National Library of Energy BETA

Sample records for buffer overflow vulnerability

  1. T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583)

  2. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC)

  3. V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when

  4. V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow.

  5. U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address.

  6. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  7. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

  8. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis...

  9. U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.

  10. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerabili...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis...

  11. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.

  12. U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in IBM Rational ClearQuest. A remote user can cause arbitrary code to be executed on the target user's system.

  13. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  14. V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system.

  15. V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system

  16. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  17. T-548: Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe buffer overflow

    Broader source: Energy.gov [DOE]

    Novell ZENworks Handheld Management (ZHM) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ZfHIPCnd.exe Access Point process. By sending a specially-crafted request to TCP port 2400, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash.

  18. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE

  19. T-562: Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in novell-tftp.exe when parsing requests. This can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to UDP port 69. The vulnerability is reported in versions 10.3.1, 10.3.2, and 11.0.

  20. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 74: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT

  1. V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Execute Arbitrary Code | Department of Energy 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS:

  2. V-188: Apache XML Security XPointer Expressions Processing Buffer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability June...

  3. V-228: RealPlayer Buffer Overflow and Memory Corruption Error...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute ... Lets Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid ...

  4. U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges December 9, 2011 - 8:00am...

  5. T-695: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code.

  6. T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A local user may be able to obtain elevated privileges on the target system. A physically local user can connect a storage device with a specially crafted LDM partition table to trigger a buffer overflow in the ldm_frag_add() function in 'fs/partitions/ldm.c' and potentially execute arbitrary code with elevated privileges.

  7. U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow ...

  8. V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2044373) Addthis Related Articles U-128: VMware ESXESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges T-552: Cisco Nexus 1000V...

  9. V-093: Symantec PGP Desktop Buffer Overflows Let Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users...

  10. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute ... The vendor has issued a fix (16.0.0.282). Addthis Related Articles V-228: RealPlayer ...

  11. T-583: Linux Kernel OSF Partition Table Buffer Overflow Lets Local Users Obtain Information

    Broader source: Energy.gov [DOE]

    A local user can create a storage device with specially crafted OSF partition tables. When the kernel automatically evaluates the partition tables, a buffer overflow may occur and data from kernel heap space may leak to user-space.

  12. T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker.

  13. V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    source code repository Addthis Related Articles V-222: SUSE update for Filezilla V-157: Adobe Reader Acrobat Multiple Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws...

  14. T-556: BMC PATROL Agent Service Daemon stack-based buffer overflow

    Broader source: Energy.gov [DOE]

    Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.

  15. U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    PROBLEM: Pidgin 'mxitshowmessage()' Function Stack-Based Buffer Overflow Vulnerability. PLATFORM: Versions prior to Pidgin 2.10.5 vulnerable. ABSTRACT: Pidgin is prone to a...

  16. T-559: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution

    Broader source: Energy.gov [DOE]

    Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement

  17. T-559: Stack-based buffer overflow in oninit in IBM Informix...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing the arguments to the USELASTCOMMITTED option in a SQL query....

  18. U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system.

  19. U-177: Lotus Quickr for Domino ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Lotus Quickr for Domino. A remote user can cause arbitrary code to be executed on the target user's system.

  20. U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.

  1. T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application.

  2. Nuclear reactor overflow line

    DOE Patents [OSTI]

    Severson, Wayne J.

    1976-01-01

    The overflow line for the reactor vessel of a liquid-metal-cooled nuclear reactor includes means for establishing and maintaining a continuous bleed flow of coolant amounting to 5 to 10% of the total coolant flow through the overflow line to prevent thermal shock to the overflow line when the reactor is restarted following a trip. Preferably a tube is disposed concentrically just inside the overflow line extending from a point just inside the reactor vessel to an overflow tank and a suction line is provided opening into the body of liquid metal in the reactor vessel and into the annulus between the overflow line and the inner tube.

  3. V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Gain Elevated Privileges | Department of Energy 4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges April 15, 2013 - 1:30am Addthis PROBLEM: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges PLATFORM: Cisco AnyConnect Secure Mobility Client Cisco Secure Desktop ABSTRACT: Some vulnerabilities

  4. Overflow control valve

    DOE Patents [OSTI]

    Hundal, Rolv; Kessinger, Boyd A.; Parlak, Edward A.

    1984-07-24

    An overflow control valve for use in a liquid sodium coolant pump tank which valve can be extended to create a seal with the pump tank wall or retracted to break the seal thereby accommodating valve removal. An actuating shaft which controls valve disc position also has cams which bear on roller surfaces to force retraction of a sliding cylinder against spring tension to retract the cylinder from sealing contact with the pump tank.

  5. Burst Buffer

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Buffer Burst Buffer If you are interested in using the BB, please send a note to consult@nersc.gov to get enabled. Burst Buffer Architecture and Software Roadmap The Burst Buffer on Cori is a layer of non-volatile storage that sits between the a processors' memory and the parallel file system. The burst buffer will serve to accelerate I/O performance of application on Cori. Read More » Example batch scripts Burst Buffer usage documentation Read More » Burst Buffer Early User Program NERSC has

  6. U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

  7. Urban runoff and combined sewer overflow. [Wastewater treatment

    SciTech Connect (OSTI)

    Moffa, P.E.; Freedman, S.D.; Owens, E.M.; Field, R.; Cibik, C.

