco Adaptive Security Appliances Port Forwarder ActiveX 26: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability March 16, 2012 - 7:00am Addthis PROBLEM: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability PLATFORM: Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Secunia Advisory SA48422 SecurityTracker Alert ID: 1026799 CVE-2012-0358 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted HTML that, when loaded by the

152

Implementing Virtual Buffer for Electric Power Grids  

Science Conference Proceedings (OSTI)

The electric power grid is a vital network for every aspect of our life. The lack of buffer between generation and consumption makes the power grid unstable and fragile. While large scale power storage is not technically and economically feasible at ... Keywords: Artificial Intelligence, Dynamic Data Driven, Electric Power Grid

Rong Gao; Lefteri H. Tsoukalas

2007-05-01T23:59:59.000Z

153

The F-Buffer: A Rasterization-Order FIFO Buffer for Multi-Pass Rendering  

E-Print Network (OSTI)

Multi-pass rendering is a common method of virtualizing graphics hardware to overcome limited resources. Most current multi-pass rendering techniques use the RGBA framebuffer to store intermediate results between each pass. This method of storing intermediate results makes it difficult to correctly render partially-transparent surfaces, and reduces the performance of shaders that need to preserve more than one intermediate result between passes. We propose an alternative approach to storing intermediate results that solves these problems. This approach stores intermediate colors (or other values) that are generated by a rendering pass in a FIFO buffer as the values exit the fragment pipeline. On a subsequent pass, the contents of the FIFO buffer are fed into the top of the fragment pipeline. We refer to this FIFO buffer as a fragment-stream buffer (or F-buffer), because this approach has the effect of associating intermediate results with particular rasterization fragments, rather than with an (x,y) location in the framebuffer. Implementing an F-buffer requires some changes to current mainstream graphics architectures, but these changes can be minor. We describe the design space associated with implementing an F-buffer, and compare the F-buffer to recirculating pipeline designs. We implement F-buffers in the Mesa software renderer, and demonstrate our programmable-shading system running on top of this renderer. CR Categories: I.3.1 [Computer Graphics]: Hardware Architecture---Graphics processors; I.3.7 [Computer Graphics]: Three-Dimensional Graphics and Realism---Color, shading, shadowing, and texture 1

William R. Mark; Kekoa Proudfoot

2001-01-01T23:59:59.000Z

154

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19, 2011 19, 2011 T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) May 18, 2011 T-625: Opera Frameset Handling Memory Corruption Vulnerability The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

155

On the Effective Capacity of the Dense-Water Reservoir for the Nordic Seas Overflow: Some Effects of Topography and Wind Stress  

Science Conference Proceedings (OSTI)

The overflow of the dense water mass across the Greenland–Scotland Ridge (GSR) from the Nordic Seas drives the Atlantic meridional overturning circulation (AMOC). The Nordic Seas is a large basin with an enormous reservoir capacity. The volume of ...

Jiayan Yang; Lawrence J. Pratt

2013-02-01T23:59:59.000Z

156

Definitions, Seals - Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Definitions Definitions VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

157

Safety - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety Safety VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

158

Useful Resources- Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Publications Selected Publications VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

159

T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

160

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple...

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

India-Vulnerability Assessment and Enhancing Adaptive Capacities...  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

162

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

163

Election Security - Vulnerability Assessment Team - Nuclear Engineerin...  

NLE Websites -- All DOE Office Websites (Extended Search)

on LinkedIn The Vulnerability Assessment Team has demonstrated easy to execute, non-cyber attacks on two different kinds of electronic voting machines. We believe that too...

164

New York City's Vulnerability to Coastal Flooding  

Science Conference Proceedings (OSTI)

New York City, New York (NYC), is extremely vulnerable to coastal flooding; thus, verification and improvements in storm surge models are needed in order to protect both life and property. This paper highlights the Stony Brook Storm Surge (SBSS) ...

Brian A. Colle; Frank Buonaiuto; Malcolm J. Bowman; Robert E. Wilson; Roger Flood; Robert Hunter; Alexander Mintz; Douglas Hill

2008-06-01T23:59:59.000Z

165

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8, 2013 8, 2013 V-087: Adobe Flash Player Two Vulnerabilities Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system. February 7, 2013 V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow. February 6, 2013 V-085: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks A vulnerability was reported in Cisco Unity Express. February 5, 2013 V-084: RSA Archer eGRC Permits Cross-Site Scripting, Cross-Domain Access, Clickjacking, and File Upload Attacks Several vulnerabilities were reported in RSA Archer eGRC. February 4, 2013 V-083: Oracle Java Multiple Vulnerabilities

166

Buffer Zones Around Protected Areas: A Brief Literature Review  

E-Print Network (OSTI)

1998). Environmental and social impact report the Bahamasclearly focused on the social impacts of buffer zones and

Martino, Diego

2001-01-01T23:59:59.000Z

167

CDKN-Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Cartagena Vulnerability Assessment Cartagena Vulnerability Assessment Jump to: navigation, search Name CDKN-Colombia-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] CDKN-Colombia-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=CDKN-Colombia-Cartagena_Vulnerability_Assessment&oldid=407543

168

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow  

NLE Websites -- All DOE Office Websites (Extended Search)

65: Vulnerability in Microsoft Malware Protection Engine Could 65: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability February 25, 2011 - 7:40am Addthis PROBLEM: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability. PLATFORM: Microsoft Malware Protection Engine Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0 This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0 If the version of the Microsoft Malware Protection Engine is equal to or

169

A framework for modeling rail transport vulnerability  

Science Conference Proceedings (OSTI)

Railroads represent one of the most efficient methods of long-haul transport for bulk commodities, from coal to agricultural products. Over the past fifty years, the rail network has contracted while tonnage has increased. Service, geographically, has been abandoned along short haul routes and increased along major long haul routes, resulting in a network that is more streamlined. The current rail network may be very vulnerable to disruptions, like the failure of a trestle. This paper proposes a framework to model rail network vulnerability and gives an application of this modeling framework in analyzing rail network vulnerability for the State of Washington. It concludes with a number of policy related issues that need to be addressed in order to identify, plan, and mitigate the risks associated with the sudden loss of a bridge or trestle.

Peterson, Steven K [ORNL; Church, Richard L. [University of California, Santa Barbara

2008-01-01T23:59:59.000Z

170

U-261: Novell GroupWise Internet Agent "Content-Length" Integer...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability September...

171

Critical infrastructure protection: The vulnerability conundrum  

Science Conference Proceedings (OSTI)

Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats ... Keywords: Critical infrastructure, Fortification, Interdiction, Policy, Protection, Strategies, Vulnerability

Alan T. Murray; Tony H. Grubesic

2012-02-01T23:59:59.000Z

172

Chemical Safety Vulnerability Working Group Report  

SciTech Connect

This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

1994-09-01T23:59:59.000Z

173

BPD Conversion in a Thin SiC Buffer Layer  

Science Conference Proceedings (OSTI)

Symposium, Advanced Materials for Power Electronics, Power Conditioning, and Power Conversion. Presentation Title, BPD Conversion in a Thin SiC Buffer ...

174

Method of Rapidly Screening Buffer Layers in Photovoltaics  

ORNL 2010-G0647/jcn UT-B ID 200902275 Method of Rapidly Screening Buffer Layers in Photovoltaics Technology Summary This ORNL invention offers a new method to ...

175

Assessing Forested Riparian Buffer Ecological Integrity Using Lidar Data.  

E-Print Network (OSTI)

??Forested riparian buffers (FRB) provide numerous critical ecosystem services. However, the linear and often narrow spatial configuration of FRBs makes it difficult to identify broadscale… (more)

Wasser, Leah

2012-01-01T23:59:59.000Z

176

V-038: Google Chrome Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Two Vulnerabilities 8: Google Chrome Two Vulnerabilities V-038: Google Chrome Two Vulnerabilities December 3, 2012 - 1:00am Addthis PROBLEM: Google Chrome Two Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 23.0.1271.95. ABSTRACT: Two vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA51447 CVE-2012-5137 CVE-2012-5138 IMPACT ASSESSMENT: High DISCUSSION: Two vulnerabilities have been reported in Google Chrome, where one has an unknown impact and the other can be exploited by malicious people to compromise a user's system. 1) An error exists when handling file paths. 2) A use-after-free error exists when handling media sources. The vulnerabilities are reported in versions prior to 23.0.1271.95. IMPACT:

177

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Secure Gateway Unspecified Vulnerability 6: Citrix Secure Gateway Unspecified Vulnerability T-566: Citrix Secure Gateway Unspecified Vulnerability February 28, 2011 - 11:22pm Addthis PROBLEM: Citrix Secure Gateway Unspecified Vulnerability. PLATFORM: Citrix Secure Gateway version 3.1.4 ABSTRACT: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia Advisory SA43497 Citrix Support IMPACT ASSESSMENT: High Discussion: This vulnerability only affects Secure Gateway version 3.1.4. Secure Gateway version 3.2.0 is not affected by this vulnerability, but Citrix recommends that customers currently using this version upgrade their deployments to version 3.2.1 in line with the guidance provided in

178

Empirical Estimates and Observations of 0Day Vulnerabilities  

Science Conference Proceedings (OSTI)

We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day.

Miles A. McQueen; Trevor A. McQueen; Wayne F. Boyer; May R. Chaffin

2009-01-01T23:59:59.000Z

179

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE  

E-Print Network (OSTI)

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE A Quantitative Approach R. H. Moss A. L. Brenkert E@ntis.fedworld.gov Online ordering: http://www.ntis.gov/ordering.htm #12;iii EXECUTIVE SUMMARY The PNNL Vulnerability

Hultman, Nathan E.

180

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

21 - 27530 of 31,917 results. 21 - 27530 of 31,917 results. Download Enforcement Letter, Intennech, Inc.- March 26, 2010 Enforcement Letter issued to Intermech, Inc. related to Installation and Inspection of Anchor Bolts and Pipe Supports at the DUF6 Conversion Buildings at the Portsmouth and Paducah Gaseous Diffusion Plants http://energy.gov/hss/downloads/enforcement-letter-intennech-inc-march-26-2010 Article V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability The vulnerability addresses the possibility of a heap overflow condition http://energy.gov/cio/articles/v-188-apache-xml-security-xpointer-expressions-processing-buffer-overflow-vulnerability Download AUDIT REPORT: OAS-L-03-03 Follow-Up Audit on the Department's Managment of Field Contractor Employees

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL  

NLE Websites -- All DOE Office Websites (Extended Search)

259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic 259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: RSA BSAFE SSL-C prior to 2.8.6 ABSTRACT: RSA BSAFE SSL-C Multiple Vulnerabilities reference LINKS: Secunia Advisory SA50601 SecurityTracker Alert ID: 1027514 SecurityTracker Alert ID: 1027513 CVE-2011-3389 CVE-2012-2110 CVE-2012-2131 IMPACT ASSESSMENT: High Discussion: EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can

182

Current isolating epitaxial buffer layers for high voltage photodiode array  

DOE Patents (OSTI)

An array of photodiodes in series on a common semi-insulating substrate has a non-conductive buffer layer between the photodiodes and the semi-insulating substrate. The buffer layer reduces current injection leakage between the photodiodes of the array and allows optical energy to be converted to high voltage electrical energy.

Morse, Jeffrey D. (Martinez, CA); Cooper, Gregory A. (Pleasant Hill, CA)

2002-01-01T23:59:59.000Z

183

Tracking system bugs: why are buffer overruns still around?  

Science Conference Proceedings (OSTI)

A buffer overrun is caused by the limited size of a string variable's allocated space and the unlimited size of the actual string that is stored in the space. In the C programming language, it is the programmer's responsibility to make sure the actual ... Keywords: buffer overrun, c programming, string overwrite

Cherry Keahey Owen

2007-10-01T23:59:59.000Z

184

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

28, 2011 28, 2011 T-566: Citrix Secure Gateway Unspecified Vulnerability A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. February 18, 2011 T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device. February 17, 2011 T-559: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution attackers to execute arbitrary code via

185

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5, 2011 5, 2011 T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. January 4, 2011 T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied

186

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

March 1, 2011 March 1, 2011 T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges A vulnerability was reported in the Linux Kernel. A local user may be able to obtain elevated privileges on the target system. A physically local user can connect a storage device with a specially crafted LDM partition table to trigger a buffer overflow in the ldm_frag_add() function in 'fs/partitions/ldm.c' and potentially execute arbitrary code with elevated privileges. February 28, 2011 T-566: Citrix Secure Gateway Unspecified Vulnerability A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. February 25, 2011 T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow

187

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

188

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

189

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

190

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

191

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

192

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

162: Drupal Multiple Vulnerabilities 162: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

193

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

194

T-540: Sybase EAServer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: Sybase EAServer Multiple Vulnerabilities 40: Sybase EAServer Multiple Vulnerabilities T-540: Sybase EAServer Multiple Vulnerabilities January 24, 2011 - 6:16am Addthis PROBLEM: Sybase EAServer Multiple Vulnerabilities PLATFORM: Sybase EAServer versions 6.3 and prior ABSTRACT: Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information. Sybase EAServer versions 6.3 and prior are affected. reference LINKS: Bugtraq ID: 45809 SyBase Advisory IMPACT ASSESSMENT: Medium Discussion: Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over

195

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Colombia-Cartagena Vulnerability Assessment Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] Colombia-CDKN-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=Colombia-Cartagena_Vulnerability_Assessment&oldid=699760"

196

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

197

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

62: Drupal Multiple Vulnerabilities 62: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

198

T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities 6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities March 14, 2011 - 3:05pm Addthis PROBLEM: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. PLATFORM: Sun Solaris 10 ABSTRACT: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. reference LINKS: Secunia Advisory: SA43747 Oracle Sun Advisory: CVE Multiple Vulnerabilities in Adobe Flash Player Secure List: SA43747 Oracle Sun Support Adobe Flash Player for Linux and Solaris IMPACT ASSESSMENT: High Discussion: Oracle has acknowledged multiple vulnerabilities in Solaris, which can be exploited by malicious people to disclose sensitive information, bypass

199

Gilliam County Riparian Buffers; 2003-2004 Annual Reports.  

DOE Green Energy (OSTI)

Interest appears to be at an all-time high for riparian conservation programs in Gilliam County. With the recently added Herbaceous Buffer and the already established CREP program interest is booming. However, more and more people are turning towards the herbaceous buffer because of expense. The riparian forest buffer is becoming too expensive. Even with the excellent cost share and incentives landowners are having trouble with Farm Service Agency's payment limitation. Because of this payment limitation landowners are not receiving their full rental and incentive payments, usually in year one. This has cooled the installation of riparian forest buffers and peaked interest in the CP-29 (Herbaceous Buffer for Wildlife). Either way, riparian lands are being enhanced and water quality is being improved. Year three should be very similar to the accomplishments of year 2. There has already been several projects proposed that may or may not be approved during year 3. I am currently working on three projects that are all over 2.5 miles long on each side and total anywhere from 60 to 250 acres in size. Along with these three projects there at least seven small projects being proposed. Four of those projects are riparian forest buffers and the remaining are herbaceous buffers.

Coiner, Josh (Gilliam Soil and Water Conservation District, Condon, OR)

2004-06-01T23:59:59.000Z

200

Wasco Riparian Buffer Project, Annual Report 2003-2004.  

DOE Green Energy (OSTI)

This project implements riparian buffer systems in the Mid-Columbia, addressing limiting factors identified in the Deschutes River Sub-basin Summary, March 2, 2001. This project is providing the technical planning support needed to implement at least 20 riparian buffer system contracts on approximately 800 acres covering an estimated 36 miles of anadromous fish streams. During this second year of implementation, 17 buffer contracts were established on 173,462 ft. of stream (25.9 miles). Acreage included in the buffers totaled 891.6 acres. Average buffer width was 112 ft. on each side of the stream. Cumulative totals through the first two project years are 26 buffers on 36.6 stream miles covering 1,283.6 acres. Actual implementation costs, lease payments, and maintenance costs will be borne by existing USDA programs: Conservation Reserve (CRP) and Conservation Reserve Enhancement Programs (CREP). The lease period of each contract may vary from 10 to 15 years. During this year, the average lease period was 14.9 years. The total value of contracts established this year is $1,421,268 compared with $55,504 in BPA contract costs to provide the technical support needed to get the contracts implemented. Cumulative contract value for the first two years is $1,919,451 compared to $103,329 cost to BPA. This project provides technical staffing to conduct assessments and develop conservation plans required for riparian buffer systems to help keep pace with a growing backlog of potential buffer projects. This project meets a critical need in the lower Deschutes and lower John Day River basins and complements the Riparian Buffer project approved for Fifteenmile watershed, Project No. 2001-021-00 begun in fiscal year 2001. This project supports RPA 150 and 153 as required under the Federal Hydropower System biological opinion and benefits the mid-Columbia ESU of steelhead.