    1982-06-01

    The control, treatment and management of urban runoff and sewer overflow are reviewed. Simplified modeling and monitoring techniques are used to characterize urban runoff and to assess control alternatives. (KRM)

  8. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related

  9. BUFFERED WELL FIELD OUTLINES

    U.S. Energy Information Administration (EIA) Indexed Site

    Option Explicit Const cFEETPERMETER As Double 3.281 ' ' deviation factor is applied to the buffer distance ' so with a buffer distance of 100 and factor of 0.05 the ' ...

  10. T-588: HP Virtual SAN Appliance Stack Overflow

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.

  11. V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users ...

  12. BUFFERED WELL FIELD OUTLINES

    U.S. Energy Information Administration (EIA) Indexed Site

    OIL & GAS FIELD OUTLINES FROM BUFFERED WELLS The VBA Code below builds oil & gas field boundary outlines (polygons) from buffered wells (points). Input well points layer must be a feature class (FC) with the following attributes: Field_name Buffer distance (can be unique for each well to represent reservoirs with different drainage radii) ...see figure below. Copy the code into a new module. Inputs: In ArcMap, data frame named "Task 1" Well FC as first layer (layer 0). Output:

  13. Lessons about vulnerability assessments.

    SciTech Connect (OSTI)

    Johnston, R. G.

    2004-01-01

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.

  14. Electrodialysis operation with buffer solution

    DOE Patents [OSTI]

    Hryn, John N.; Daniels, Edward J.; Krumdick, Greg K.

    2009-12-15

    A new method for improving the efficiency of electrodialysis (ED) cells and stacks, in particular those used in chemical synthesis. The process entails adding a buffer solution to the stack for subsequent depletion in the stack during electrolysis. The buffer solution is regenerated continuously after depletion. This buffer process serves to control the hydrogen ion or hydroxide ion concentration so as to protect the active sites of electrodialysis membranes. The process enables electrodialysis processing options for products that are sensitive to pH changes.

  15. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor

  16. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  17. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  18. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs Advanced

  19. Doped LZO buffer layers for laminated conductors

    DOE Patents [OSTI]

    Paranthaman, Mariappan Parans [Knoxville, TN; Schoop, Urs [Westborough, MA; Goyal, Amit [Knoxville, TN; Thieme, Cornelis Leo Hans [Westborough, MA; Verebelyi, Darren T [Oxford, MA; Rupich, Martin W [Framingham, MA

    2010-03-23

    A laminated conductor includes a metallic substrate having a surface, a biaxially textured buffer layer supported by the surface of the substrate, the biaxially textured buffer layer comprising LZO and a dopant for mitigating metal diffusion through the LZO, and a biaxially textured conductor layer supported by the biaxially textured buffer layer.

  20. Burst Buffer Architecture and Software Roadmap

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Burst Buffer Architecture Burst Buffer Architecture and Software Roadmap NERSC has been working with Cray to bring BurstBuffer technology to the users of Cori. The NERSC BurstBuffer is based on Cray DataWarp that utilizes flash or SSD (solid-state drive) technologies to significantly increase the I/O performance on Cori. Motivation In order to meet users' requests for better I/O performance NERSC is installing a Burst Buffer. There are two aspects of I/O performance. One aspect is the total

  1. Climate Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Vulnerabilities Climate Vulnerabilities The Energy Sector's Vulnerabilities to Climatic Conditions x Impacts Due to... Increasing Temperatures Decreasing Water Availability Increasing Storms, Flooding, and Sea Level Rise See All Impacts Map locations are approximate. Find out more about this data here. Click and drag the map to read about each location

  2. Signature-based store checking buffer

    DOE Patents [OSTI]

    Sridharan, Vilas; Gurumurthi, Sudhanva

    2015-06-02

    A system and method for optimizing redundant output verification, are provided. A hardware-based store fingerprint buffer receives multiple instances of output from multiple instances of computation. The store fingerprint buffer generates a signature from the content included in the multiple instances of output. When a barrier is reached, the store fingerprint buffer uses the signature to verify the content is error-free.

  3. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the

  4. Task QA plan for Modified Prototypic Hydragard{trademark} Sampler Overflow System Demonstration at TNX

    SciTech Connect (OSTI)

    Snyder, T.K.

    1993-10-04

    The primary objective of this task is to evaluate the proposed design modifications to the sample system, including the adequacy of the recommended eductor and the quality of samples obtained from the modified system. Presently, the sample streams are circulated from the originating tank, through a Hydragard{trademark} sampler system, and back to the originating tank. The overflow from the Hydragard{trademark} sampler flows to the Recycle Collection Tank (RCT). This report outlines the planned quality assurance controls for the design modification task, including organization and personnel, surveillances, and records package.

  5. U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system.

  6. T-660: OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances.

  7. Regional Climate Vulnerabilities and Resilience Solutions | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Regional Climate Vulnerabilities and Resilience Solutions Regional Climate Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please ...

  8. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability...