Graves, Ron

2003-07-01T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

High-speed buffer management for 40 Gb/s-based photonic packet switches  

Science Conference Proceedings (OSTI)

We develop a method of high-speed buffer management for output-buffered photonic packet switches. The use of optical fiber delay lines is a promising solution to constructing optical buffers. The buffer manager determines packet delays in the fiber delay ... Keywords: buffer management, parallel processing, photonic packet switching, pipeline processing, variable-length optical packet

Hiroaki Harai; Masayuki Murata

2006-02-01T23:59:59.000Z

202

Closed form solutions to simultaneous buffer insertion/sizing and wire sizing  

Science Conference Proceedings (OSTI)

In this paper, we consider the delay minimization problem of an interconnect wire by simultaneously considering buffer insertion, buffer sizing and wire sizing. We consider three cases, namely using no buffer (i.e., wire sizing alone), using a given ... Keywords: buffer insertion, buffer sizing, closed form solution, interconnect optimization, wire sizing

Chris Chu; D. F. Wong

2001-07-01T23:59:59.000Z

203

Enhanced adhesion for LIGA microfabrication by using a buffer layer  

DOE Patents (OSTI)

The present invention is an improvement on the LIGA microfabrication process wherein a buffer layer is applied to the upper or working surface of a substrate prior to the placement of a resist onto the surface of the substrate. The buffer layer is made from an inert low-Z material (low atomic weight), a material that absorbs secondary X-rays emissions from the substrate that are generated from the substrate upon exposure to a primary X-rays source. Suitable materials for the buffer layer include polyamides and polyimide. The preferred polyimide is synthesized from pyromellitic anhydride and oxydianiline (PMDA-ODA).

Bajikar, Sateesh S.; DeCarlo, Francesco; Song, Joshua J.

1998-05-22T23:59:59.000Z

204

SoftBound: highly compatible and complete spatial memory safety for c  

Science Conference Proceedings (OSTI)

The serious bugs and security vulnerabilities facilitated by C/C++'s lack of bounds checking are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary pointer arithmetic, conflation of pointers and arrays, and programmer-visible ... Keywords: buffer overflows, c, spatial memory safety

Santosh Nagarakatte; Jianzhou Zhao; Milo M.K. Martin; Steve Zdancewic

2009-06-01T23:59:59.000Z

205

THE ROLE OF BUFFER GASES IN OPTOAOOUSTIC SPECTROSCOPY  

E-Print Network (OSTI)

and isotopic effects, heat capacity, thermal conductivity,and Ca p v p v are the heat capacities of the buffer and ab-function of: absorbed, the heat capacity of the mixture, 2)

Thomas III, L.J.

2011-01-01T23:59:59.000Z

206

SMOOTH OIL & GAS FIELD OUTLINES MADE FROM BUFFERED WELLS  

U.S. Energy Information Administration (EIA) Indexed Site

The VBA code provided at the bottom of this document is an updated version The VBA code provided at the bottom of this document is an updated version (from ArcGIS 9.0 to ArcGIS 9.2) of the polygon smoothing algorithm described below. A bug that occurred when multiple wells had the same location was also fixed. SMOOTH OIL & GAS FIELD OUTLINE POLYGONS MADE FROM BUFFERED WELLS Why smooth buffered field outlines? See the issues in the figure below: [pic] The smoothing application provided as VBA code below does the following: Adds area to the concave portions; doesn't add area to convex portions to maintain buffer spacing Fills in non-field "islands" smaller than buffer size Joins separate polygon rings with a "bridge" if sufficiently close Minimizes increase in total field area Methodology: creates trapezoids between neighboring wells within an oil/gas

207

Alternatives to the gradient in optimal transfer line buffer allocation  

E-Print Network (OSTI)

This thesis describes several directions to replace the gradient in James Schor's gradient algorithm to solve the dual problem. The alternative directions are: the variance and standard deviation of buffer levels, the ...

Tanizar, Ketty, 1978-

2004-01-01T23:59:59.000Z

208

Buffer-Gas Cooled Bose-Einstein Condensate  

E-Print Network (OSTI)

We report the creation of a Bose-Einstein condensate using buffer-gas cooling, the first realization of Bose-Einstein condensation using a broadly general method which relies neither on laser cooling nor unique atom-surface ...

Ketterle, Wolfgang

209

Usefulness of local buffer data for WWW objects prefetching  

Science Conference Proceedings (OSTI)

The sole aim of the prefetching of WWW objects is to shorten the Time To Display (TTD) of web pages. The paper indicates that user oriented prefetching has a great potential. The paper discuses the pros and cons of exploiting the browser buffer ... Keywords: WWW objects, browser cache, data mining, internet, latency, link text diversity, local buffer data, object prefetching, time to display, web pages, web usage

Andrzej Sieminski

2008-09-01T23:59:59.000Z

210

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

211

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Multiple Vulnerabilities 1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: versions prior to 26.0.1410.43. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Secunia Advisory SA52761 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. IMPACT: 1) A use-after-free error exists in Web Audio.

212

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Vulnerabilities 5: Google Chrome Multiple Vulnerabilities V-105: Google Chrome Multiple Vulnerabilities March 6, 2013 - 12:09am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome prior to 25.0.1364.152. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA52454 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities in Google Chrome may have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in frame loader. 2) A use-after-free error exists in browser navigation handling.

213

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

214

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Unified Customer Voice Portal (CVP) Multiple 2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT: Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. REFERENCE LINKS: Secunia Advisory SA53306 Cisco Advisory ID cisco-sa-20130508-cvp Cisco Applied Mitigation Bulletin CVE-2013-1220 CVE-2013-1221 CVE-2013-1222 CVE-2013-1223 CVE-2013-1224 CVE-2013-1225 IMPACT ASSESSMENT: Medium DISCUSSION:

215

V-097: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Google Chrome Multiple Vulnerabilities 7: Google Chrome Multiple Vulnerabilities V-097: Google Chrome Multiple Vulnerabilities February 22, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome PLATFORM: The vulnerabilities are reported in versions prior to Google Chrome 24.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52320 Chrome Stable Channel Update CVE-2013-0879 CVE-2013-0880 CVE-2013-0881 CVE-2013-0882 CVE-2013-0883 CVE-2013-0884 CVE-2013-0885 CVE-2013-0886 CVE-2013-0887 CVE-2013-0888 CVE-2013-0889 CVE-2013-0890 CVE-2013-0891 CVE-2013-0892 CVE-2013-0893

216

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

217

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

218

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Data Studio Web Console Java Multiple Vulnerabilities 8: IBM Data Studio Web Console Java Multiple Vulnerabilities V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities June 14, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE REFERENCE LINKS: Secunia Advisory SA53778 IBM Flash Alert 1640533 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: High DISCUSSION: An unspecified vulnerability within the JSSE component could allow: 1) A remote attacker to cause a denial of service 2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of

219

V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Adobe Flash Player / AIR Multiple Vulnerabilities 0: Adobe Flash Player / AIR Multiple Vulnerabilities V-090: Adobe Flash Player / AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player / AIR Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.5.502.149 and prior for Windows and Macintosh Adobe Flash Player versions 11.2.202.262 and prior for Linux Adobe Flash Player versions 11.1.115.37 and prior for Android 4.x Adobe Flash Player versions 11.1.111.32 and prior for Android 3.x and 2.x Adobe AIR versions 3.5.0.1060 and prior Adobe AIR versions 3.5.0.1060 SDK and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR. REFERENCE LINKS: Vulnerability identifier: APSB13-05 Secunia Advisory SA52166 CVE-2013-0637 CVE-2013-0638 CVE-2013-0639

220

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

222

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

223

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

224

U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Bugzilla LDAP Injection and Information Disclosure 1: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities September 5, 2012 - 6:00am Addthis PROBLEM: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: Bugzilla is prone to an LDAP-injection vulnerability and an information-disclosure vulnerability reference LINKS: Bugzilla Homepage Bugzilla Security Advisory Bugtraq ID: 55349 Secunia Advisory SA50433 CVE-2012-3981 CVE-2012-4747 IMPACT ASSESSMENT: Medium Discussion: A vulnerability and a security issue have been reported, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used

225

V-062: Asterisk Two Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Asterisk Two Denial of Service Vulnerabilities 2: Asterisk Two Denial of Service Vulnerabilities V-062: Asterisk Two Denial of Service Vulnerabilities January 4, 2013 - 6:00am Addthis PROBLEM: Asterisk Two Denial of Service Vulnerabilities PLATFORM: The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x. ABSTRACT: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA51689 Asterisk Project Security Advisories CVE-2012-5976 CVE-2012-5977 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via

226

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

227

U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities 6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities December 22, 2011 - 6:30am Addthis PROBLEM: Mozilla Firefox / Thunderbird Multiple Vulnerabilities . PLATFORM: Mozilla Firefox 8.x and Mozilla Thunderbird 8.x ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. reference LINKS: Advisory 2011-53 Advisory 2011-54 Advisory 2011-55 Advisory 2011-56 Advisory 2011-57 Advisory 2011-58 Secunia Advisory: SA47302 IMPACT ASSESSMENT: High Discussion: Vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further

228

V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox Multiple Vulnerabilities 6: Mozilla Firefox Multiple Vulnerabilities V-126: Mozilla Firefox Multiple Vulnerabilities April 4, 2013 - 6:00am Addthis PROBLEM: Mozilla Firefox Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 20.0 ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52770 Secunia Advisory SA52293 Mozilla Security Announcement mfsa2013-30 Mozilla Security Announcement mfsa2013-31 Mozilla Security Announcement mfsa2013-32 Mozilla Security Announcement mfsa2013-34 Mozilla Security Announcement mfsa2013-35

229

U-104: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Flash Player Multiple Vulnerabilities 4: Adobe Flash Player Multiple Vulnerabilities U-104: Adobe Flash Player Multiple Vulnerabilities February 16, 2012 - 6:30am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. reference LINKS: Adobe Security Bulletin Secunia Advisory 48033 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Adobe Flash Player, which

230

U-246: Tigase XMPP Dialback Protection Bypass Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Tigase XMPP Dialback Protection Bypass Vulnerability 6: Tigase XMPP Dialback Protection Bypass Vulnerability U-246: Tigase XMPP Dialback Protection Bypass Vulnerability August 28, 2012 - 7:00am Addthis PROBLEM: Tigase XMPP Dialback Protection Bypass Vulnerability PLATFORM: Tigase 5.x ABSTRACT: A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. reference LINKS: XMPP Standards Foundation Secunia Advisory SA50362 tigase.org CVE-2012-4670 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.

231

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Multiple Vulnerabilities 4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system. PLATFORM: Google Chrome 28.x ABSTRACT: The vulnerabilities are reported in versions prior to 29.0.1547.57 REFERENCE LINKS: Secunia Advisory ID: 1028921 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose

232

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

233

T-730: Vulnerability in Citrix Provisioning Services could result in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

730: Vulnerability in Citrix Provisioning Services could result 730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution September 29, 2011 - 8:30am Addthis PROBLEM: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution. PLATFORM: This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6 Service Pack 1. ABSTRACT: Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. reference LINKS: Citrix Document ID: CTX130846 Security Focus: Bugtraq ID 49803 IMPACT ASSESSMENT:

234

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Multiple Vulnerabilities 8: Google Chrome Multiple Vulnerabilities V-208: Google Chrome Multiple Vulnerabilities August 1, 2013 - 2:32am Addthis PROBLEM: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. PLATFORM: Google Chrome 28.x ABSTRACT: Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54325 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to

235

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

236

U-249: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

49: Google Chrome Multiple Vulnerabilities 49: Google Chrome Multiple Vulnerabilities U-249: Google Chrome Multiple Vulnerabilities August 31, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome 21.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome. reference LINKS: Secunia Advisory SA50447 Stable Channel Update CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An out-of-bounds read error exists when handling line breaks. 2) A bad cast error exists within run-ins.

237

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

238

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Access Gateway Unspecified Security Bypass 6: Citrix Access Gateway Unspecified Security Bypass Vulnerability V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway PLATFORM: Standard Edition 5.0.x prior to 5.0.4.223524. Versions 4.5.x and 4.6.x are not affected by this vulnerability ABSTRACT: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA52479 Security Tracker Alert ID 1028255 com/id/1028255 CVE-2013-2263 Citrix Knowledge Center IMPACT ASSESSMENT: High DISCUSSION: The vulnerability could allow an unauthenticated user to gain access to network resources. IMPACT:

239

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Mozilla Firefox Multiple Vulnerabilities 4: Mozilla Firefox Multiple Vulnerabilities V-214: Mozilla Firefox Multiple Vulnerabilities August 8, 2013 - 2:16am Addthis PROBLEM: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. PLATFORM: Mozilla Firefox 22.x ABSTRACT: The vulnerabilities are reported in versions prior to 23.0. REFERENCE LINKS: Secunia Advisory SA54418 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can

240

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

242

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

243

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

244

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

245

T-550: Apache Denial of Service Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

550: Apache Denial of Service Vulnerability 550: Apache Denial of Service Vulnerability T-550: Apache Denial of Service Vulnerability February 4, 2011 - 3:03am Addthis PROBLEM: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. PLATFORM: Versions prior to 'APR-util' 1.3.10 are vulnerable. ABSTRACT: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption). reference LINKS: Securityfocus

246

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

High Impact High Impact Assessment Bulletins JC3 High Impact Assessment Bulletins RSS June 28, 2013 V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability The vulnerability addresses the possibility of a heap overflow condition June 27, 2013 V-187: Mozilla Firefox Multiple Vulnerabilities These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. June 19, 2013 V-181: Oracle Java SE Critical Patch Update Advisory - June 2013 Multiple vulnerabilities were reported in Oracle Java. June 14, 2013 V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and

247

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

NLE Websites -- All DOE Office Websites (Extended Search)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

248

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

National Nuclear Security Administration (NNSA)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

249

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS Introduction SCADA Security for Managers and Operators Intermediate SCADA Security Training Course Slides...

250

Mapping Climate Change Vulnerability and Impact Scenarios - A...  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change...

251

Locating Climate Insecurity: Where Are the Most Vulnerable Places...  

Open Energy Info (EERE)

Twitter icon Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Name Locating Climate Insecurity: Where Are the Most...

252

The (In)Security of Drug Testing - Vulnerability Assessment Team...  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Papers > The (In)Security of Drug Testing VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security...

253

Effects of buffer thickness on ATW blanket performance.  

DOE Green Energy (OSTI)

This paper presents preliminary results of target and buffer design studies for liquid metal cooled accelerator transmutation of waste (ATW) systems, aimed at maximizing the source importance while simultaneously reducing the irradiation damage to fuel. Using 840 MWt liquid metal cooled ATW designs, the effects of buffer thickness on the blanket performance have been studied. Varying the buffer thickness for a given blanket configuration, system performance parameters have been estimated by a series of calculations using the MCNPX and REBUS-3 codes. The effects of source importance variation are studied by investigating the low-energy (< 20 MeV) neutron source distribution and the equilibrium cycle blanket performance parameters such as fuel inventory, discharge burnup, burnup reactivity loss, and peak fast fluence. For investigating irradiation damage to fuel, the displacements per atom (dpa), hydrogen production, and helium production rates are evaluated at the buffer and blanket interface where the peak fast fluence occurs. Results for the liquid-metal-cooled designs show that the damage rates and the source importance increase monotonically as the buffer thickness decreases. Based on a compromise between the competing objectives of increasing the source importance and reducing the damage rates, a buffer thickness of around 20 cm appears to be reasonable. Investigation of the impact of the proton beam energy on the target and buffer design shows that for a given blanket power level, a lower beam energy (0.6 GeV versus 1 GeV) results in a higher irradiation damage to the beam window. This trend occurs because of the increase in the beam intensity required to maintain the power level.

Yang, W. S.; Mercatali, L.; Taiwo, T. A.; Hill, R. N.

2001-08-10T23:59:59.000Z

254

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61 - 1970 of 28,905 results. 61 - 1970 of 28,905 results. Article U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications. http://energy.gov/cio/articles/u-114-ibm-personal-communications-ws-file-processing-buffer-overflow-vulnerability Article U-075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code A remote user can execute arbitrary Java code on the target system. http://energy.gov/cio/articles/u-075-apache-struts-bug-lets-remote-users-overwrite-files-and-execute-arbitrary-code

255

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5, 2011 5, 2011 T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. February 14, 2011 T-556: BMC PATROL Agent Service Daemon stack-based buffer overflow Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote

256

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61 - 1070 of 28,560 results. 61 - 1070 of 28,560 results. Article DOE Makes Filing with NRC in Support OF Authority to Withdraw Yucca Application DOE today urged the NRC to conclude that DOE has the legal authority to withdraw the pending Yucca Mountain license application. DOE argued that the NRC should review and reverse the contrary... http://energy.gov/gc/articles/doe-makes-filing-nrc-support-authority-withdraw-yucca-application Article U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications. http://energy.gov/cio/articles/u-114-ibm-personal-communications-ws-file-processing-buffer-overflow-vulnerability

257

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0-18381 0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the U.S. Government. Neither the U.S. Government nor any agency thereof, nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness, of any information, apparatus, product, or

258

Using hardware vulnerability factors to enhance AVF analysis  

Science Conference Proceedings (OSTI)

Fault tolerance is now a primary design constraint for all major microprocessors. One step in determining a processor's compliance to its failure rate target is measuring the Architectural Vulnerability Factor (AVF) of each on-chip structure. The AVF ... Keywords: architectural vulnerability factor, fault tolerance, reliability

Vilas Sridharan; David R. Kaeli

2010-06-01T23:59:59.000Z

259

An OVAL-based active vulnerability assessment system for enterprise computer networks  

Science Conference Proceedings (OSTI)

Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter ... Keywords: Attack path, Network security, Open vulnerability assessment language, Predicate logic, Relational database management system, Security vulnerability

Xiuzhen Chen; Qinghua Zheng; Xiaohong Guan

2008-11-01T23:59:59.000Z

260

Fifteenmile Creek Riparian Buffers Project, Annual Report 2002-2003.  

DOE Green Energy (OSTI)

This project implements riparian buffer systems in the Mid-Columbia, addressing limiting factors identified in the Fifteenmile Subbasin Summary, June 30, 2000. The project is providing the technical planning support needed to implement at least 36 riparian buffer system contracts on approximately 872 acres covering an estimated 40 miles of anadromous fish streams over a three year period. During this second year of the project, 11 buffer contracts were implemented on 10.9 miles of stream. Buffer widths averaged 132 ft. on each side of the stream. Implementation included prescribed plantings, fencing, and related practices. Actual implementation costs, lease payments, and maintenance costs are borne by existing USDA programs: Conservation Reserve and Conservation Reserve Enhancement Programs. The lease period of each contract may vary between 10 to 15 years. During this year the average was 14.6 years. The total value of contracts established this year is $666,121 compared with $71,115 in Bonneville Power Administration (BPA) contract costs to provide the technical support needed to get the contracts implemented. This project provides technical staffing to conduct assessments and develop plans to help keep pace with the growing backlog of potential riparian buffer projects. Word of mouth from satisfied customers has brought in many new sign-ups during the year. In addition, specific outreach efforts targeting the orchard areas of the county began to bear fruit with orchardists sign-ups as the project year ended. Progress this second year of project includes only work accomplished in the Fifteenmile subbasin. A similar but separate effort to implement buffers in the Columbia Plateau Province was initiated during the year under project number 2002-019-00. This project supports RPA 150 and 153 as required under the Federal Hydropower System biological opinion.

Graves, Ron

2004-02-01T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

262

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Lotus Domino Multiple Vulnerabilities 8: IBM Lotus Domino Multiple Vulnerabilities V-118: IBM Lotus Domino Multiple Vulnerabilities March 25, 2013 - 12:40am Addthis PROBLEM: IBM Lotus Domino Multiple Vulnerabilities PLATFORM: IBM Domino 8.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Lotus Domino REFERENCE LINKS: IBM Reference #:1627597 Secunia Advisory SA52753 CVE-2012-6277 CVE-2013-0486 CVE-2013-0487 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access. Successful exploitation may require certain knowledge of Domino server configuration. 2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

263

T-625: Opera Frameset Handling Memory Corruption Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Opera Frameset Handling Memory Corruption Vulnerability 5: Opera Frameset Handling Memory Corruption Vulnerability T-625: Opera Frameset Handling Memory Corruption Vulnerability May 18, 2011 - 3:05pm Addthis PROBLEM: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. PLATFORM: Opera versions prior to 11.11 ABSTRACT: The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page. reference LINKS: Secunia Advisory: SA44611 Opera Knowledge Base Opera 11.11 for Windows Opera Download Opera Mobile IMPACT ASSESSMENT: High Discussion: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a

264

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

94: IBM Multiple Products Multiple Vulnerabilities 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1 IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2 ABSTRACT: A weakness and multiple vulnerabilities have been reported in multiple IBM products. REFERENCE LINKS: IBM Reference #:1625624 IBM Product Security Incident Response Blog Secunia Advisory SA52132

265

U-100: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Vulnerabilities 0: Google Chrome Multiple Vulnerabilities U-100: Google Chrome Multiple Vulnerabilities February 10, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. PLATFORM: Google Chrome 16.x ABSTRACT: A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Reference LINKS: Google Announcements and Release Channel Secunia Advisory SA47938 Security Tracker ID 1026654 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some

266

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Agency/Company /Organization: United Nations Development Programme (UNDP) Resource Type: Guide/manual Website: www.beta.undp.org/content/dam/aplaws/publication/en/publications/envir Language: English Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Screenshot This guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate policies and intervention can

267

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

268

T-731:Symantec IM Manager Code Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code Injection Vulnerability. PLATFORM: IM Manager versions prior to 8.4.18 are affected. ABSTRACT: Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. referecnce LINKS: Symantec Security Advisory SYM11-012 Symantec Security Updates Bugtraq ID: 49742 IMPACT ASSESSMENT: High Discussion: Symantec was notified of Cross-Site Scripting and Code injection/execution issues present in the Symantec IM Manager management console. The management console fails to properly filter/validate external inputs. Successful exploitation of SQL Injection or Remote Code execution might

269

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Drupal Secure Password Hashes Module Security Bypass 74: Drupal Secure Password Hashes Module Security Bypass Vulnerability T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability July 22, 2011 - 3:00pm Addthis PROBLEM: Drupal Secure Password Hashes Module Security Bypass Vulnerability PLATFORM: Drupal Secure Password Hashes 6.X-1.0 Drupal Secure Password Hashes 5.X-1.4 ABSTRACT: The Secure Password Hashes module for Drupal is prone to a security-bypass vulnerability. reference LINKS: Drupal Homepage SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities IMPACT ASSESSMENT: Medium Discussion: This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the {users} database column but does not replace the pass attribute of the account

270

V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox Multiple Vulnerabilities 7: Mozilla Firefox Multiple Vulnerabilities V-187: Mozilla Firefox Multiple Vulnerabilities June 27, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Mozilla Firefox PLATFORM: Mozilla Firefox 21.x ABSTRACT: These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53970 Secunia Advisory SA53953 Mozilla Advisory mfsa2013-49 Mozilla Advisory mfsa2013-50 Mozilla Advisory mfsa2013-51 Mozilla Advisory mfsa2013-53 Mozilla Advisory mfsa2013-55 Mozilla Advisory mfsa2013-56 Mozilla Advisory mfsa2013-59 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685

271

Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of  

Open Energy Info (EERE)

Impacts, Vulnerability and Adaptation: The Case of Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Agency/Company /Organization World Agroforestry Centre Sector Land Focus Area Forestry Topics Adaptation, Background analysis, Co-benefits assessment Resource Type Publications Website http://www.worldagroforestry.o Country Philippines UN Region South-Eastern Asia References Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed[1] Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Screenshot This article is a stub. You can help OpenEI by expanding it.

272

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

273

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Security AppScan Enterprise Multiple Vulnerabilities 9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security AppScan Enterprise Multiple Vulnerabilities PLATFORM: IBM Rational AppScan 5.x IBM Rational AppScan 8.x ABSTRACT: IBM has acknowledged multiple vulnerabilities REFERENCE LINKS: IBM Reference #:1626264 Secunia Advisory SA52764 CVE-2008-4033 CVE-2012-4431 CVE-2012-5081 CVE-2013-0473 CVE-2013-0474 CVE-2013-0510 CVE-2013-0511 CVE-2013-0512 CVE-2013-0513 CVE-2013-0532 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a

274

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Multiple vulnerabilities have been reported in Puppet 1: Multiple vulnerabilities have been reported in Puppet V-111: Multiple vulnerabilities have been reported in Puppet March 14, 2013 - 12:12am Addthis PROBLEM: Multiple vulnerabilities have been reported in Puppet PLATFORM: Puppet 2.x Puppet 3.x Puppet Enterprise 1.x Puppet Enterprise 2.x ABSTRACT: Puppet Multiple Vulnerabilities REFERENCE LINKS: Puppet Blog Secunia Advisory SA52596 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request. 2) An input validation error exists in the application and can be exploited

275

Analyses Of Two End-User Software Vulnerability Exposure Metrics  

SciTech Connect

The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

Jason L. Wright; Miles McQueen; Lawrence Wellman

2012-08-01T23:59:59.000Z

276

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Attachmate Reflection Products Java Multiple Vulnerabilities 2: Attachmate Reflection Products Java Multiple Vulnerabilities V-022: Attachmate Reflection Products Java Multiple Vulnerabilities November 13, 2012 - 1:00am Addthis PROBLEM: Attachmate Reflection Products Java Multiple Vulnerabilities PLATFORM: Reflection X 2011 Reflection Suite for X 2011 Reflection for Secure IT Server for Windows Reflection for Secure IT Client and Server for UNIX ABSTRACT: Security issues related to Reflection PKI Services Manager REFERENCE LINKS: PKI Services Manager Technical Note 2560 Secunia Advisory SA51256 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 IMPACT ASSESSMENT: High DISCUSSION: Attachmate has acknowledged multiple vulnerabilities in some Reflection

277

India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Agency/Company /Organization Swiss Agency for Development and Cooperation Sector Energy, Land, Water Focus Area Agriculture Topics Co-benefits assessment, Background analysis Resource Type Lessons learned/best practices Website http://www.intercooperation.or Country India Southern Asia References India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change[1] India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Screenshot Contents 1 Introduction [1] 2 Community-based Institutions [2] 3 Pasture Land Development [3]

278

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

279

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

280

Note: Does The Graphemic Buffer Play A Role In Reading?  

E-Print Network (OSTI)

this paper, we investigate the read ing performance of a patient previously reported as hav ing an impairment at the level of the graphem ic buffer (Kay & Hanley , 1994). Desp ite his spelling problems, this patient is good at read ing fam iliar words, at reading nonwords, and at written lexical decision. This pattern of performance is d iscussed w ith respect to Caramazza, Capasso, and Miceli's (1996) recent claim that damage to the graphem ic buffer leads to a problem in reading that w ill be obvious especially when the patient is asked to read nonwords

J. Richard Hanley; Janice Kay

1998-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

Improving energy efficiency of buffer cache in virtual machines  

Science Conference Proceedings (OSTI)

Main memory contributes a large fraction of energy consumption in powerful servers running virtualization software to support concurrent virtual machines (VMs). Furthermore, data-intensive applications executing inside virtual machines increase the demand ... Keywords: Buffer Cache,Virtual Machine,Energy Management

Lei Ye; Chris Gniady

2012-06-01T23:59:59.000Z

282

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). The coordinating lead author and a principal author was Craig Zamuda of DOE-PI; other principal authors included Bryan Mignone of DOE-PI, and Dan Bilello, KC Hallett, Courtney Lee, Jordan Macknick, Robin Newmark, and Daniel Steinberg of NREL. Vince Tidwell of Sandia National Laboratories, Tom Wilbanks of

283

Reducing US vulnerability to oil supply shocks  

Science Conference Proceedings (OSTI)

The 1990 crisis in the Middle East has raised concern about the United States`s vulnerability to oil supply disruptions. In addition, a number of trends point to increased US dependence on imported oil. Oil imports have increased and production has declined in the United States for the last eight years. Imports now comprise 42 percent of total oil consumption and US dependence on oil imports is projected to increase over the next 20 years. The Energy Modeling Forum forecasts imports to be more than twice domestic production by the year 2010. There are many studies examining the effects of various policies to protect US energy security. Not many consider the Strategic Petroleum Reserve (SPR), which can be a powerful tool in combating energy supply shocks. The SPR can dramatically increase the domestic short run supply elasticity, which has been found to be a key element in the welfare cost of protectionist policies. Upon examining 5 policies the author finds that the SPR together with a protectionist policy works best against a supply disruption. 27 refs., 3 tabs.

Yuecel, M.K. [Federal Reserve Bank of Dallas, TX (United States)

1994-10-01T23:59:59.000Z

284

V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Oracle Solaris Java Multiple Vulnerabilities 1: Oracle Solaris Java Multiple Vulnerabilities V-051: Oracle Solaris Java Multiple Vulnerabilities December 20, 2012 - 12:15am Addthis PROBLEM: Oracle Solaris Java Multiple Vulnerabilities PLATFORM: Oracle Solaris 11.x ABSTRACT: Oracle has acknowledged multiple vulnerabilities in Java included in Solaris REFERENCE LINKS: Secunia Advisory: SA51618 Secunia Advisory: SA50949 Third Party Vulnerability Resolution Blog in Java 7U9 Third Party Vulnerability Resolution Blog in Java 6U37 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5067 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084

285

New Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

More Information More Information VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

286

Insanely Fast Microprocessor Shop - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Insanely Fast Microprocessor Shop Insanely Fast Microprocessor Shop VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

287

About Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Seals Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

288

Findings and Lessons, Seals - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Findings and Lessons Learned Findings and Lessons Learned VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

289

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

290

Rapid Sampling from Sealed Containers - Vulnerability Assessment Team -  

NLE Websites -- All DOE Office Websites (Extended Search)

Nonproliferation and Nonproliferation and National Security > VAT > Current Projects > Rapid Sampling Tools > ... from Sealed Containers VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Tamper & Intrusion Detection Rapid Sampling from Sealed Containers Demo video Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned

291

Common Myths about Tamper Indicating Seals - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Common Myths about Tamper Common Myths about Tamper Indicating Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

292

Automated Vulnerability Detection for Compiled Smart Grid Software  

Science Conference Proceedings (OSTI)

While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

Prowell, Stacy J [ORNL; Pleszkoch, Mark G [ORNL; Sayre, Kirk D [ORNL; Linger, Richard C [ORNL

2012-01-01T23:59:59.000Z

293

NIST SP 800-24, PBX Vulnerability Analysis : Finding Holes In ...  

Science Conference Proceedings (OSTI)

... 35 Silent Monitoring 35 Conferencing 36 ... Dial-back modem vulnerabilities. Unattended remote access to a switch clearly represents a vulnerability. ...

2012-05-09T23:59:59.000Z

294

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

613: Microsoft Excel Axis Properties Remote Code Execution 613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability May 2, 2011 - 7:42am Addthis PROBLEM: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fail to sufficiently validate user-supplied input. PLATFORM: Microsoft Excel (2002-2010) ABSTRACT: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service

295

U-187: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Multiple Vulnerabilities 7: Adobe Flash Player Multiple Vulnerabilities U-187: Adobe Flash Player Multiple Vulnerabilities June 11, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Flash Player PLATFORM: Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux Adobe Flash Player 11.1.115.8 and earlier for Android 4.x Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android ABSTRACT: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates

296

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

297

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

298

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

97: Cisco Adaptive Security Appliances Denial of Service 97: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device. reference LINKS: Vendor Advisory Secunia ID 49647 CVE-2012-3058 IMPACT ASSESSMENT: High Discussion: Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco

299

T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

22: Adobe Acrobat and Reader Unspecified Memory Corruption 22: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability May 13, 2011 - 3:25am Addthis PROBLEM: Adobe Acrobat and Reader contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. PLATFORM: Adobe Reader versions 9.4.1 and prior, versions 8.2.5 and prior, and version 10.0 Acrobat Standard and Professional versions 9.4.1 and prior and version 10.0 Acrobat Standard and Professional versions 8.2.5 and prior Acrobat Professional Extended versions 9.4.1 and prior Acrobat 3D versions 8.2.5 and prior Adobe Flash Player versions 10.2.159.1 and prior for Windows, Macintosh, Linux, and Solaris ABSTRACT: The vulnerability is due to an unspecified error in the affected software

300

T-547: Microsoft Windows Human Interface Device (HID) Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

547: Microsoft Windows Human Interface Device (HID) Vulnerability 547: Microsoft Windows Human Interface Device (HID) Vulnerability T-547: Microsoft Windows Human Interface Device (HID) Vulnerability February 1, 2011 - 3:20am Addthis PROBLEM Microsoft Windows Human Interface Device (HID) Vulnerability. PLATFORM: Microsoft 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a Smartphone that the user connected to the computer. reference LINKS: Security Lab: Reference CVE-2011-0638 CVE Details: Reference CVE-2011-0638 Mitre Reference: CVE-2011-0638

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

U-191: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

91: Oracle Java Multiple Vulnerabilities 91: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes.

302

OLADE-Central America Climate Change Vulnerability Program | Open Energy  

Open Energy Info (EERE)

OLADE-Central America Climate Change Vulnerability Program OLADE-Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program Agency/Company /Organization Latin America Energy Organization Partner Ministries of Energy and Energy Enterprises Sector Energy, Land Topics Background analysis Website http://www.olade.org/proyecto_ Program Start 2010 Program End 2011 Country Belize, Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, Panama Central America, Central America, Central America, Central America, Central America, Central America, Central America References OLADE Energy and Climate Change Projects[1] OLADE is a Latin American organization working with Central American countries on climate change vulnerability for hydroelectric systems and

303

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

304

U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

35: Adobe Flash Player Multiple Vulnerabilities 35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should

305

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM Maximo Asset Management Products Java Multiple 61: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

306

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot. 2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check

307

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-180: IBM Application Manager For Smart Business Multiple V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin 1640752 Secunia Advisory SA53844 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

308

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple 1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

309

U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

SMB share and repairing the installation. 4) An unspecified error within the JavaScript API can be exploited to corrupt memory. NOTE: This vulnerability affects the Macintosh and...