  9. Buffer layer for thin film structures

    DOE Patents [OSTI]

    Foltyn, Stephen R.; Jia, Quanxi; Arendt, Paul N.; Wang, Haiyan

    2006-10-31

    A composite structure including a base substrate and a layer of a mixture of strontium titanate and strontium ruthenate is provided. A superconducting article can include a composite structure including an outermost layer of magnesium oxide, a buffer layer of strontium titanate or a mixture of strontium titanate and strontium ruthenate and a top-layer of a superconducting material such as YBCO upon the buffer layer.

  10. Buffer layer for thin film structures

    DOE Patents [OSTI]

    Foltyn, Stephen R.; Jia, Quanxi; Arendt, Paul N.; Wang, Haiyan

    2010-06-15

    A composite structure including a base substrate and a layer of a mixture of strontium titanate and strontium ruthenate is provided. A superconducting article can include a composite structure including an outermost layer of magnesium oxide, a buffer layer of strontium titanate or a mixture of strontium titanate and strontium ruthenate and a top-layer of a superconducting material such as YBCO upon the buffer layer.

  11. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  12. Target buffer assessment for accelerator driven transmuters.

    SciTech Connect (OSTI)

    Gohar, Y.

    2002-10-08

    Accelerator driven transmuters use a buffer region to protect the structural and the cladding materials of the transmuter from the radiation damage caused by the high-energy spallation neutrons, to accommodate the coolant channels of the self cooled targets, and to have an insignificant effect on the neutron utilization for the transmutation process. These functions are contradicting with respect to the buffer thickness. An extension of the target region in the axial direction (the proton beam direction) is also required to act as a neutron multiplier for the forward component of the high-energy spallation neutrons and a reflector to minimize the neutron leakage. The buffer assessment was performed as a function of its thickness with different proton energies for a self-cooled Lead-Bismuth Eutectic and a sodium-cooled tungsten targets. The analyses show that the number of generated neutrons per proton has a low sensitivity to the buffer thickness. However, the number of neutrons reaching the transmuter is significantly reduced as the buffer thickness is increased. The transmuter neutrons dominate the nuclear responses in the structural material outside the target buffer. The length of the axial target extension is determined as a function of the proton beam energy.

  13. Catalyst functionalized buffer sorbent pebbles for rapid separation...

    Office of Scientific and Technical Information (OSTI)

    Catalyst functionalized buffer sorbent pebbles for rapid separation of carbon dioxide from gas mixtures Title: Catalyst functionalized buffer sorbent pebbles for rapid separation ...

  14. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  15. Buffer layers on biaxially textured metal substrates

    DOE Patents [OSTI]

    Shoup, Shara S.; Paranthamam, Mariappan; Beach, David B.; Kroeger, Donald M.; Goyal, Amit

    2001-01-01

    A method is disclosed for forming a biaxially textured buffer layer on a biaxially oriented metal substrate by using a sol-gel coating technique followed by pyrolyzing/annealing in a reducing atmosphere. This method is advantageous for providing substrates for depositing electronically active materials thereon.

  16. A directed-overflow and damage-control N -glycosidase in riboflavin biosynthesis

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Frelin, Océane; Huang, Lili; Hasnain, Ghulam; Jeffryes, James G.; Ziemak, Michael J.; Rocca, James R.; Wang, Bing; Rice, Jennifer; Roje, Sanja; Yurgel, Svetlana N.; et al

    2015-02-15

    Plants and bacteria synthesize the essential human micronutrient riboflavin (vitamin B2) via the same multistep pathway. The early intermediates of this pathway are notoriously reactive, and may be overproduced in vivo because riboflavin biosynthesis enzymes lack feedback controls. Here we demonstrate disposal of riboflavin intermediates by COG3236 (DUF1768), a protein of previously unknown function that is fused to two different riboflavin pathway enzymes in plants and bacteria (RIBR and RibA, respectively). We present cheminformatic, biochemical, genetic, and genomic evidence to show that: (i) plant and bacterial COG3236 proteins cleave the N-glycosidic bond of the first two intermediates of riboflavin biosynthesis,more » yielding relatively innocuous products; (ii) certain COG3236 proteins are in a multienzyme riboflavin biosynthesis complex that gives them privileged access to riboflavin intermediates; and (iii) COG3236 action in Arabidopsis thaliana and Escherichia coli helps maintain flavin levels. We find COG3236 proteins thus illustrate two emerging principles in chemical biology: directed overflow metabolism, in which excess flux is diverted out of a pathway, and the pre-emption of damage from reactive metabolites.« less

  17. FROM HOT JUPITERS TO SUPER-EARTHS VIA ROCHE LOBE OVERFLOW

    SciTech Connect (OSTI)

    Valsecchi, Francesca; Rasio, Frederic A.; Steffen, Jason H.

    2014-09-20

    Through tidal dissipation in a slowly spinning host star, the orbits of many hot Jupiters may decay down to the Roche limit. We expect that the ensuing mass transfer will be stable in most cases. Using detailed numerical calculations, we find that this evolution is quite rapid, potentially leading to the complete removal of the gaseous envelope in a few gigayears, and leaving behind an exposed rocky core (a {sup h}ot super-Earth{sup )}. Final orbital periods are quite sensitive to the details of the planet's mass-radius relation and to the effects of irradiation and photo-evaporation, but could be as short as a few hours or as long as several days. Our scenario predicts the existence of planets with intermediate masses ({sup h}ot Neptunes{sup )} that should be found precisely at their Roche limit and in the process of losing mass through Roche lobe overflow. The observed excess of small single-planet candidate systems observed by Kepler may also be the result of this process. If so, the properties of their host stars should track those of the hot Jupiters. Moreover, the number of systems that produced hot Jupiters could be two to three times larger than one would infer from contemporary observations.