310

Systematic Techniques for Finding and Preventing Script Injection Vulnerabilities  

E-Print Network (OSTI)

2010). http://code. google.com/p/browsersec/wiki/Part1. [101] SecuriTeam. “Google.com UTF-7 XSS Vulnerabilities”.sensitive data of the google.com domain. In the past, Barth

Saxena, Prateek

2012-01-01T23:59:59.000Z

311

Vulnerability beyond Stereotypes: Context and Agency in Hurricane Risk Communication  

Science Conference Proceedings (OSTI)

Risk communication may accentuate or alleviate the vulnerability of people who have particular difficulties responding to the threat of hazards such as hurricanes. The process of risk communication involves how hazard information is received, ...

Heather Lazrus; Betty H. Morrow; Rebecca E. Morss; Jeffrey K. Lazo

2012-04-01T23:59:59.000Z

312

V-061: IBM SPSS Modeler XML Document Parsing Vulnerability |...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

and cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain XML documents and can be exploited via a specially crafted document....

313

Equally Unprepared: Assessing the Hurricane Vulnerability of Undergraduate Students  

Science Conference Proceedings (OSTI)

Students have been described as being both particularly vulnerable to natural disasters and highly resilient in recovery. In addition, they often have been treated as a distinct, homogeneous group sharing similar characteristics. This research ...

Jason L. Simms; Margarethe Kusenbach; Graham A. Tobin

2013-07-01T23:59:59.000Z

314

T-614: Cisco Unified Communications Manager Database Security Vulnerability  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerability is due to unspecified errors in the affected software that may allow the attacker to perform SQL injections. An authenticated, remote attacker could inject arbitrary SQL code on the system, allowing the attacker to take unauthorized actions.

315

U-183: ISC BIND DNS Resource Records Handling Vulnerability ...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability U-038: BIND 9 Resolver crashes after logging an error in query.c T-617: BIND RPZ Processing Flaw Lets Remote Users...

316

System Assurance: Beyond Detecting Vulnerabilities, 1st edition  

Science Conference Proceedings (OSTI)

In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable ...

Nikolai Mansourov; Djenana Campara

2010-12-01T23:59:59.000Z

317

U.S. Energy Sector Vulnerability Report | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process -- and to advance the Energy Department's goal of promoting energy security -- the Department released the U.S. Energy Sector Vulnerability to Climate Change and Extreme Weather report. The report examines current and potential future impacts of climate change trends on the U.S. energy sector, including: Coastal energy infrastructure is at risk from sea level rise, increasing storm intensity and higher storm surge and flooding. Oil and gas production -- including refining, hydraulic fracturing

318

Vulnerability and social risk management in India and Mexico  

E-Print Network (OSTI)

The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

Flores Ballesteros, Luis

2008-01-01T23:59:59.000Z

319

Buffered coscheduling for parallel programming and enhanced fault tolerance  

DOE Patents (OSTI)

A computer implemented method schedules processor jobs on a network of parallel machine processors or distributed system processors. Control information communications generated by each process performed by each processor during a defined time interval is accumulated in buffers, where adjacent time intervals are separated by strobe intervals for a global exchange of control information. A global exchange of the control information communications at the end of each defined time interval is performed during an intervening strobe interval so that each processor is informed by all of the other processors of the number of incoming jobs to be received by each processor in a subsequent time interval. The buffered coscheduling method of this invention also enhances the fault tolerance of a network of parallel machine processors or distributed system processors

Petrini, Fabrizio (Los Alamos, NM); Feng, Wu-chun (Los Alamos, NM)

2006-01-31T23:59:59.000Z

320

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

11, 2011 11, 2011 T-665: Microsoft Security Bulletin Advance Notification for July 2011 Microsoft released 4 bulletins to address vulnerability involving Microsoft Office Suites and Software in Windows OS. This Microsoft Bulletin contains 1 Critical vulnerabilities which require a restart after the applied patch. The Exploitability Index, displays both CVE and Microsoft bulletin ID associated to vulnerability. July 8, 2011 T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker. July 7, 2011

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

31 - 12040 of 26,764 results. 31 - 12040 of 26,764 results. Download Electricity Advisory Committee (EAC) 2012-2013 Membership Roster: December 20, 2012 2012-2013 Membership roster for the Electricity Advisory Committee as of December 20, 2012. http://energy.gov/oe/downloads/electricity-advisory-committee-eac-2012-2013-membership-roster-december-20-2012 Download CX-009914: Categorical Exclusion Determination Plug & Play Solar Photovoltaic for American Homes CX(s) Applied: A9, B3.6 Date: 01/28/2013 Location(s): Massachusetts, Vermont Offices(s): Golden Field Office http://energy.gov/nepa/downloads/cx-009914-categorical-exclusion-determination Article V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability A vulnerability has been reported in RealPlayer http://energy.gov/cio/articles/v-114-realplayer-mp4-processing-buffer-overflow-vulnerability

322

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8, 2011 8, 2011 T-686: IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability. August 5, 2011 T-685: Cisco Warranty CD May Load Malware From a Remote Site Cisco Warranty CD May Load Malware From a Remote Site. August 4, 2011 T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code. August 3, 2011 T-683:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code. August 2, 2011 T-682:Double free vulnerability in MapServer MapServer developers have discovered flaws in the OGC filter support in

323

Smart buildings with electric vehicle interconnection as buffer for local renewables?  

E-Print Network (OSTI)

Smart buildings with electric vehicle interconnection as buffer for local renewables? Michael, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement and partly by NEC Laboratories America Inc. Smart buildings with electric vehicle interconnection as buffer

324

Wheeler County Riparian Buffers; 2002-2003 Annual Report.  

DOE Green Energy (OSTI)

Problems Encountered During Contract Year--Wheeler County residents are mostly non participants when it comes to Farm Services programs. Results of the counties non participation is the rental rates are the lowest in the state. There is a government fear factor as well as an obvious distance limitation. The FSA office is nearly 150 mile roundtrip from two of the counties urban areas. I find myself not only selling the CREP-Riparian Buffer but also selling Farm Services in general. Training has been very limited. NRCS is obviously not designed around training and certification. They are an on-the-job training organization. It has caused a hesitation in my outreach program and a great deal of frustration. I feel my confidence will strengthen with the follow through of the current projects. The most evident problem has come to light as of late. The program is too expensive to implement. The planting is too intensive for a 12''-18'' rainfall area. I provide the potential landowner a spread sheet with the bonuses, the costs, and the final outcome. No matter the situation, CREP or CCRP, the landowner always balks at the cost. The program assumes the landowner has the capital to make the initial investment. For example, project No.2 is going to be a minimum width buffer. It is approximately 3,000 ft long and 5.5 acres. The buffer for tree planting and fencing alone will result in a cost of nearly $13,000. With the water developments it nears $23,000. That is nearly 10% of a 250 mother-cow operating budget. Project No.1, the tree planting estimate is $45,000. This alone is nearly 25% of the same type of budget. I would greatly appreciate any help in finding a third party willing to put money to work covering the initial costs of the program, expecting reimbursement from Farm Services Agency. I believe this could create a powerful tool in buffering streams in Wheeler County. Outlook for Contract Year 2--I have been in this position now for 6 months. I am beginning to feel a much more confident in the buffer program. As my confidence improves I will move forward rapidly in contacting. With increased contacting I will find participating landowners. I am positive the landowner involved in my first project will be doing another after the first is complete.

Potter, Judy; Homer, Will (Wheeler County Soil and Water Conservation District, John Day, OR)

2004-02-01T23:59:59.000Z

325

Simultaneous Driver Sizing and Buffer Insertion Using a Delay Penalty Estimation Technique  

E-Print Network (OSTI)

and K. O. Jeppson, "CMOS circuit speed and buffer optimization," IEEE Trans. Computer-Aided Design, CAD

Chu, Chris C.-N.

326

Large deviation properties of constant rate data streams sharing a buffer with variable rate cross traffic  

Science Conference Proceedings (OSTI)

We consider a constant rate data stream which shares a buffer with a variable rate data stream. A first come first serve service discipline is applied at the buffer. After service at the first buffer the variable rate traffic leaves the system, whereas ... Keywords: 68M20, 90B15, Markov-modulated fluid sources, fluid model, large buffer asymptotics, many sources asymptotics, on-off sources, primary 60F10, queueing network, secondary 60K25

Kurt Majewski

2008-10-01T23:59:59.000Z

327

Buffer sizing for minimum energy-delay product by using an approximating polynomial  

Science Conference Proceedings (OSTI)

This paper first presents an accurate and efficient method of estimating the short circuit energy dissipation and the output transition time of CMOS buffers. Next, the paper describes a sizing method for tapered buffer chains. It is shown that the first-order ... Keywords: buffer sizing, polynomial approximation, short circuit energy

Chang Woo Kang; Soroush Abbaspour; Massoud Pedram

2003-04-01T23:59:59.000Z

328

Numerical methods for analysis of multiflow queuing systems with virtual partition of a common buffer  

Science Conference Proceedings (OSTI)

A new approach is proposed to studying queuing systems with request-specific channels and a common finite buffer for requests of different types. For sharing the common buffer, a virtual partitioning strategy is used. Explicit formulas for blocking probabilities ... Keywords: algorithm of calculation, buffer partition, optimization, queuing system

L. A. Ponomarenko; A. Z. Melikov; M. I. Fattakhova

2005-01-01T23:59:59.000Z

329

A latency-aware scheduling algorithm for all-optical packet switching networks with FDL buffers  

Science Conference Proceedings (OSTI)

Optical buffers implemented by fiber delay lines (FDLs) have a volatile nature due to signal loss and noise accumulation. Packets suffer from excessive recirculation through FDLs, and they may be dropped eventually in their routing paths. Because of ... Keywords: Fiber delay line buffers, Multi-hop packet scheduling, Optical buffering, Optical packet switching, Stochastic analysis

Kuan-Hung Chou; Woei Lin

2011-02-01T23:59:59.000Z

330

Design issues in low-voltage high-speed current-mode logic buffers  

Science Conference Proceedings (OSTI)

A current-mode logic (CML) buffer is based on a simple differential circuit. This paper investigates important problems involved in the design of a CML buffer as well as a chain of tapered CML buffers. A new design procedure to systematically design ... Keywords: VLSI, current-mode logic, high-speed, integrated circuit, noise

Payam Heydari

2003-04-01T23:59:59.000Z

331

Optimal Policy of a Server System with Replication Buffering Relay Method  

Science Conference Proceedings (OSTI)

Recently, a replication buffering relay method has been used for a server system. The replication buffering relay method replicates data synchronously and enables a fast system migration when a disaster has occurred in the main site. We have already ... Keywords: server system, disaster recovery, replication buffering relay method, cost effectiveness

Mitsutaka Kimura; Mitsuhiro Imaizumi; Toshio Nakagawa

2012-11-01T23:59:59.000Z

332

Markov decision models for the optimal maintenance of a production unit with an upstream buffer  

Science Conference Proceedings (OSTI)

We consider a manufacturing system in which a buffer has been placed between the input generator and the production unit. The input generator supplies at a constant rate the buffer with the raw material, which is pulled by the production unit. The pull-rate ... Keywords: Control-limit policies, Dynamic programming, Maintenance, Production, Upstream buffer

A. Pavitsos; E. G. Kyriakidis

2009-06-01T23:59:59.000Z

333

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

334

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

335

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

336

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

337

Soft Error Vulnerability of Iterative Linear Algebra Methods  

Science Conference Proceedings (OSTI)

Devices become increasingly vulnerable to soft errors as their feature sizes shrink. Previously, soft errors primarily caused problems for space and high-atmospheric computing applications. Modern architectures now use features so small at sufficiently low voltages that soft errors are becoming significant even at terrestrial altitudes. The soft error vulnerability of iterative linear algebra methods, which many scientific applications use, is a critical aspect of the overall application vulnerability. These methods are often considered invulnerable to many soft errors because they converge from an imprecise solution to a precise one. However, we show that iterative methods can be vulnerable to soft errors, with a high rate of silent data corruptions. We quantify this vulnerability, with algorithms generating up to 8.5% erroneous results when subjected to a single bit-flip. Further, we show that detecting soft errors in an iterative method depends on its detailed convergence properties and requires more complex mechanisms than simply checking the residual. Finally, we explore inexpensive techniques to tolerate soft errors in these methods.

Bronevetsky, G; de Supinski, B

2007-12-15T23:59:59.000Z

338

Vulnerability Analysis of Energy Delivery Control Systems - 2011 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The goal of the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE) National Supervisory Control and Data Acquisition (SCADA) Test Bed (NSTB) program is to enhance the reliability and resiliency of the Nation's energy infrastructure by reducing the risk

339

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

vulnerability vulnerability identification, dEfense and Restoration (Smart Grid Project) (United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom Coordinates 55.378052°, -3.435973° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":55.378052,"lon":-3.435973,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

340

Locating Climate Insecurity: Where Are the Most Vulnerable Places in  

Open Energy Info (EERE)

Locating Climate Insecurity: Where Are the Most Vulnerable Places in Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Agency/Company /Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.org/system/research_items/pdfs/19/original.pdf?128 UN Region: "Sub-Saharan Africa" is not in the list of possible values (Eastern Africa, Middle Africa, Northern Africa, Southern Africa, Western Africa, Caribbean, Central America, South America, Northern America, Central Asia, Eastern Asia, Southern Asia, South-Eastern Asia, Western Asia, Eastern Europe, Northern Europe, Southern Europe, Western Europe, Australia and New Zealand, Melanesia, Micronesia, Polynesia, Latin America and the Caribbean) for this property.

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

The Journal of Physical Security - Vulnerability Assessment Team - Argonne  

NLE Websites -- All DOE Office Websites (Extended Search)

Current Projects > The Journal of Physical Current Projects > The Journal of Physical Security VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

342

T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Drupal Prepopulate - Multiple vulnerabilities 7: Drupal Prepopulate - Multiple vulnerabilities T-657: Drupal Prepopulate - Multiple vulnerabilities June 29, 2011 - 3:34pm Addthis PROBLEM: Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. PLATFORM: Prepopulate module for Drupal 6.x versions prior to 6.x-2.2 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2011-023 Prepopulate module Prepopulate 6.x-2.2 Update IMPACT ASSESSMENT: High Discussion: The Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. Users privileged to

343

Chemical Safety Vulnerability Working Group report. Volume 1  

Science Conference Proceedings (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

Not Available

1994-09-01T23:59:59.000Z

344

Advance in Vertical Buffered Electropolishing on Niobium for Particle Accelerators*  

Science Conference Proceedings (OSTI)

Niobium (Nb) is the most popular material that has been employed for making superconducting radio frequency (SRF) cavities to be used in various particle accelerators over the last couple of decades. One of the most important steps in fabricating Nb SRF cavities is the final chemical removal of 150 {mu}m of Nb from the inner surfaces of the SRF cavities. This is usually done by either buffered chemical polishing (BCP) or electropolishing (EP). Recently a new Nb surface treatment technique called buffered electropolishing (BEP) has been developed at Jefferson Lab. It has been demonstrated that BEP can produce the smoothest surface finish on Nb ever reported in the literature while realizing a Nb removal rate as high as 10 {mu}m/min that is more than 25 and 5 times quicker than those of EP and BCP(112) respectively. In this contribution, recent advance in optimizing and understanding BEP treatment technique is reviewed. Latest results from RF measurements on BEP treated Nb single cell cavities by our unique vertical polishing system will be reported.

A.T. Wu, S. Jin, J.D. Mammosser, C.E. Reece, R.A. Rimmer,L. Lin, X.Y. Lu, K. Zhao

2011-09-01T23:59:59.000Z

345

Buffer layers on rolled nickel or copper as superconductor substrates  

SciTech Connect

Buffer layer architectures are epitaxially deposited on biaxially-textured rolled substrates of nickel and/or copper and their alloys for high current conductors, and more particularly buffer layer architectures such as Y.sub.2 O.sub.3 /Ni, YSZ/Y.sub.2 O.sub.3 /Ni, Yb.sub.2 O.sub.3 /Ni, Yb.sub.2 O.sub.3 /Y.sub.2 O.sub.3 /Ni, Yb.sub.2 O.sub.3 /CeO.sub.2 /Ni, RE.sub.2 O.sub.3 /Ni (RE=Rare Earth), and Yb.sub.2 O.sub.3 /YSZ/CeO.sub.2 /Ni, Y.sub.2 O.sub.3 /Cu, YSZ/Y.sub.2 O.sub.3 /Cu, Yb.sub.2 O.sub.3 /Cu, Yb.sub.2 O.sub.3 /Y.sub.2 O.sub.3 /Cu, Yb.sub.2 O.sub.3 /CeO.sub.2 /Cu, RE.sub.2 O.sub.3 /Cu, and Yb.sub.2 O.sub.3 /YSZ/CeO.sub.2 /Cu. Deposition methods include physical vapor deposition techniques which include electron-beam evaporation, rf magnetron sputtering, pulsed laser deposition, thermal evaporation, and solution precursor approach, which includes chemical vapor deposition, combustion CVD, metal-organic decomposition, sol-gel processing, and plasma spray.

Paranthaman, Mariappan (Knoxville, TN); Lee, Dominic F. (Knoxville, TN); Kroeger, Donald M. (Knoxville, TN); Goyal, Amit (Knoxville, TN)

2000-01-01T23:59:59.000Z

346

Wheeler County Riparian Buffers; 2004-2005 Annual Report.  

DOE Green Energy (OSTI)

Number of Contacts Made--Over 44 landowner contacts were made regarding CREP potential. Out of those 44 contacts, 15 resulted in on-site visits to the property to discuss available options. Articles were published in the Wheeler SWCD annual report and newsletter totaling a distribution of 1,200. Two informational displays were viewed by approximately 500 people: one at the Wheeler SWCD Annual Meeting and the second at the Wheeler County Fair. Number of Contracts Negotiated and Signed--3 CREP contracts in Wheeler County were signed within this contract period. They included landowners on Stephenson Creek, Bear Creek and Lost Valley Creek. The project done on Lost Valley Creek was handled by the Gilliam Co. Riparian Buffer Specialist filling in during the Wheeler position being vacated. Work was also started and is proceeding on another four contracts. Problems Encountered During Contract Year: (1) Riparian Buffer position vacated in October 2004 and District had difficulty filling the position. This set the district back in some of the delineated goals. Existing district staff is now up-to-speed on training, etc. and District is confident of achieving outlined goals. (2) Issues involving qualification of irrigated rates and how to process irrigated acres through CREP. (3) Issues involving clarification of eligibility as it relates to financial status of landowner; and (4) Landowner comfort in signing up for federal programs.

Greer, Sue (Wheeler County Soil and Water Conservation District, John Day, OR)

2006-01-01T23:59:59.000Z

347

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mac RealPlayer Multiple Vulnerabilities 2: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

348

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: Mac RealPlayer Multiple Vulnerabilities 42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

349

Wheeler County Riparian Buffers; 2003-2004 Annual Report.  

DOE Green Energy (OSTI)

Number of Contacts Made--I have contacted 35 landowners in Wheeler County. Of the 35 contacts 12 have resulted in meeting on their property to discuss available options. Included an article in the Annual Report and Wheeler SWCD newsletter mailed to 550 landowners. Contacts are primarily through networking with others here in the office as well as working closely with the NRCS office. Number of Contracts Negotiated--This Project has produced five riparian buffers within the past contract year. Each has greater meaning to the landowner than simply a buffer. In most cases the buffer is providing the landowner with improved grazing management and/or more reliable water source for livestock. Landowners also feel the enhanced wildlife habitat is a bonus to the program. Other Accomplishments--I took part in the John Day Subbasin Planning process and was able to offer assistance into the inventory items related to Wheeler County. I was often the only local representative able to attend the meetings. I assisted the Wheeler SWCD in writing a successful OWEB grant to remove 110 acres of junipers for watershed restoration, range rehabilitation, and economic development. One partner in the project is a manufacturer that uses juniper as their primary construction material. The goal is to create a pilot project that may grow into a self sustaining industry within the county. I also assisted in writing a small grant to improve water usage in the Muddy Creek watershed. I assisted with the Pine Creek Conservation Area ''Twilight Tour'' as well as the Wheeler SWCD ''Annual Meeting and Dinner''. Both events were successful in getting information out about our riparian buffer program. Facilitate office training and utilization of advanced GIS technology and mapping. Problems Encountered During Contract Year--The NRCS Cultural Resources Review process has ground to a halt. It is takes 6 months to get initial results from the Portland offices. Nearly all requests require site surveys that delay the process even further. The Farm Services Agency is not user friendly when it comes to the CREP program. The program has not been designed to fit everyone along a steelhead stream. Crop/Field designations often negate or complicate CREP eligibility along qualifying streams. I spend a great deal of time mediating between FSA and the landowner. I have lost one interested landowner specifically to the fears related to the Oregon Department of State Lands ''Navigability'' study. Outlook for Contract Year 3--I am currently working on a project area that will encompass nearly six miles of steelhead habitat. It is located in the critical Bridge Creek watershed. Another is nearly three miles in the Mountain Creek Watershed. Both projects will take great steps in improving fish habitat. Both are on Steelhead streams. Further out I am working with two landowners for projects in the Butte Creek watershed that will be highly visible and will likely gain the attention of many more landowners. Like all previous projects, there is a great deal of work in future projects in massaging the landowner into feeling comfortable with the riparian buffer program. The potential to do great things with this program is huge in Wheeler County. Continuing outreach and education efforts will help the process.

Homer, Will (Wheeler County Soil and Water Conservation District, John Day, OR)

2006-01-01T23:59:59.000Z

350

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS  

E-Print Network (OSTI)

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS S A Bhattil environment of an Electricity transmission substation environment is modelled as a Symmetric Alpha Stable of an electricity transmission substation. I. INTRODUCTION In industrial environments, Supervisor Control and Data

Atkinson, Robert C

351

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot- tleneck in mobile devices (the battery power

California at Davis, University of

352

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot­ tleneck in mobile devices (the battery power

Chen, Hao

353

Steganographic information hiding that exploits a novel file system vulnerability  

Science Conference Proceedings (OSTI)

In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. ...

Avinash Srinivasan; Satish Kolli; Jie Wu

2013-08-01T23:59:59.000Z

354

An adaptive architecture of applying vulnerability analysis to IDS alerts  

Science Conference Proceedings (OSTI)

With increasing intrusions and attacks on the Internet, there is an urgent need to develop techniques for network security. Current standalone network security products, such as the firewall systems, the Intrusion Detection System (IDS), the anti-virus ... Keywords: alert, intrusion detection, network security, predicate-based evaluation, vulnerability analysis

Xuejiao Liu; Xin Zhuang; Debao Xiao

2008-07-01T23:59:59.000Z

355

Vulnerabilities Analyzing Model for Alert Correlation in Distributed Environment  

Science Conference Proceedings (OSTI)

With the growing deployment of host and network intrusion detection systems, managing alerts from these systems becomes critically important. A promising approach is to develop a cooperation module between several IDS to achieve alerts correlation and ... Keywords: alert correlation, prerequisites and consequences, hyper-alert type, vulnerability tuple

Wen Long; Yang Xin; Yixian Yang

2009-07-01T23:59:59.000Z

356

An assessment of fire vulnerability for aged electrical relays  

SciTech Connect

There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

1995-03-01T23:59:59.000Z

357

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1, 2012 1, 2012 U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration. April 30, 2012 U-158: HP NonStop Server Java Multiple Vulnerabilities Multiple vulnerabilities have been reported in HP NonStop Server April 24, 2012 U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability A vulnerability was reported in IBM Rational ClearQuest. A remote user can cause arbitrary code to be executed on the target user's system. April 20, 2012 U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability The vulnerability is caused due to a type casting error in the

358

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

28, 2012 28, 2012 V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. December 27, 2012 V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. December 26, 2012 V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service A vulnerability was reported in Firefly Media Server December 25, 2012 V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM

359

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

February 28, 2013 February 28, 2013 V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges A vulnerability was reported in McAfee VirusScan Enterprise. February 26, 2013 V-099: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability A vulnerability has been reported in multiple Honeywell products. February 25, 2013 V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service A vulnerability was reported in the Linux Kernel. February 19, 2013 V-094: IBM Multiple Products Multiple Vulnerabilities A weakness and multiple vulnerabilities have been reported in multiple IBM products. February 18, 2013 V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges Two vulnerabilities were reported in Symantec PGP Desktop.

360

Pulsed extraction of ionization from helium buffer gas  

E-Print Network (OSTI)

The migration of intense ionization created in helium buffer gas under the influence of applied electric fields is considered. First the chemical evolution of the ionization created by fast heavy-ion beams is described. Straight forward estimates of the lifetimes for charge exchange indicate a clear suppression of charge exchange during ion migration in low pressure helium. Then self-consistent calculations of the migration of the ions in the electric field of a gas-filled cell at the National Superconducting Cyclotron Laboratory (NSCL) using a Particle-In-Cell computer code are presented. The results of the calculations are compared to measurements of the extracted ion current caused by beam pulses injected into the NSCL gas cell.

D. J. Morrissey; G. Bollen; M. Facina; S. Schwarz

2008-08-13T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

Design and implementation of a supercomputer frame buffer system  

SciTech Connect

A 512 by 512 pixel by 8 bits per pixel frame buffer has been designed, constructed, and installed on a 48 Mbit/s I/O channel of a Cray X-MP 4/16 supercomputer. This project was undertaken to test whether such a system would be useful and, if so, how it would be used. Supporting software provides the ability to convert vector graphics description files into raster format, to show raster movies interactively, and to show vector files by real-time conversion from vector to raster formats. We have shown that real-time animations in an interactive supercomputer environment are feasible and useful with this system. 6 refs., 3 figs.

Fowler, J.D. Jr.; McGowen, M.

1988-01-01T23:59:59.000Z

362

Superconducting composite with multilayer patterns and multiple buffer layers  

DOE Patents (OSTI)

An article of manufacture is described including a substrate, a patterned interlayer of a material selected from the group consisting of magnesium oxide, barium-titanium oxide or barium-zirconium oxide, the patterned interlayer material overcoated with a secondary interlayer material of yttria-stabilized zirconia or magnesium-aluminum oxide, upon the surface of the substrate whereby an intermediate article with an exposed surface of both the overcoated patterned interlayer and the substrate is formed, a coating of a buffer layer selected from the group consisting of cerium oxide, yttrium oxide, curium oxide, dysprosium oxide, erbium oxide, europium oxide, iron oxide, gadolinium oxide, holmium oxide, indium oxide, lanthanum oxide, manganese oxide, lutetium oxide, neodymium oxide, praseodymium oxide, plutonium oxide, samarium oxide, terbium oxide, thallium oxide, thulium oxide, yttrium oxide and ytterbium oxide over the entire exposed surface of the intermediate article, and, a ceramic superconductor. 5 figures.

Wu, X.D.; Muenchausen, R.E.

1993-10-12T23:59:59.000Z

363

Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach  

Science Conference Proceedings (OSTI)

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and ... Keywords: Genetic algorithms, Information security

Mukul Gupta; Jackie Rees; Alok Chaturvedi; Jie Chi

2006-03-01T23:59:59.000Z

364

Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach  

Science Conference Proceedings (OSTI)

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and ... Keywords: genetic algorithms, information security

Mukul Gupta; Jackie Rees; Alok Chaturvedi; Jie Chi

2006-03-01T23:59:59.000Z

365

U-234: Oracle MySQL User Login Security Bypass Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

234: Oracle MySQL User Login Security Bypass Vulnerability 234: Oracle MySQL User Login Security Bypass Vulnerability U-234: Oracle MySQL User Login Security Bypass Vulnerability August 14, 2012 - 7:00am Addthis PROBLEM: Oracle MySQL User Login Security Bypass Vulnerability PLATFORM: Version(s): prior to 5.1.63 and 5.5.25 are vulnerable. ABSTRACT: Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions. REFERENCE LINKS: http://www.securityfocus.com/bid/53911/discuss CVE-2012-2122 IMPACT ASSESSMENT: Medium Discussion: Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in

366

U-158: HP NonStop Server Java Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP NonStop Server Java Multiple Vulnerabilities 8: HP NonStop Server Java Multiple Vulnerabilities U-158: HP NonStop Server Java Multiple Vulnerabilities April 30, 2012 - 7:00am Addthis PROBLEM: HP NonStop Server Java Multiple Vulnerabilities PLATFORM: HP NonStop Server 6.x ABSTRACT: Multiple vulnerabilities have been reported in HP NonStop Server Reference links: Secunia Advisory SA48977 CVE-2011-3547 CVE-2011-3551 CVE-2011-3553 IMPACT ASSESSMENT: High Discussion: HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact: Successful exploitation of this vulnerability may allow remote manipulation

367

U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Cisco AnyConnect VPN Client Two Vulnerabilities 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader

368

T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution  

Energy.gov (U.S. Department of Energy (DOE))

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

369

Doped Y.sub.2O.sub.3 buffer layers for laminated conductors  

SciTech Connect

A laminated conductor includes a metallic substrate having a surface, a biaxially textured buffer layer supported by the surface of the metallic substrate, the biaxially textured buffer layer comprising Y.sub.2O.sub.3 and a dopant for blocking cation diffusion through the Y.sub.2O.sub.3, and a biaxially textured conductor layer supported by the biaxially textured buffer layer.

Paranthaman, Mariappan Parans (Knoxville, TN); Schoop, Urs (Westborough, MA); Goyal, Amit (Knoxville, TN); Thieme, Cornelis Leo Hans (Westborough, MA); Verebelyi, Darren T. (Oxford, MA); Rupich, Martin W. (Framingham, MA)

2007-08-21T23:59:59.000Z

370

Effect of buffer structures on AlGaN/GaN high electron mobility transistor reliability  

Science Conference Proceedings (OSTI)

AlGaN/GaN high electron mobility transistors (HEMTs) with three different types of buffer layers, including a GaN/AlGaN composite layer, or 1 or 2 lm GaN thick layers, were fabricated and their reliability compared. The HEMTs with the thick GaN buffer layer showed the lowest critical voltage (Vcri) during off-state drain step-stress, but this was increased by around 50% and 100% for devices with the composite AlGaN/GaN buffer layers or thinner GaN buffers, respectively. The Voff - state for HEMTs with thin GaN and composite buffers were 100 V, however, this degraded to 50 60V for devices with thick GaN buffers due to the difference in peak electric field near the gate edge. A similar trend was observed in the isolation breakdown voltage measurements, with the highest Viso achieved based on thin GaN or composite buffer designs (600 700 V), while a much smaller Viso of 200V was measured on HEMTs with the thick GaN buffer layers. These results demonstrate the strong influence of buffer structure and defect density on AlGaN/GaN HEMT performance and reliability.

Liu, L. [University of Florida, Gainesville; Xi, Y. Y. [University of Florida, Gainesville; Ren, F. [University of Florida; Pearton, S. J. [University of Florida; Laboutin, O. [Kopin Corporation, Taunton, MA; Cao, Yu [Kopin Corporation, Taunton, MA; Johnson, Wayne J. [Kopin Corporation, Taunton, MA; Kravchenko, Ivan I [ORNL

2012-01-01T23:59:59.000Z

371

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

March 30, 2011 March 30, 2011 T-591: VMware vmrun Utility Lets Local Users Gain Elevated Privileges The VMware vmrun utility is susceptible to a local privilege escalation in non-standard configurations. March 18, 2011 T-583: Linux Kernel OSF Partition Table Buffer Overflow Lets Local Users Obtain Information A local user can create a storage device with specially crafted OSF partition tables. When the kernel automatically evaluates the partition tables, a buffer overflow may occur and data from kernel heap space may leak to user-space. March 17, 2011 T-581: Novell Access Manager Java Double Literal Denial of Service Vulnerability Novell Access Manager Java Double Literal Denial of Service Vulnerability. March 16, 2011 T-580: Apache Tomcat May Ignore @ServletSecurity Annotation Protections

372

Research on memory access vulnerability analysis technique in SCADA protocol implementation  

Science Conference Proceedings (OSTI)

SCADA systems play key roles in monitor and control of the critical infrastructures, the vulnerabilities existed in them may destroy the controlled critical infrastructures. This paper proposes an analysis method of memory access vulnerability in SCADA ... Keywords: SCADA protocol implementation, dynamic analysis, memory access vulnerability

Fang Lan; Wang Chunlei; He Ronghui

2010-07-01T23:59:59.000Z

373

Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities  

Science Conference Proceedings (OSTI)

Software security failures are common and the problem is growing. A vulnerability is a weakness in the software that, when exploited, causes a security failure. It is difficult to detect vulnerabilities until they manifest themselves as security failures ... Keywords: Cohesion, Complexity, Coupling, Software metrics, Vulnerability prediction

Istehad Chowdhury; Mohammad Zulkernine

2011-03-01T23:59:59.000Z

374

SIPC Advisory -Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code Execution -RISK: HIGH  

E-Print Network (OSTI)

SIPC Advisory - Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code/4/2011 SUBJECT: Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code Execution OVERVIEW: A new vulnerability has been discovered in Microsoft Windows Graphics Rendering Engine, which could

Holliday, Vance T.

375

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1  

E-Print Network (OSTI)

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack Acquisition (SCADA) systems that allows us to calculate device vulnerability and help power substation vulnerable to cyber attack. We use graph theory to model electric power control and protection devices

Krings, Axel W.

376

T-596: 0-Day Windows Network Interception Configuration Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: 0-Day Windows Network Interception Configuration 6: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can be used to stage potential man-in-the-middle (MITM) attacks on IPv4 traffic. Please see the "Other Links" section below, as it provides an external URL reference. reference LINKS: InfoSec Institute - SLAAC Attack Cisco Threat Comparison and Best-Practice White Paper IMPACT ASSESSMENT: High

377

Diversity Strategies to Mitigate Postulated Common Cause Failure Vulnerabilities  

Science Conference Proceedings (OSTI)

This paper describes an approach to establish effective mitigating strategies that can resolve potential common-cause failure (CCF) vulnerabilities in instrumentation and control (I&C) systems at nuclear power plants. A particular objective in the development of these strategies, which consist of combinations of diversity attributes and their associated criteria, is to address the unique characteristics of digital technology that can contribute to CCF concerns. The research approach employed to establish diversity strategies involves investigation of available documentation on diversity usage and experience from nuclear power and non-nuclear industries, capture of expert knowledge and lessons learned, determination of common practices, and assessment of the nature of CCFs and compensating diversity attributes. The resulting diversity strategies address considerations such as the effect of technology choices, the nature of CCF vulnerabilities, and the prospective impact of each diversity type. In particular, the impact of each attribute and criterion on the purpose, process, product, and performance aspects of diverse systems are considered.