  18. T-540: Sybase EAServer Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information.

  19. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  20. V-131: Adobe Shockwave Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system

  1. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  2. V-208: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system.

  3. U-169: Sympa Multiple Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.

  4. V-224: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in...

  5. V-121: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

  6. V-207: Wireshark Multiple Denial of Service Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

  7. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  8. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  9. Early Users to Test New Burst Buffer on Cori

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Early Users to Test New Burst Buffer on Cori Early Users to Test New Burst Buffer on Cori Designed to Accelerate IO Performance October 5, 2015 Corimockup NERSC has selected a ...

  10. The exometabolome of Clostridium thermocellum reveals overflow metabolism at high cellulose loading

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Holwerda, Evert K.; Thorne, Philip G.; Olson, Daniel G.; Amador-Noguez, Daniel; Engle, Nancy L.; Tschaplinski, Timothy J.; van Dijken, Johannes P.; Lynd, Lee R.

    2014-10-21

    Background: Clostridium thermocellum is a model thermophilic organism for the production of biofuels from lignocellulosic substrates. The majority of publications studying the physiology of this organism use substrate concentrations of ≤10 g/L. However, industrially relevant concentrations of substrate start at 100 g/L carbohydrate, which corresponds to approximately 150 g/L solids. To gain insight into the physiology of fermentation of high substrate concentrations, we studied the growth on, and utilization of high concentrations of crystalline cellulose varying from 50 to 100 g/L by C. thermocellum. Results: Using a defined medium, batch cultures of C. thermocellum achieved 93% conversion of cellulose (Avicel)more » initially present at 100 g/L. The maximum rate of substrate utilization increased with increasing substrate loading. During fermentation of 100 g/L cellulose, growth ceased when about half of the substrate had been solubilized. However, fermentation continued in an uncoupled mode until substrate utilization was almost complete. In addition to commonly reported fermentation products, amino acids - predominantly L-valine and L-alanine - were secreted at concentrations up to 7.5 g/L. Uncoupled metabolism was also accompanied by products not documented previously for C. thermocellum, including isobutanol, meso- and RR/SS-2,3-butanediol and trace amounts of 3-methyl-1-butanol, 2-methyl-1-butanol and 1-propanol. We hypothesize that C. thermocellum uses overflow metabolism to balance its metabolism around the pyruvate node in glycolysis. In conclusion: C. thermocellum is able to utilize industrially relevant concentrations of cellulose, up to 93 g/L. We report here one of the highest degrees of crystalline cellulose utilization observed thus far for a pure culture of C. thermocellum, the highest maximum substrate utilization rate and the highest amount of isobutanol produced by a wild-type organism.« less

  11. The exometabolome of Clostridium thermocellum reveals overflow metabolism at high cellulose loading

    SciTech Connect (OSTI)

    Holwerda, Evert K.; Thorne, Philip G.; Olson, Daniel G.; Amador-Noguez, Daniel; Engle, Nancy L.; Tschaplinski, Timothy J.; van Dijken, Johannes P.; Lynd, Lee R.

    2014-10-21

    Background: Clostridium thermocellum is a model thermophilic organism for the production of biofuels from lignocellulosic substrates. The majority of publications studying the physiology of this organism use substrate concentrations of ≤10 g/L. However, industrially relevant concentrations of substrate start at 100 g/L carbohydrate, which corresponds to approximately 150 g/L solids. To gain insight into the physiology of fermentation of high substrate concentrations, we studied the growth on, and utilization of high concentrations of crystalline cellulose varying from 50 to 100 g/L by C. thermocellum. Results: Using a defined medium, batch cultures of C. thermocellum achieved 93% conversion of cellulose (Avicel) initially present at 100 g/L. The maximum rate of substrate utilization increased with increasing substrate loading. During fermentation of 100 g/L cellulose, growth ceased when about half of the substrate had been solubilized. However, fermentation continued in an uncoupled mode until substrate utilization was almost complete. In addition to commonly reported fermentation products, amino acids - predominantly L-valine and L-alanine - were secreted at concentrations up to 7.5 g/L. Uncoupled metabolism was also accompanied by products not documented previously for C. thermocellum, including isobutanol, meso- and RR/SS-2,3-butanediol and trace amounts of 3-methyl-1-butanol, 2-methyl-1-butanol and 1-propanol. We hypothesize that C. thermocellum uses overflow metabolism to balance its metabolism around the pyruvate node in glycolysis. In conclusion: C. thermocellum is able to utilize industrially relevant concentrations of cellulose, up to 93 g/L. We report here one of the highest degrees of crystalline cellulose utilization observed thus far for a pure culture of C. thermocellum, the highest maximum substrate utilization rate and the highest amount of isobutanol produced by a wild-type organism.

  12. Buffer for a gamma-insensitive optical sensor with gas and a buffer assembly

    DOE Patents [OSTI]

    Kruger, H.W.