Wood, Richard Thomas [ORNL

2010-01-01T23:59:59.000Z

378

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

AFTER A Framework for electrical power sysTems vulnerability AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Norway) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Norway Coordinates 60.472023°, 8.468946° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":60.472023,"lon":8.468946,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

379

Superconducting composite with multilayer patterns and multiple buffer layers  

DOE Patents (OSTI)

An article of manufacture including a substrate, a patterned interlayer of a material selected from the group consisting of magnesium oxide, barium-titanium oxide or barium-zirconium oxide, the patterned interlayer material overcoated with a secondary interlayer material of yttria-stabilized zirconia or magnesium-aluminum oxide, upon the surface of the substrate whereby an intermediate article with an exposed surface of both the overcoated patterned interlayer and the substrate is formed, a coating of a buffer layer selected from the group consisting of cerium oxide, yttrium oxide, curium oxide, dysprosium oxide, erbium oxide, europium oxide, iron oxide, gadolinium oxide, holmium oxide, indium oxide, lanthanum oxide, manganese oxide, lutetium oxide, neodymium oxide, praseodymium oxide, plutonium oxide, samarium oxide, terbium oxide, thallium oxide, thulium oxide, yttrium oxide and ytterbium oxide over the entire exposed surface of the intermediate article, and, a ceramic superco n FIELD OF THE INVENTION The present invention relates to the field of superconducting articles having two distinct regions of superconductive material with differing in-plane orientations whereby the conductivity across the boundary between the two regions can be tailored. This invention is the result of a contract with the Department of Energy (Contract No. W-7405-ENG-36).

Wu, Xin D. (Greenbelt, MD); Muenchausen, Ross E. (Espanola, NM)

1993-01-01T23:59:59.000Z

380

Buffer-gas-assisted polarization spectroscopy of 6Li Nozomi Ohtsubo,* Takatoshi Aoki, and Yoshio Torii  

E-Print Network (OSTI)

gas on the polarization spec- trum, and find that the amplitude of the dispersion signal not resolved. Each dispersion signal displayed different behavior as we introduced an Ar buffer gas) with increasing the pressure of the Ar buffer gas. Note that the slope of the dispersion signal at the cooling

Torii, Yoshio

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

Properties and performance modelling of finite buffer M/G/1/K networks  

Science Conference Proceedings (OSTI)

Finite buffer, single-server queueing systems and networks are difficult to analyze since the length of time a customer spends in the system does not follow the Markovian property. A two-moment approximation schema is developed for the probability distribution ... Keywords: Finite buffers, Queueing networks

J. MacGregor Smith

2011-04-01T23:59:59.000Z

382

HitME: low power Hit MEmory buffer for embedded systems  

Science Conference Proceedings (OSTI)

In this paper, we present a novel HitME (Hit-MEmory) buffer to reduce the energy consumption of memory hierarchy in embedded processors. The HitME buffer is a small direct-mapped cache memory that is added as additional memory into existing cache memory ...

Andhi Janapsatya; Sri Parameswaran; Aleksandar Ignjatovi?

2009-01-01T23:59:59.000Z

383

Simultaneous driver sizing and buffer insertion using a delay penalty estimation technique  

Science Conference Proceedings (OSTI)

To achieve timing closure in a placed design, buffer insertion and driver sizing are two of the most effective transforms that can be applied. Since the driver sizing solution and the buffer insertion solution affect each other, sub-optimal solutions ...

Charles Alpert; Chris Chu; Gopal Gandham; Miloš Hrki?; Jiang Hu; Chandramouli Kashyap; Stephen Quay

2002-04-01T23:59:59.000Z

384

DRA: a new buffer management scheme for wireless atm networks using aggregative large deviation principle  

Science Conference Proceedings (OSTI)

In this paper, we present a buffer management scheme called Dynamic Resource Allocation (DRA) that provides TCP traffic control guarantees to VCs carrying multiple dynamic discard thresholds (Multiple Dynamic Thresholds-MDT) over a wireless CDMA ATM ... Keywords: Buffer management, CDMA, Dynamic resource management, Large deviation principle, QoS, Wireless ATM

M. S. Obaidat; C. Ben Ahmed; N. Boudriga

2003-05-01T23:59:59.000Z

385

Surface Science Prospectives Weakly bound buffer layers: A versatile template for metallic nano-clusters  

E-Print Network (OSTI)

Surface Science Prospectives Weakly bound buffer layers: A versatile template for metallic nano layers Metallic nano-crystals Film patterning Laser ablation a b s t r a c t Buffer layers composed controlled growth of nano-clusters and for patterning of thin metallic films. Metallic nano-crystals can

Asscher, Micha

386

SOLARCAP: Super Capacitor Buffering of Solar Energy for Self-Sustainable Field Systems  

E-Print Network (OSTI)

SOLARCAP: Super Capacitor Buffering of Solar Energy for Self-Sustainable Field Systems Amal Fahad of the conventional battery-based energy storage, this paper argues that the super capacitor buffering of solar energy (e.g., solar cells) and energy storage. Conventional rechargeable battery-based energy storage has

Shen, Kai

387

Simulating the Effect of Reducing the Non-point Source Pollution by Buffer Zone with SWMM  

Science Conference Proceedings (OSTI)

Buffer was lately found efficient in reducing and storing non-point source pollution to improve the water quality of both surface runoff and drain outflows. While the importance of reducing the non-point source pollution is gaining recognition in contemporary ... Keywords: SWMM, buffer zone, ecological barriers, non-point source pollution

Li Bo, Shao Dong-guo, Song Min, Liu Yu-long

2013-01-01T23:59:59.000Z

388

Putting vulnerability to climate change on the map: a review of approaches, benefits, and risks  

Science Conference Proceedings (OSTI)

There is growing demand among stakeholders across public and private institutions for spatially-explicit information regarding vulnerability to climate change at the local scale. However, the challenges associated with mapping the geography of climate change vulnerability are non-trivial, both conceptually and technically, suggesting the need for more critical evaluation of this practice. Here, we review climate change vulnerability mapping in the context of four key questions that are fundamental to assessment design. First, what are the goals of the assessment? A review of published assessments yields a range of objective statements that emphasize problem orientation or decision-making about adaptation actions. Second, how is the assessment of vulnerability framed? Assessments vary with respect to what values are assessed (vulnerability of what) and the underlying determinants of vulnerability that are considered (vulnerability to what). The selected frame ultimately influences perceptions of the primary driving forces of vulnerability as well as preferences regarding management alternatives. Third, what are the technical methods by which an assessment is conducted? The integration of vulnerability determinants into a common map remains an emergent and subjective practice associated with a number of methodological challenges. Fourth, who participates in the assessment and how will it be used to facilitate change? Assessments are often conducted under the auspices of benefiting stakeholders, yet many lack direct engagement with stakeholders. Each of these questions is reviewed in turn by drawing on an illustrative set of 45 vulnerability mapping studies appearing in the literature. A number of pathways for placing vulnerability

Preston, Benjamin L [ORNL

2011-01-01T23:59:59.000Z

389

T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google SketchUp v8.x - '.DAE' File Memory Corruption 6: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability September 14, 2011 - 9:28am Addthis PROBLEM: Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. PLATFORM: Google SketchUp 8 is vulnerable; other versions may also be affected. ABSTRACT: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability reference LINKS: Vulnerability-Lab SketchUp Downloads IMPACT ASSESSMENT: Medium Discussion: A Memory Corruption vulnerability is detected on the Google s SketchUp v8.x. The vulnerability is caused by an memory corruption when processing corrupt DAE files through the filter, which could be exploited by attackers

390

V-070: Apache CouchDB Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache CouchDB Multiple Vulnerabilities 0: Apache CouchDB Multiple Vulnerabilities V-070: Apache CouchDB Multiple Vulnerabilities January 16, 2013 - 1:00am Addthis PROBLEM: Apache CouchDB Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.0.4, 1.1.2, and 1.2.1. ABSTRACT: Multiple vulnerabilities have been reported in Apache CouchDB REFERENCE LINKS: Secunia Advisory SA51765 Seclists.org/fulldisclosure/2013/Jan/80 Seclists.org/fulldisclosure/2013/Jan/81 Seclists.org/fulldisclosure/2013/Jan/82 CVE-2012-5641 CVE-2012-5649 CVE-2012-5650 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed via the query parameters to browser-based test suite is not

391

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability 7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability July 11, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Adobe ColdFusion PLATFORM: The vulnerability is reported in version 10 for Windows, Macintosh, and Linux ABSTRACT: The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets REFERENCE LINKS: Secunia Advisory SA54024 Adobe Security Bulletin APSB13-19 Stackoverflow.com CVE-2013-3350 IMPACT ASSESSMENT: High DISCUSSION: The hotfix resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets IMPACT: Security Bypass

392

U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability 18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability July 23, 2012 - 6:49am Addthis PROBLEM: Cisco Linksys WMB54G TFTP Command Injection Vulnerability PLATFORM: Cisco Linksys WMB54G 1.x ABSTRACT: System access from local network reference LINKS: Bugtraq ID: 54615 Original Advisory Secunia Advisory SA49868 Cisco Advisory ID: cisco-sa-20111019-cs IMPACT ASSESSMENT: Medium Discussion: A vulnerability in Cisco Linksys WMB54G was reported, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to missing input validation in the TFTP service when running the firmware update functionality and can be exploited to inject and execute arbitrary shell commands. Additionally, it may be

393

U-099: MySQL Unspecified Code Execution Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

099: MySQL Unspecified Code Execution Vulnerability 099: MySQL Unspecified Code Execution Vulnerability U-099: MySQL Unspecified Code Execution Vulnerability February 9, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a vulnerable system. PLATFORM: MySQL 5.x ABSTRACT: Successful exploitation allows execution of arbitrary code. Reference LINKS: Secunia Advisory SA47894 No CVE references currently available. IMPACT ASSESSMENT: Medium Discussion: The vulnerability is reported in version 5.5.20. Other versions may also be affected. The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb on Debian 6.0. Impact: System access from local network Solution: An effective workaround cannot currently be provided due to limited vulnerability details.

394

Method of deforming a biaxially textured buffer layer on a textured metallic substrate and articles therefrom  

DOE Patents (OSTI)

The present invention provides methods and biaxially textured articles having a deformed epitaxial layer formed therefrom for use with high temperature superconductors, photovoltaic, ferroelectric, or optical devices. A buffer layer is epitaxially deposited onto biaxially-textured substrates and then mechanically deformed. The deformation process minimizes or eliminates grooves, or other irregularities, formed on the buffer layer while maintaining the biaxial texture of the buffer layer. Advantageously, the biaxial texture of the buffer layer is not altered during subsequent heat treatments of the deformed buffer. The present invention provides mechanical densification procedures which can be incorporated into the processing of superconducting films through the powder deposit or precursor approaches without incurring unfavorable high-angle grain boundaries.

Lee, Dominic F. (Knoxville, TN); Kroeger, Donald M. (Knoxville, TN); Goyal, Amit (Knoxville, TN)

2000-01-01T23:59:59.000Z

395

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1, 2013 1, 2013 V-059: MoinMoin Multiple Vulnerabilities Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. December 31, 2012 V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. December 27, 2012 V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. December 25, 2012

396

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

March 19, 2013 March 19, 2013 V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability A vulnerability has been reported in RealPlayer March 15, 2013 V-112: Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks This security update resolves four reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. March 14, 2013 V-111: Multiple vulnerabilities have been reported in Puppet Puppet Multiple Vulnerabilities March 13, 2013 V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code Several vulnerabilities were reported in Adobe Flash Player. March 11, 2013 V-108: Microsoft Security Bulletin Advance Notification for March 2013 Microsoft Security Bulletin Advance Notification for March 2013. Microsoft

397

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14, 2012 14, 2012 V-047: IBM Lotus Foundation Multiple Cross Site Scripting Two vulnerabilities have been reported in IBM Lotus Foundations. December 13, 2012 V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code Several vulnerabilities were reported in Adobe Flash Player. December 12, 2012 V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions A vulnerability was reported in Adobe ColdFusion. December 11, 2012 V-044: IBM Informix Buffer Overflow in Processing SQL Statements Lets Remote Authenticated Users Execute Arbitrary Code A vulnerability was reported in IBM Informix. December 10, 2012 V-043: Perl Locale::Maketext Module '_compile()' Multiple Code Injection Vulnerabilities Two vulnerabilities have been reported in Locale::Maketext module for Perl

398

V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

399

Review: Interpretive review of conceptual frameworks and research models that inform Australia's agricultural vulnerability to climate change  

Science Conference Proceedings (OSTI)

Agriculture in Australia is highly vulnerable to climate change. Understanding the sector's vulnerability is critical to developing immediate policy for the future of the agricultural industries and their communities. This review aims to identify research ... Keywords: Biophysical models, Contextual vulnerability, Outcome vulnerability

Leonie J. Pearson; Rohan Nelsonc; Steve Crimp; Jenny Langridge

2011-02-01T23:59:59.000Z

400

Water vulnerabilities for existing coal-fired power plants.  

SciTech Connect

This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considere

Elcock, D.; Kuiper, J.; Environmental Science Division

2010-08-19T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

Acid buffering a high pH soil for zinc diffusion  

SciTech Connect

The effective use of an aqueous buffer solution of acetic acid and sodium acetate (1.0 M HOAc/1.4 M NaOAc, pH = 4.8) to lower the pH of a sand-attapulgite clay mixture from 9.4 to 4.8 is demonstrated. Soil buffering is necessary to prevent precipitation of Zn{sup 2+} as Zn(OH){sub 2(s)} during zinc diffusion tests. The choice of the acetic acid/sodium acetate buffer solution is based on results of batch-type tests and permeation tests performed to evaluate the soil-mixture pH lowering and buffering capacity of dilute solutions of HNO{sub 3} (a strong acid), 0.057 M HOAc (a weak acid), potassium hydrogen phthalate (a pH {approximately} 4 buffer), and the 1.0 M HOAc/1.4 MNaOAc buffer solution. Measured values of effective diffusion coefficients D* for zinc on unconfined, compacted test specimens of the buffered soil mixture ranged from 0.54 {times} 10{sup {minus}6} cm{sup 2}/s to 6.5 {times} 10{sup {minus}6} cm{sup 2}/s. This range of D*-values is within the range of D*-values reported for most reactive inorganic solutes in saturated clay soils and at the lower end of the range of D*-values for zinc in saturated clay soils.

Shackelford, C.D.; Cotten, T.E.; Rohal, K.M.; Strauss, S.H. [Colorado State Univ., Fort Collins, CO (United States)

1997-03-01T23:59:59.000Z

402

DiscPOP: Power-aware buffer management for disk accesses  

Science Conference Proceedings (OSTI)

Much research has been conducted on energy efficient cache buffer management for disk based storage systems. Some of them use greedy prefetching technique to artificially increase disk idle intervals if there are a large number of known future requests. ... Keywords: greedy partition, DiscPOP, power-aware buffer management, disk accesses, disk based storage systems, greedy prefetching, I/O access pattern, application pattern, CPU-bound application, energy conservation, efficient prefetching scheme, disk power consumption, performance guarantee, disk reliability, disk characteristic based power-optimal prefetching, energy-efficient cache buffer management, disk I/O system, optimization problem, integer linear programming, divide-and-conquer based offline algorithm

Xiongzi Ge; Dan Feng; David H. C. Du

2011-07-01T23:59:59.000Z

403

Buffer-gas-induced absorption resonances in Rb vapor RID B-9041-2008  

E-Print Network (OSTI)

We observe transformation of the electromagnetically induced transparency (EIT) resonance into an absorption resonance in a Lambda interaction configuration in a cell filled with Rb-87 and a buffer gas. This transformation occurs as one-photon detuning of the coupling fields is varied from the atomic transition. No such absorption resonance is found in the absence of a buffer gas. The width of the absorption resonance is several times smaller than the width of the EIT resonance, and the changes of absorption near these resonances are about the same. Similar absorption resonances are detected in the Hanle configuration in a buffered cell.

Mikhailov, E. E.; Novikova, I.; Rostovtsev, Y. V.; Welch, George R.

2004-01-01T23:59:59.000Z

404

MgO buffer layers on rolled nickel or copper as superconductor substrates  

SciTech Connect

Buffer layer architectures are epitaxially deposited on biaxially-textured rolled-Ni and/or Cu substrates for high current conductors, and more particularly buffer layer architectures such as MgO/Ag/Pt/Ni, MgO/Ag/Pd/Ni, MgO/Ag/Ni, MgO/Ag/Pd/Cu, MgO/Ag/Pt/Cu, and MgO/Ag/Cu. Techniques used to deposit these buffer layers include electron beam evaporation, thermal evaporation, rf magnetron sputtering, pulsed laser deposition, metal-organic chemical vapor deposition (MOCVD), combustion CVD, and spray pyrolysis.

Paranthaman, Mariappan (Knoxville, TN); Goyal, Amit (Knoxville, TN); Kroeger, Donald M. (Knoxville, TN); List, III, Frederic A. (Andersonville, TN)

2001-01-01T23:59:59.000Z

405

Method for making MgO buffer layers on rolled nickel or copper as superconductor substrates  

SciTech Connect

Buffer layer architectures are epitaxially deposited on biaxially-textured rolled-Ni and/or Cu substrates for high current conductors, and more particularly buffer layer architectures such as MgO/Ag/Pt/Ni, MgO/Ag/Pd/Ni, MgO/Ag/Ni, MgO/Ag/Pd/Cu, MgO/Ag/Pt/Cu, and MgO/Ag/Cu. Techniques used to deposit these buffer layers include electron beam evaporation, thermal evaporation, rf magnetron sputtering, pulsed laser deposition, metal-organic chemical vapor deposition (MOCVD), combustion CVD, and spray pyrolysis.

Paranthaman, Mariappan (Knoxville, TN); Goyal, Amit (Knoxville, TN); Kroeger, Donald M. (Knoxville, TN); List, III, Frederic A. (Andersonville, TN)

2002-01-01T23:59:59.000Z

406

Seismic Vulnerability and Performance Level of confined brick walls  

Science Conference Proceedings (OSTI)

There has been an increase on the interest of Engineers and designers to use designing methods based on displacement and behavior (designing based on performance) Regarding to the importance of resisting structure design against dynamic loads such as earthquake, and inability to design according to prediction of nonlinear behavior element caused by nonlinear properties of constructional material.Economically speaking, easy carrying out and accessibility of masonry material have caused an enormous increase in masonry structures in villages, towns and cities. On the other hand, there is a necessity to study behavior and Seismic Vulnerability in these kinds of structures since Iran is located on the earthquake belt of Alpide.Different reasons such as environmental, economic, social, cultural and accessible constructional material have caused different kinds of constructional structures.In this study, some tied walls have been modeled with software and with relevant accelerator suitable with geology conditions under dynamic analysis to research on the Seismic Vulnerability and performance level of confined brick walls. Results from this analysis seem to be satisfactory after comparison of them with the values in Code ATC40, FEMA and standard 2800 of Iran.

Ghalehnovi, M.; Rahdar, H. A. [University of Sistan and Baluchestan, Zahedan (Iran, Islamic Republic of)

2008-07-08T23:59:59.000Z

407

Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

Not Available

1994-09-01T23:59:59.000Z

408

Chemical Safety Vulnerability Working Group report. Volume 3  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

Not Available

1994-09-01T23:59:59.000Z

409

East Boston buffer : a transferable urban framework for adapting to sea rise  

E-Print Network (OSTI)

Urban vulnerability to climate change is constantly increasing. Many coastal cities will need to begin sea rise mitigation efforts soon, and now is a critical time for architects to intervene in this process with good ...

Jenkins, Carolyn (Carolyn Hiller)

2013-01-01T23:59:59.000Z

410

Evaluating the effectiveness of vegetated buffers to remove nutrients, pathogens, and sediment transported in runoff from grazed, irrigated pastures  

E-Print Network (OSTI)

in reducing the pollution from land application areas.pollution abatement in response to installing buffers on crop land.

Tate, Kenneth W; van Kessel, Chris; Atwill, Edward R.; Dahlgren, Randy A

2004-01-01T23:59:59.000Z

411

U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: McAfee Web Gateway Web Access Cross Site Scripting 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI. reference LINKS: McAfee Web Gateway Release Notes Bugtraq ID: 50341 Secunia Advisory: SA46570 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in McAfee Web Gateway, which can be

412

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

098: ISC BIND Deleted Domain Name Resolving Vulnerability 098: ISC BIND Deleted Domain Name Resolving Vulnerability U-098: ISC BIND Deleted Domain Name Resolving Vulnerability February 8, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ABSTRACT: The vulnerability is caused due to an error within the cache update policy. reference LINKS: Original Advisory Secunia Advisory SA47884 CVE-2012-1033 IMPACT ASSESSMENT: High Discussion: Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The

413

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: ModSecurity Multipart Message Parsing Security Bypass 5: ModSecurity Multipart Message Parsing Security Bypass Vulnerability V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability October 18, 2012 - 6:00am Addthis PROBLEM: ModSecurity Multipart Message Parsing Security Bypass Vulnerability PLATFORM: Modsecurity Versions prior to 2.70 ABSTRACT: SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions REFERENCE LINKS: SEC Consult Secunia Advisory SA49853 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules. IMPACT: Remote Security Bypass SOLUTION: Update to version 2.70. Addthis Related Articles V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

414

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM WebSphere Commerce User Information Disclosure 2: IBM WebSphere Commerce User Information Disclosure Vulnerability U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability October 2, 2012 - 6:00am Addthis PROBLEM: IBM WebSphere Commerce User Information Disclosure Vulnerability PLATFORM: WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11 WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6 ABSTRACT: A vulnerability in WebSphere Commerce could allow disclosure of user personal data. reference LINKS: IBM Security Bulletin 1612484 X-Force Vulnerability Database (78867) Secunia Advisory SA50821 CVE-2012-4830 IMPACT ASSESSMENT: Medium Discussion: A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.

415

U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Microsoft Windows win32k.sys Memory Corruption Vulnerability 5: Microsoft Windows win32k.sys Memory Corruption Vulnerability U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability December 20, 2011 - 9:45am Addthis PROBLEM: Microsoft Windows win32k.sys Memory Corruption Vulnerability. PLATFORM: Operating System Microsoft Windows 7 ABSTRACT: Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. reference LINKS: Secunia Advisory SA47237 MS11-087:Article ID: 2639417 IMPACT ASSESSMENT: High Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page

416

V-082: Novell GroupWise Client Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Novell GroupWise Client Two Vulnerabilities 2: Novell GroupWise Client Two Vulnerabilities V-082: Novell GroupWise Client Two Vulnerabilities February 1, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Novell GroupWise Client PLATFORM: Novell GroupWise 2012 Novell GroupWise Client 2012 Novell GroupWise Client 8.x Novell GroupWise Server 8.x ABSTRACT: Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52031 CVE-2012-0439 CVE-2013-0804 Novell KB 7011687 Novell KB 7011688 IMPACT ASSESSMENT: High DISCUSSION: The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on

417

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

76: VMware vCenter Operations Cross-Site Scripting Vulnerability 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory Secunia Advisory SA50795 CVE-2012-5050 IMPACT ASSESSMENT: Medium Discussion: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact: A vulnerability in VMware vCenter Operations, which can be exploited to

418

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

94: IBM solidDB Password Hash Authentication Bypass 94: IBM solidDB Password Hash Authentication Bypass Vulnerability T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability April 4, 2011 - 6:08am Addthis PROBLEM: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: IBM solidDB 4.x - IBM solidDB 6.x ABSTRACT: This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. REFERENCE LINKS: IBM Security Alert Secunia Advisory: SA44030 ZDI Advisory: ZDI-11-115 IBM solidDB Support IMPACT ASSESSMENT: Medium Discussion: The specific flaw exists within the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol

419

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-214: HP Network Node Manager Java JDK / JRE Multiple U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

420

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability January 23, 2012 - 9:00am Addthis PROBLEM: Linux Kernel "/proc//mem" Privilege Escalation Vulnerability. PLATFORM: Linux Kernel 2.6.x ABSTRACT: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges reference LINKS: Linux Kernel Update CVE-2012-0056 Red Hat Bugzilla Bug 782642 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to the kernel not properly restricting access to "/proc//mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java. IMPACT: Apache can be exploited by malicious people to conduct spoofing attacks. SOLUTION: The vendor has issued a fix. Addthis Related Articles

422

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: ISC DHCP Multiple Denial of Service Vulnerabilities 4: ISC DHCP Multiple Denial of Service Vulnerabilities U-224: ISC DHCP Multiple Denial of Service Vulnerabilities July 31, 2012 - 7:00am Addthis PROBLEM: ISC DHCP Multiple Denial of Service Vulnerabilities PLATFORM: ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1 ABSTRACT: ISC DHCP is prone to multiple denial-of-service vulnerabilities. reference LINKS: BIND and DHCP Security Updates Released Bugtraq ID: 54665 Secunia Advisory SA50018 CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests

423

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager Java JDK / JRE Multiple 4: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

424

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability 5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability June 27, 2011 - 4:31pm Addthis PROBLEM: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability PLATFORM: Mozilla Firefox ABSTRACT: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. reference LINKS: Securityfocus Mozilla Firefox Homepage MFSA 2011-27: XSS encoding hazard with inline SVG IMPACT ASSESSMENT: High Discussion: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to

425

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities August 6, 2012 - 7:00am Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions 2.0.1.358 and earlier. ABSTRACT: Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software reference LINKS: BlackBerry Article ID: KB31675 Secunia Advisory SA50164 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0773 CVE-2012-0779 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

426

Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)  

SciTech Connect

The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

2013-02-01T23:59:59.000Z

427

A Compact Charge-Based Propagation Delay Model for Submicronic CMOS Buffers  

Science Conference Proceedings (OSTI)

We provide an accurate analytical expression for the propagation delay and the output transition time of submicron CMOS buffers that takes into account the short-circuit current, the input-output coupling capacitance, and the carrier velocity saturation ...

José Luis Rossello; Jaume Segura

2002-09-01T23:59:59.000Z

428

Closed Form Solution to Simultaneous Buffer Insertion/Sizing and Wire Sizing  

E-Print Network (OSTI)

in the tapered buffer structure) that minimizes de- lay should be the constant e. Hedenstierna and Jeppson [1987. In Proceedings of the IEEE International Conference on Computer-Aided Design. HEDENSTIERNA, N., AND JEPPSON, K. O

Chu, Chris C.-N.

429

NIST SP 800-51 Revision 1, Guide to Using Vulnerability ...  

Science Conference Proceedings (OSTI)

... A vulnerability naming scheme is a systematic method for creating and maintaining a standardized dictionary of common names for a set of ...

2012-02-06T23:59:59.000Z

430

Gilliam County Riparian Buffers; 2002-2003 Annual Report.  

DOE Green Energy (OSTI)

There are only two problems that have been encountered during the contract year. The first problem has to do with eligibility. To be eligible for CREP you must own land adjacent to stream that has been delineated an anadromous fish stream. The problem is there are areas in Gilliam County that are designated anadromous fish streams that probably don't deserve that delineation and then there are streams that are not listed that probably do deserve that delineation. This has affected a few proposed projects. For instance, there is a project area on a stream that is delineated on the eligibility map, but the particular reach we are working with does not show up on the map. ODFW then receives an eligibility sheet from FSA or the SWCD technician. On this particular area it says steelhead distribution is downstream .5 miles. FSA won't consider this area eligible for CREP, thus the landowner must enroll in CCRP, which doesn't quite have the incentives as CREP. We are working to improve the maps. A meeting has been scheduled to discuss some particular areas and possibly re-draw the eligibility map. The other problem has to do with the amount of cost share for off-stream watering facilities. Many landowners who wish to install spring developments and other off-stream watering facilities run into a problem with cost-share limits within the CREP guidelines. When a landowner wants to enroll all of his/her stream and exclude livestock from the creek entirely they are having to pay some out of pocket expenses to get enough water to sufficiently support their livestock without using the creek. There has been one landowner who decided not to enroll because of this technicality. The problems encountered are problems that occur within the parameters of the program. These problems may or may not be changed. Otherwise, interest in the programs has been excellent and will only get better. The number of contracts that were estimated to be negotiated in the three-year term may be a bit excessive. In counties such as Gilliam, most tracts of land are large parcels. If multiple project areas occur in the same tract then you have one contract per tract. This reduces your total number in a lot of cases. In year 1 there were 6 contracts negotiated and approved in the CREP program. Prior to the contract there were a total of 9. The program started in 1998. The numbers will only increase in year 2. Year two should be a drastic improvement over year one. There has already been several projects proposed that may or may not be approved during year 2. There are 367.4 acres of land that has been proposed in either CREP or CCRP, which would include 30.94 miles of stream buffered on both sides.

Coiner, Josh (Gilliam Soil and Water Conservation District, Condon, OR)

2003-05-01T23:59:59.000Z

431

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Czech Czech Republic) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Czech Republic Coordinates 49.817493°, 15.472962° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":49.817493,"lon":15.472962,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

432

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Ireland) Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates 53.41291°, -8.24389° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":53.41291,"lon":-8.24389,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

433

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure  

SciTech Connect

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

Suski, N; Wuest, C

2011-02-04T23:59:59.000Z

434

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Belgium) Belgium) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Belgium Coordinates 50.359482°, 4.63623° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":50.359482,"lon":4.63623,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

435

Poly(vinyl alcohol)-based buffering membranes for isoelectric trapping separations  

E-Print Network (OSTI)

Isoelectric trapping (IET) in multicompartment electrolyzers (MCE) has been widely used for the electrophoretic separation of ampholytic compounds such as proteins. In IET, the separation occurs in the buffering membranes that form a step-wise pH gradient in the MCE. Typically, buffering membranes have been made by copolymerizing acrylamide with Immobiline compounds, which are acidic and basic acylamido buffers. One major problem, however, is that these buffering membranes are not stable when exposed to high concentrations of acid and base due to hydrolysis of the amide bonds. Poly(vinyl alcohol)-based, or PVA-based, membranes were made as an alternative to the polyacrylamide-based membranes since they provide more hydrolytic and mechanical stability. Four mid-pH, PVA-based buffering membranes that contain single ampholytes were synthesized. These buffering membranes were used to trap small molecular weight pI markers for up to three hours, and were also used in desalting experiments to remove strong electrolytes from a solution of ampholytes. Additionally, the membranes were used in IET experiments to separate mixtures of pI markers, and to fractionate the major proteins in chicken egg white. The membranes did not show any degradation when stored in 3 M NaOH for up to 6 months and were shown to tolerate current densities as high as 16 mA/cm2. In addition, six series of PVA-based membranes, whose pH values can be tuned over the 3 < pH < 10 range, were synthesized by covalently binding aminodicarboxylic acids, and monoamines or diamines to the PVA matrix. These tunable buffering membranes were used in trapping experiments to trap ampholytes for up to three hours, and in desalting experiments to remove strong electrolytes from a solution of ampholytes. These tunable buffering membranes were also used in IET experiments to separate proteins, some with pI values that differ by only 0.1 pH unit. The tunable buffering membranes did not show any signs of degradation when exposed to 3 M NaOH for up to 3 months, and could be used in IET experiments with current densities as high as 20 mA/cm2. These tunable buffering membranes are expected to broaden the application areas of isoelectric trapping separations.

Craver, Helen C.