    1994-05-10

    A buffer assembly is disclosed for a gamma-insensitive gas avalanche focal plane array operating in the ultra-violet/visible/infrared energy wavelengths and using a photocathode and an avalanche gas located in a gap between an anode and the photocathode. The buffer assembly functions to eliminate chemical compatibility between the gas composition and the materials of the photocathode. The buffer assembly in the described embodiment is composed of two sections, a first section constructed of glass honeycomb under vacuum and a second section defining a thin barrier film or membrane constructed, for example, of Al and Be, which is attached to and supported by the honeycomb. The honeycomb section, in turn, is supported by and adjacent to the photocathode. 7 figures.

  13. Buffer layers and articles for electronic devices

    DOE Patents [OSTI]

    Paranthaman, Mariappan P.; Aytug, Tolga; Christen, David K.; Feenstra, Roeland; Goyal, Amit

    2004-07-20

    Materials for depositing buffer layers on biaxially textured and untextured metallic and metal oxide substrates for use in the manufacture of superconducting and other electronic articles comprise RMnO.sub.3, R.sub.1-x A.sub.x MnO.sub.3, and combinations thereof; wherein R includes an element selected from the group consisting of La, Ce, Pr, Nd, Pm, Sm, Eu, Gd, Tb, Dy, Ho, Er, Tm, Yb, Lu, and Y, and A includes an element selected from the group consisting of Be, Mg, Ca, Sr, Ba, and Ra.

  14. Assessing the Security Vulnerabilities of Correctional Facilities

    SciTech Connect (OSTI)

    Morrison, G.S.; Spencer, D.S.

    1998-10-27

    The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

  15. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

  16. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  17. NSTB Summarizes Vulnerable Areas | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    NSTB Summarizes Vulnerable Areas Experts at the National SCADA Test Bed (NSTB) discovered ... Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems ...

  18. US Energy Sector Vulnerabilities to Climate Change

    Broader source: Energy.gov (indexed) [DOE]

    Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND ... and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). ...

  19. Vulnerability Analysis of Energy Delivery Control Systems

    Broader source: Energy.gov (indexed) [DOE]

    ... Attackers can search for vulnerabilities in firewalls, ... organization, measured in terms of confidentiality, ... in which an adversary can enter the system and potentially ...

  20. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E.

    1996-10-01

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  1. System and method for implementing periodic early discard in on-chip buffer memories of network elements

    DOE Patents [OSTI]

    Francini, Andrea

    2013-05-14

    An advance is made over the prior art in accordance with the principles of the present invention that is directed to a new approach for a system and method for a buffer management scheme called Periodic Early Discard (PED). The invention builds on the observation that, in presence of TCP traffic, the length of a queue can be stabilized by selection of an appropriate frequency for packet dropping. For any combination of number of TCP connections and distribution of the respective RTT values, there exists an ideal packet drop frequency that prevents the queue from over-flowing or under-flowing. While the value of the ideal packet drop frequency may quickly change over time and is sensitive to the series of TCP connections affected by past packet losses, and most of all is impossible to compute inline, it is possible to approximate it with a margin of error that allows keeping the queue occupancy within a pre-defined range for extended periods of time. The PED scheme aims at tracking the (unknown) ideal packet drop frequency, adjusting the approximated value based on the evolution of the queue occupancy, with corrections of the approximated packet drop frequency that occur at a timescale that is comparable to the aggregate time constant of the set of TCP connections that traverse the queue.

  2. U-179: IBM Java 7 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  3. Early Users to Test New Burst Buffer on Cori

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Early Users to Test New Burst Buffer on Cori Early Users to Test New Burst Buffer on Cori Designed to Accelerate I/O Performance October 5, 2015 Corimockup NERSC has selected a number of HPC research projects to participate in the center's new Burst Buffer Early User Program, where they will be able to test and run their codes using the new Burst Buffer feature on the center's newest supercomputer, Cori. Cori Phase 1, recently installed in the new Computational Research and Theory building at

  4. CHEMICAL SOLUTION DEPOSITION BASED OXIDE BUFFERS AND YBCO COATED...

    Office of Scientific and Technical Information (OSTI)

    to obtain the flexible, biaxially oriented copper, nickel or nickel-alloy substrates. Buffers and Rare Earth Barium Copper Oxide (REBCO) superconductors have been deposited ...

  5. Back contact buffer layer for thin-film solar cells

    DOE Patents [OSTI]

    Compaan, Alvin D.; Plotnikov, Victor V.

    2014-09-09

    A photovoltaic cell structure is disclosed that includes a buffer/passivation layer at a CdTe/Back contact interface. The buffer/passivation layer is formed from the same material that forms the n-type semiconductor active layer. In one embodiment, the buffer layer and the n-type semiconductor active layer are formed from cadmium sulfide (CdS). A method of forming a photovoltaic cell includes the step of forming the semiconductor active layers and the buffer/passivation layer within the same deposition chamber and using the same material source.

  6. Epitaxial Growth of Strontium Bismuth Tantalate/Niobate of Buffered...

    Office of Scientific and Technical Information (OSTI)

    of Strontium Bismuth TantalateNiobate of Buffered Magnesium Oxide Substrates Citation Details In-Document Search Title: Epitaxial Growth of Strontium Bismuth TantalateNiobate ...

  7. Buffer layer for thin film structures (Patent) | DOEPatents

    Office of Scientific and Technical Information (OSTI)

    A superconducting article can include a composite structure including an outermost layer of magnesium oxide, a buffer layer of strontium titanate or a mixture of strontium titanate ...

  8. Methods for improved growth of group III nitride buffer layers

    DOE Patents [OSTI]

    Melnik, Yurity; Chen, Lu; Kojiri, Hidehiro

    2014-07-15

    Methods are disclosed for growing high crystal quality group III-nitride epitaxial layers with advanced multiple buffer layer techniques. In an embodiment, a method includes forming group III-nitride buffer layers that contain aluminum on suitable substrate in a processing chamber of a hydride vapor phase epitaxy processing system. A hydrogen halide or halogen gas is flowing into the growth zone during deposition of buffer layers to suppress homogeneous particle formation. Some combinations of low temperature buffers that contain aluminum (e.g., AlN, AlGaN) and high temperature buffers that contain aluminum (e.g., AlN, AlGaN) may be used to improve crystal quality and morphology of subsequently grown group III-nitride epitaxial layers. The buffer may be deposited on the substrate, or on the surface of another buffer. The additional buffer layers may be added as interlayers in group III-nitride layers (e.g., GaN, AlGaN, AlN).

  9. Current isolating epitaxial buffer layers for high voltage photodiode array

    DOE Patents [OSTI]

    Morse, Jeffrey D.; Cooper, Gregory A.

    2002-01-01

    An array of photodiodes in series on a common semi-insulating substrate has a non-conductive buffer layer between the photodiodes and the semi-insulating substrate. The buffer layer reduces current injection leakage between the photodiodes of the array and allows optical energy to be converted to high voltage electrical energy.

  10. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier; Duarte, Oscar; Requena, Ignacio; Zamorano, Montserrat

    2012-01-15

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  11. Mitigation of substrate defects in reticles using multilayer buffer layers

    DOE Patents [OSTI]

    Mirkarimi, Paul B.; Bajt, Sasa; Stearns, Daniel G.

    2001-01-01

    A multilayer film is used as a buffer layer to minimize the size of defects on a reticle substrate prior to deposition of a reflective coating on the substrate. The multilayer buffer layer deposited intermediate the reticle substrate and the reflective coating produces a smoothing of small particles and other defects on the reticle substrate. The reduction in defect size is controlled by surface relaxation during the buffer layer growth process and by the degree of intermixing and volume contraction of the materials at the multilayer interfaces. The buffer layers are deposited at near-normal incidence via a low particulate ion beam sputtering process. The growth surface of the buffer layer may also be heated by a secondary ion source to increase the degree of intermixing and improve the mitigation of defects.

  12. Replenishing data descriptors in a DMA injection FIFO buffer

    DOE Patents [OSTI]

    Archer, Charles J.; Blocksome, Michael A.; Cernohous, Bob R.; Heidelberger, Philip; Kumar, Sameer; Parker, Jeffrey J.

    2011-10-11

    Methods, apparatus, and products are disclosed for replenishing data descriptors in a Direct Memory Access (`DMA`) injection first-in-first-out (`FIFO`) buffer that include: determining, by a messaging module on an origin compute node, whether a number of data descriptors in a DMA injection FIFO buffer exceeds a predetermined threshold, each data descriptor specifying an application message for transmission to a target compute node; queuing, by the messaging module, a plurality of new data descriptors in a pending descriptor queue if the number of the data descriptors in the DMA injection FIFO buffer exceeds the predetermined threshold; establishing, by the messaging module, interrupt criteria that specify when to replenish the injection FIFO buffer with the plurality of new data descriptors in the pending descriptor queue; and injecting, by the messaging module, the plurality of new data descriptors into the injection FIFO buffer in dependence upon the interrupt criteria.

  13. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

  14. U-273: Multiple vulnerabilities have been reported in Wireshark

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  15. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities The objective of safeguards is the timely detection of ...

  16. V-111: Multiple vulnerabilities have been reported in Puppet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerable system. SOLUTION: Update to a fixed version. Addthis Related Articles V-090: Adobe Flash Player AIR Multiple Vulnerabilities V-083: Oracle Java Multiple...

  17. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-191: Oracle Java Multiple Vulnerabilities U-105:Oracle Java SE Critical Patch Update Advisory T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities...

  18. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment AgencyCompany Organization Climate and Development...

  19. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment (Redirected from CDKN-Colombia-Cartagena Vulnerability Assessment) Jump to: navigation, search Name Colombia-CDKN-Cartagena...

  20. OLADE-Central America Climate Change Vulnerability Program |...

    Open Energy Info (EERE)

    Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program AgencyCompany Organization Latin...

  1. India-Vulnerability Assessment and Enhancing Adaptive Capacities...

    Open Energy Info (EERE)

    Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

  2. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  3. Potential Vulnerability of US Petroleum Refineries to Increasing...

    Energy Savers [EERE]

    Potential Vulnerability of US Petroleum Refineries to Increasing Water Temperature andor Reduced Water Availability Potential Vulnerability of US Petroleum Refineries to ...

  4. V-094: IBM Multiple Products Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple ...

  5. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Technical Report: Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities You are accessing a document from the ...