2007-05-01T23:59:59.000Z

436

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

March 22, 2013 March 22, 2013 V-117: Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges Symantec Enterprise Vault (EV) for File System Archiving has an unquoted search path in the File Collector and File PlaceHolder services March 21, 2013 V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system March 20, 2013 V-115: Apple iOS Bugs Let Local Users Gain Elevated Privileges Several vulnerabilities were reported in Apple iOS March 19, 2013 V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability A vulnerability has been reported in RealPlayer March 18, 2013 V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code

437

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

16, 2012 16, 2012 U-127: Microsoft Security Bulletin MS12-020 - Critical Vulnerabilities in Remote Desktop Could Allow Remote Code Execution March 16, 2012 U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system. March 15, 2012 U-125: Cisco ASA Multiple Bugs Let Remote Users Deny Service Several vulnerabilities were reported in Cisco ASA. March 14, 2012 U-124: Microsoft Security Bulletin Advance Notification for March 2012 Microsoft Security Bulletin Advance Notification for March 2012. Microsoft has posted 1 Critical Bulletin, 4 Important bulletins and 1 Moderate bulletin. Bulletins with the Maximum Severity Rating and Vulnerability

438

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

June 12, 2013 June 12, 2013 V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code A vulnerability was reported in Adobe Flash Player. June 10, 2013 V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files A vulnerability was reported in RSA Authentication Manager. June 5, 2013 V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks Several vulnerabilities were reported in Apple Safari. June 4, 2013 V-170: Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability A vulnerability has been reported in Apache Subversion. June 3, 2013 V-169: Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow

439

GIS-based method for the environmental vulnerability assessment to volcanic ashfall at Etna Volcano  

Science Conference Proceedings (OSTI)

The response of environment to ashfall was evaluated aiming at defining the vulnerability in the areas surrounding Mt. Etna volcano, Sicily. The two utilized scenarios assume different thickness of ashfall, over distances comparable with those covered ... Keywords: Corine land cover, Environmental vulnerability, GIS, Volcanic risk

Silvia Rapicetta; Vittorio Zanon

2009-09-01T23:59:59.000Z

440

Aquifer Vulnerability Assessment to Petroleum Contaminants Based on Fuzzy Variable Set Theory and Geographic Information System  

Science Conference Proceedings (OSTI)

It is a common environmental and hydro-geological problem that groundwater system is contaminated by petroleum hydrocarbons. An important step of pollution control and treatment is aquifer vulnerability assessment. In this paper, a karst fissure groundwater ... Keywords: fuzzy variable set, GIS, aquifer, petroleum contamination, vulnerability, assessment

Li Qingguo; Ma Zhenmin; Fang Yunzhi; Chen Shouyu

2009-07-01T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

ICMPV6 Vulnerability: The Importance of Threat Model and SF-ICMP6  

Science Conference Proceedings (OSTI)

Handling Internet Control Message Protocol version 6 ICMPv6 vulnerabilities is among the challenges in securing the IPv6 deployment. Since ICMPv6 messages are crucial in IPv6 communications, this paper discusses the discovery of ICMPv6 vulnerabilities ... Keywords: ICMPv6 Policy, ICMPv6 Related Attacks, ICMPv6 Security, ICMPv6 Threat Model, Selective Filtering

Abidah Hj Mat Taib, Wan Nor Ashiqin Wan Ali, Nurul Sharidah Shaari

2013-04-01T23:59:59.000Z

442

Security Evaluation for Software System with Vulnerability Life Cycle and User Profiles  

Science Conference Proceedings (OSTI)

This paper proposes the definition of a security criterion and security assessment based on the criterion. More precisely, we present a stochastic model with a vulnerability life-cycle model and a user profile using continuous-time Markov chains. The ... Keywords: vulnerability, security evaluation, user profile

Hiroyuki Okamura; Masataka Tokuzane; Tadashi Dohi

2012-11-01T23:59:59.000Z

443

Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements  

Science Conference Proceedings (OSTI)

This paper proposes a new approach for assessing the organization's vulnerability to information-security breaches. Although much research has been done on qualitative approaches, the literature on numerical approaches to quantify information-security ... Keywords: Information security, Information-security measurement, Risk analysis, Security threats, Vulnerability measurement

Sandip C. Patel; James H. Graham; Patricia A. S. Ralston

2008-12-01T23:59:59.000Z

444

Nuclear Maintenance Applications Center: Emergency Diesel Generator Single Component Vulnerability Review Guidance.  

Science Conference Proceedings (OSTI)

This report provides guidance to owners and operators of nuclear power plants on performing emergency diesel generator (EDG) system single component vulnerability reviews. This guidance was developed based on a recommendation from the nuclear industry’s EDG Technical Advisory Committee (TAC) that plants perform a single component vulnerability review as discussed in the Institute of Nuclear Power Operations’ Industry Experience Report ...

2013-11-01T23:59:59.000Z

445

Fuzzy integrated vulnerability assessment model for critical facilities in combating the terrorism  

Science Conference Proceedings (OSTI)

Critical facility vulnerability assessment is a highly complex strategic activity in combating the terrorism and necessitates a structured quantified methodology to support the decision-making process in defense planning. In the system perspective, the ... Keywords: Airport, Fuzzy Cognitive Maps (FCM), Fuzzy integrated vulnerability assessment model (FIVAM), Fuzzy set theory, Interdependency, Simple Multi-Attribute Rating Technique (SMART), Terrorism

Ilker Akgun; Ahmet Kandakoglu; Ahmet Fahri Ozok

2010-05-01T23:59:59.000Z

446

U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Oracle AutoVue ActiveX Control Insecure Method 18: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities October 25, 2011 - 8:45am Addthis PROBLEM: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities. PLATFORM: The vulnerabilities are confirmed in version 20.0.2 build 7910 (AutoVueX.ocx 20.1.1.7910). Other versions may also be affected. ABSTRACT: Successful exploitation of the vulnerabilities allows execution of arbitrary code. reference LINKS: Bugtraq ID: 50321 Secunia Advisory SA46473 Oracle AutoVue IMPACT ASSESSMENT: High Discussion: Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the

447

T-682:Double free vulnerability in MapServer | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2:Double free vulnerability in MapServer 2:Double free vulnerability in MapServer T-682:Double free vulnerability in MapServer August 2, 2011 - 4:08pm Addthis PROBLEM: Double free vulnerability in MapServer PLATFORM: All versions may be susceptible to SQL injection under certain circumstances ABSTRACT: MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases. reference LINKS: Double-free in msAddImageSymbol() when filename is a http resource

448

V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: MediaWiki CentralAuth Extension Authentication Bypass 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for MediaWik REFERENCE LINKS: Secunia Advisory SA54723 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie. IMPACT:

449

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

450

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-057: eXtplorer "ext_find_user()" Authentication Bypass V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

451

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

452

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat Security Bypass and Denial of Service 7: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities November 6, 2012 - 6:00am Addthis PROBLEM: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities PLATFORM: Apache Tomcat 5.x Apache Tomcat 6.x Apache Tomcat 7.x ABSTRACT: Two vulnerabilities were reported in Apache Tomcat REFERENCE LINKS: Apache.org Apache Tomcat Denial of Service Apache Tomcat DIGEST authentication weaknesses Secunia Advisory SA51138 CVE-2012-2733 CVE-2012-3439 IMPACT ASSESSMENT: Medium DISCUSSION: A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error within the "parseHeaders()" function

453

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apache Struts "ParameterInterceptor" Security Bypass 2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Apache Struts PLATFORM: The vulnerability is reported in versions prior to 2.3.14.1 ABSTRACT: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA53495 Apache Struts Advisory S2-012 Apache Struts Advisory S2-013 CVE-2013-1965 CVE-2013-1966 IMPACT ASSESSMENT: High DISCUSSION: A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request

454

U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Apache OFBiz Cross-Site Scripting and Code Execution 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior versions may also be affected. references LINKS: Vendor Advisory Secunia Advisory 48800 CVE-2012-1621 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised within the "getServerError()" function in checkoutProcess.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code

455

T-572: VMware ESX/ESXi SLPD denial of service vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: VMware ESX/ESXi SLPD denial of service vulnerability 72: VMware ESX/ESXi SLPD denial of service vulnerability T-572: VMware ESX/ESXi SLPD denial of service vulnerability March 8, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions. PLATFORM: ESX/ESXi 4.0, 4.1 ABSTRACT: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. reference LINKS: VMware Security Advisory: VMSA-2011-0004 VMware vSphere 4 VMware ESXi 4.1 Update CVE-2010-3609 IMPACT ASSESSMENT: Moderate Discussion: A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.

456

Vulnerability assessment of medieval civic towers as a tool for retrofitting design  

Science Conference Proceedings (OSTI)

The seismic vulnerability of an ancient civic bell-tower is studied. Rather than seeing it as an intermediate stage toward a risk analysis, the assessment of vulnerability is here pursued for the purpose of optimizing the retrofit design. The vulnerability curves are drawn by carrying out a single time history analysis of a model calibrated on the basis of experimental data. From the results of this analysis, the medians of three selected performance parameters are estimated, and they are used to compute, for each of them, the probability of exceeding or attaining the three corresponding levels of light, moderate and severe damage. The same numerical model is then used to incorporate the effects of several retrofitting solutions and to re-estimate the associated vulnerability curves. The ultimate goal is to provide a numerical tool able to drive the optimization process of a retrofit design by the comparison of the vulnerability estimates associated with the different retrofitting solutions.

Casciati, Sara [ASTRA Department, University of Catania, Siracusa (Italy); Faravelli, Lucia [Department of Structural Mechanics, University of Pavia, Pavia, Pavia (Italy)

2008-07-08T23:59:59.000Z

457

V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code December 13, 2012 - 3:30am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 11.5.502.110 and prior for Windows/Mac; 11.2.202.251 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-27 SecurityTracker Alert ID: 1027854 Secunia Advisory SA51560 RHSA-2012:1569-1 CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 IMPACT ASSESSMENT: High DISCUSSION: A buffer overflow can trigger code execution [CVE-2012-5676]. An integer overflow can trigger code execution [CVE-2012-5677]. A memory corruption flaw can trigger code execution [CVE-2012-5678].

458

Runtime Detection of Heapbased Overflows  

E-Print Network (OSTI)

protection Figure 5: HTTP client throughput. Package glibc glibc + heap prot. OSDB 6,015 6,070 (+ 0 of deploying our heap protection system uses packages that install a protected glibc image alongside with the privileges of the victim process. This paper presents a technique that protects the heap management

Kruegel, Christopher

459

Ultra Wideband (UWB) communication vulnerability for security applications.  

Science Conference Proceedings (OSTI)

RF toxicity and Information Warfare (IW) are becoming omnipresent posing threats to the protection of nuclear assets, and within theatres of hostility or combat where tactical operation of wireless communication without detection and interception is important and sometimes critical for survival. As a result, a requirement for deployment of many security systems is a highly secure wireless technology manifesting stealth or covert operation suitable for either permanent or tactical deployment where operation without detection or interruption is important The possible use of ultra wideband (UWB) spectrum technology as an alternative physical medium for wireless network communication offers many advantages over conventional narrowband and spread spectrum wireless communication. UWB also known as fast-frequency chirp is nonsinusoidal and sends information directly by transmitting sub-nanosecond pulses without the use of mixing baseband information upon a sinusoidal carrier. Thus UWB sends information using radar-like impulses by spreading its energy thinly over a vast spectrum and can operate at extremely low-power transmission within the noise floor where other forms of RF find it difficult or impossible to operate. As a result UWB offers low probability of detection (LPD), low probability of interception (LPI) as well as anti-jamming (AJ) properties in signal space. This paper analyzes and compares the vulnerability of UWB to narrowband and spread spectrum wireless network communication.

Cooley, H. Timothy

2010-07-01T23:59:59.000Z

460

Broadening of the spectral lines of a buffer gas and target substance in laser ablation  

SciTech Connect

The broadening of discrete spectral lines from the plasma produced in the laser ablation of metal targets in a broad pressure range (10{sup 2} - 10{sup 7} Pa) of the ambient gas (Ar, He, H{sub 2}) was studied experimentally. The behaviour of spectral line broadening for the buffer gases was found to be significantly different from that for the atoms and ions of the target material. In comparison with target atoms, the atoms of buffer gases radiate from denser plasma layers, and their spectral line profiles are complex in shape. (interaction of laser radiation with matter. laser plasma)

Kask, Nikolai E; Michurin, Sergei V [D.V. Skobel'tsyn Institute of Nuclear Physics, M.V. Lomonosov Moscow State University, Moscow (Russian Federation)

2012-11-30T23:59:59.000Z

Note: This page contains sample records for the topic "buffer overflow vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

Social Vulnerability to Coastal and Inland Flood Hazards: A Comparison of GIS-Based Spatial Interpolation Methods  

Science Conference Proceedings (OSTI)

Previous research on exposure to flood hazards suggests that individuals characterized by low social vulnerability are more likely to reside in coastal flood hazard zones than individuals of higher social vulnerability, but few studies have examined ... Keywords: Areal Interpolation, Coastal Hazards, Dasymetric Mapping, Environmental Justice, Flood, Geographic Information Systems GIS, Risk, Vulnerability

Marilyn C. Montgomery, Jayajit Chakraborty

2013-07-01T23:59:59.000Z

462

Buffering Effect and Its Related Ocean Dynamics in the Indonesian Throughflow Region  

Science Conference Proceedings (OSTI)

Analysis of results from a high-resolution general circulation model confirms the existence of a “buffering” effect in the Indo-Australian Basin in which the upper ocean receives an excess of water from February to June and releases it during the ...

Tangdong Qu; Yan Du; Julian P. McCreary Jr.; Gary Meyers; Toshio Yamagata

2008-02-01T23:59:59.000Z

463

An adaptive write buffer management scheme for flash-based SSDs  

Science Conference Proceedings (OSTI)

Solid State Drives (SSD's) have shown promise to be a candidate to replace traditional hard disk drives. The benefits of SSD's over HDD's include better durability, higher performance, and lower power consumption, but due to certain physical characteristics ... Keywords: NAND flash memory, SSD, flash-aware cache, write buffer

Guanying Wu; Xubin He; Ben Eckart

2012-02-01T23:59:59.000Z

464

Improving fairness among TCP flows by stateless buffer control with early drop maximum  

Science Conference Proceedings (OSTI)

Transmission control protocol (TCP) has been recognized as the most important transport-layer protocol for the Internet. It is distinguished by its reliable transmission, flow control, and congestion control. However, the issue of fair bandwidth-sharing ... Keywords: Long-lived flow, Max-min fairness, Short-lived flow, Stateless buffer management, TCP congestion control

Hsu-Sheng Tsai; Wei Kuang Lai

2008-10-01T23:59:59.000Z

465

Optimal wire sizing and buffer insertion for low power and a generalized delay model  

Science Conference Proceedings (OSTI)

We present efficient, optimal algorithms for timing optimization by discrete wire sizing and buffer insertion. Our algorithms are able to minimize dynamic power dissipation subject to given timing constraints. In addition, we compute the complete power-delay ... Keywords: Timing Optization, Elmore Delay, Dynamic Power Dissipation, Dynamic Programming, Signal Slew

John Lillis; Chung-Kuan Cheng; Ting-Ting Y. Lin

1995-12-01T23:59:59.000Z

466

Designing a Residential Hybrid Electrical Energy Storage System Based on the Energy Buffering Strategy  

E-Print Network (OSTI)

the electricity price is low and supply energy for usage when the electricity price is high [6], and thereby energy buffering. Figure 3 shows the structure of a typical grid-connected HEES system. Without loss the proposed energy management system is targeting residential usage, we must limit its overall form factor

Pedram, Massoud

467

Ge integration on Si via rare earth oxide buffers: From MBE to CVD (Invited Paper)  

Science Conference Proceedings (OSTI)

Single crystalline rare earth oxide heterostructures are flexible buffer systems to achieve the monolithic integration of Ge thin film structures on Si. The development of engineered oxide systems suitable for mass-production compatible CVD processes ... Keywords: Engineered Si wafers, Ge integration, Heteroepitaxy, Rare earth oxides, X-ray diffraction

T. Schroeder; A. Giussani; H. -J. Muessig; G. Weidner; I. Costina; Ch. Wenger; M. Lukosius; P. Storck; P. Zaumseil

2009-07-01T23:59:59.000Z

468

Thrifty BTB: A comprehensive solution for dynamic power reduction in branch target buffers  

Science Conference Proceedings (OSTI)

We propose Thrifty BTB, a mechanism to reduce the dynamic power dissipated by the BTB. We studied two mechanisms that reduce dynamic power dissipation. The first one is a serial-BTB configuration. The second mechanism is the filter-BTB, a combination ... Keywords: Branch prediction, Branch target buffer, Dynamic power, Microarchitecture

Roger Kahn; Shlomo Weiss

2008-11-01T23:59:59.000Z

469

Preparation of CIGS-based solar cells using a buffered electrodeposition bath  

DOE Patents (OSTI)

A photovoltaic cell exhibiting an overall conversion efficiency of at least 9.0% is prepared from a copper-indium-gallium-diselenide thin film. The thin film is prepared by simultaneously electroplating copper, indium, gallium, and selenium onto a substrate using a buffered electro-deposition bath. The electrodeposition is followed by adding indium to adjust the final stoichiometry of the thin film.

Bhattacharya, Raghu Nath (Littleton, CO)

2007-11-20T23:59:59.000Z

470

BOFAR: buffer occupancy factor based adaptive router for mesh NoCs  

Science Conference Proceedings (OSTI)

If the route computation operation in an adaptive router returns more than one output channels, the selection strategy chooses one from them based on the congestion metric used. The effectiveness of a selection strategy depends on what metric is used ... Keywords: adaptive routers, buffer occupancy, network-on-chip

John Jose; J. Shiva Shankar; K. V. Mahathi; Damarla Kranthi Kumar; Madhu Mutyam

2011-12-01T23:59:59.000Z

471

T-668: Vulnerability in a BlackBerry Enterprise Server component could  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in a BlackBerry Enterprise Server component 8: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service July 14, 2011 - 7:20am Addthis PROBLEM: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service PLATFORM: Affected Software >> BlackBerry Enterprise Server (BES) version(s) 5.0.0 for API/MS Exchange (Admin API Option Only), BES/Express version 5.0.2 & 5.0.3 IBM Lotus Domino , BES 5.0.1, 5.0.2 & 5.0.3 for MS Exchange, IBM Lotus Domino, BlackBerry Enterprise Server versions 5.0.1 for GroupWise ABSTRACT: This advisory describes a security issue in the BlackBerry Administration

472

V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ownCloud Cross-Site Scripting and File Upload 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

473

U-151: Bugzilla Cross-Site Request Forgery Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Bugzilla Cross-Site Request Forgery Vulnerability 51: Bugzilla Cross-Site Request Forgery Vulnerability U-151: Bugzilla Cross-Site Request Forgery Vulnerability April 19, 2012 - 8:15am Addthis PROBLEM: A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. reference LINKS: Vendor Advisory Secunia Advisory 48835 CVE-2012-0465 CVE-2012-0466 IMPACT ASSESSMENT: Medium Discussion: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery of a valid user password. An attacker can get access to some bug information using the victim's