  6. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  7. V-126: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system

  8. V-187: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  9. V-097: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  10. Gilliam County Riparian Buffers; 2003-2004 Annual Reports.

    SciTech Connect (OSTI)

    Coiner, Josh

    2004-06-01

    Interest appears to be at an all-time high for riparian conservation programs in Gilliam County. With the recently added Herbaceous Buffer and the already established CREP program interest is booming. However, more and more people are turning towards the herbaceous buffer because of expense. The riparian forest buffer is becoming too expensive. Even with the excellent cost share and incentives landowners are having trouble with Farm Service Agency's payment limitation. Because of this payment limitation landowners are not receiving their full rental and incentive payments, usually in year one. This has cooled the installation of riparian forest buffers and peaked interest in the CP-29 (Herbaceous Buffer for Wildlife). Either way, riparian lands are being enhanced and water quality is being improved. Year three should be very similar to the accomplishments of year 2. There has already been several projects proposed that may or may not be approved during year 3. I am currently working on three projects that are all over 2.5 miles long on each side and total anywhere from 60 to 250 acres in size. Along with these three projects there at least seven small projects being proposed. Four of those projects are riparian forest buffers and the remaining are herbaceous buffers.

  11. Enhanced adhesion for LIGA microfabrication by using a buffer layer

    DOE Patents [OSTI]

    Bajikar, Sateesh S.; De Carlo, Francesco; Song, Joshua J.

    2001-01-01

    The present invention is an improvement on the LIGA microfabrication process wherein a buffer layer is applied to the upper or working surface of a substrate prior to the placement of a resist onto the surface of the substrate. The buffer layer is made from an inert low-Z material (low atomic weight), a material that absorbs secondary X-rays emissions from the substrate that are generated from the substrate upon exposure to a primary X-rays source. Suitable materials for the buffer layer include polyamides and polyimide. The preferred polyimide is synthesized form pyromellitic anhydride and oxydianiline (PMDA-ODA).

  12. Buffer layers for REBCO films for use in superconducting devices

    DOE Patents [OSTI]

    Goyal, Amit; Wee, Sung-Hun

    2014-06-10

    A superconducting article includes a substrate having a biaxially textured surface. A biaxially textured buffer layer, which can be a cap layer, is supported by the substrate. The buffer layer includes a double perovskite of the formula A.sub.2B'B''O.sub.6, where A is rare earth or alkaline earth metal and B' and B'' are different transition metal cations. A biaxially textured superconductor layer is deposited so as to be supported by the buffer layer. A method of making a superconducting article is also disclosed.

  13. Enhanced adhesion for LIGA microfabrication by using a buffer layer

    DOE Patents [OSTI]

    Bajikar, Sateesh S.; De Carlo, Francesco; Song, Joshua J.

    2004-01-27

    The present invention is an improvement on the LIGA microfabrication process wherein a buffer layer is applied to the upper or working surface of a substrate prior to the placement of a resist onto the surface of the substrate. The buffer layer is made from an inert low-Z material (low atomic weight), a material that absorbs secondary X-rays emissions from the substrate that are generated from the substrate upon exposure to a primary X-rays source. Suitable materials for the buffer layer include polyamides and polyimide. The preferred polyimide is synthesized form pyromellitic anhydride and oxydianiline (PMDA-ODA).

  14. Buffer layers on biaxially textured metal substrates (Patent...

    Office of Scientific and Technical Information (OSTI)

    A method is disclosed for forming a biaxially textured buffer layer on a biaxially oriented metal substrate by using a sol-gel coating technique followed by pyrolyzingannealing in ...

  15. Method of depositing buffer layers on biaxially textured metal...

    Office of Scientific and Technical Information (OSTI)

    eu; gd; tb; tm; resup1subx; resup2sub1-xsub2; osub3; buffer; layer; deposited; sol-gel; metal-organic; decomposition; laminate; article; layer; ybco; resup1subx; ...

  16. Optimizing the availability of a buffered industrial process

    DOE Patents [OSTI]

    Martz, Jr., Harry F.; Hamada, Michael S.; Koehler, Arthur J.; Berg, Eric C.

    2004-08-24

    A computer-implemented process determines optimum configuration parameters for a buffered industrial process. A population size is initialized by randomly selecting a first set of design and operation values associated with subsystems and buffers of the buffered industrial process to form a set of operating parameters for each member of the population. An availability discrete event simulation (ADES) is performed on each member of the population to determine the product-based availability of each member. A new population is formed having members with a second set of design and operation values related to the first set of design and operation values through a genetic algorithm and the product-based availability determined by the ADES. Subsequent population members are then determined by iterating the genetic algorithm with product-based availability determined by ADES to form improved design and operation values from which the configuration parameters are selected for the buffered industrial process.

  17. CHEMICAL SOLUTION DEPOSITION BASED OXIDE BUFFERS AND YBCO COATED CONDUCTORS

    SciTech Connect (OSTI)

    Paranthaman, Mariappan Parans

    2011-01-01

    We have reviewed briefly the growth of buffer and high temperature superconducting oxide thin films using a chemical solution deposition (CSD) method. In the Rolling-Assisted Biaxially Textured Substrates (RABiTS) process, developed at Oak Ridge National Laboratory, utilizes the thermo mechanical processing to obtain the flexible, biaxially oriented copper, nickel or nickel-alloy substrates. Buffers and Rare Earth Barium Copper Oxide (REBCO) superconductors have been deposited epitaxially on the textured nickel alloy substrates. The starting substrate serves as a template for the REBCO layer, which has substantially fewer weak links. Buffer layers play a major role in fabricating the second generation REBCO wire technology. The main purpose of the buffer layers is to provide a smooth, continuous and chemically inert surface for the growth of the REBCO film, while transferring the texture from the substrate to the superconductor layer. To achieve this, the buffer layers need to be epitaxial to the substrate, i.e. they have to nucleate and grow in the same bi-axial texture provided by the textured metal foil. The most commonly used RABiTS multi-layer architectures consist of a starting template of biaxially textured Ni-5 at.% W (Ni-W) substrate with a seed (first) layer of Yttrium Oxide (Y2O3), a barrier (second) layer of Yttria Stabilized Zirconia (YSZ), and a Cerium Oxide (CeO2) cap (third) layer. These three buffer layers are generally deposited using physical vapor deposition (PVD) techniques such as reactive sputtering. On top of the PVD template, REBCO film is then grown by a chemical solution deposition. This article reviews in detail about the list of oxide buffers and superconductor REBCO films grown epitaxially on single crystal and/or biaxially textured Ni-W substrates using a CSD method.

  18. Message communications of particular message types between compute nodes using DMA shadow buffers

    DOE Patents [OSTI]

    Blocksome, Michael A.; Parker, Jeffrey J.

    2010-11-16

    Message communications of particular message types between compute nodes using DMA shadow buffers includes: receiving a buffer identifier specifying an application buffer having a message of a particular type for transmission to a target compute node through a network; selecting one of a plurality of shadow buffers for a DMA engine on the compute node for storing the message, each shadow buffer corresponding to a slot of an injection FIFO buffer maintained by the DMA engine; storing the message in the selected shadow buffer; creating a data descriptor for the message stored in the selected shadow buffer; injecting the data descriptor into the slot of the injection FIFO buffer corresponding to the selected shadow buffer; selecting the data descriptor from the injection FIFO buffer; and transmitting the message specified by the selected data descriptor through the data communications network to the target compute node.

  19. Rare earth zirconium oxide buffer layers on metal substrates

    DOE Patents [OSTI]

    Williams, Robert K.; Paranthaman, Mariappan; Chirayil, Thomas G.; Lee, Dominic F.; Goyal, Amit; Feenstra, Roeland

    2001-01-01

    A laminate article comprises a substrate and a biaxially textured (RE.sub.x A.sub.(1-x)).sub.2 O.sub.2-(x/2) buffer layer over the substrate, wherein 0buffer layer can be deposited using sol-gel or metal-organic decomposition. The laminate article can include a layer of YBCO over the (RE.sub.x A.sub.(1-x)).sub.2 O.sub.2-(x/2) buffer layer. A layer of CeO.sub.2 between the YBCO layer and the (RE.sub.x A.sub.(1-x)).sub.2 O.sub.2-(x/2) buffer layer can also be include. Further included can be a layer of YSZ between the CeO.sub.2 layer and the (RE.sub.x A.sub.(1-x)).sub.2 O.sub.2-(x/2) buffer layer. The substrate can be a biaxially textured metal, such as nickel. A method of forming the laminate article is also disclosed.

  20. Method of depositing buffer layers on biaxially textured metal substrates

    DOE Patents [OSTI]

    Beach, David B.; Morrell, Jonathan S.; Paranthaman, Mariappan; Chirayil, Thomas; Specht, Eliot D.; Goyal, Amit

    2002-08-27

    A laminate article comprises a substrate and a biaxially textured (RE.sup.1.sub.x RE.sup.2.sub.(1-x)).sub.2 O.sub.3 buffer layer over the substrate, wherein 0buffer layer can be deposited using sol-gel or metal-organic decomposition. The laminate article can include a layer of YBCO over the (RE.sup.1.sub.x RE.sup.2.sub.(1-x)).sub.2 O.sub.3 buffer layer. A layer of CeO.sub.2 between the YBCO layer and the (RE.sup.1.sub.x RE.sup.2.sub.(1-x)).sub.2 O.sub.3 buffer can also be include. Further included can be a layer of YSZ between the CeO.sub.2 layer and the (RE.sup.1.sub.x RE.sup.2.sub.(1-x)).sub.2 O.sub.3 buffer layer. The substrate can be a biaxially textured metal, such as nickel. A method of forming the laminate article is also disclosed.

  1. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  2. U-173: Symantec Web Gateway Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system.

  3. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  4. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  5. Buffer layers on metal alloy substrates for superconducting tapes

    DOE Patents [OSTI]

    Jia, Quanxi; Foltyn, Stephen R.; Arendt, Paul N.; Groves, James R.

    2004-10-05

    An article including a substrate, at least one intermediate layer upon the surface of the substrate, a layer of an oriented cubic oxide material having a rock-salt-like structure upon the at least one intermediate layer, and a layer of a SrRuO.sub.3 buffer material upon the oriented cubic oxide material layer is provided together with additional layers such as a HTS top-layer of YBCO directly upon the layer of a SrRuO.sub.3 buffer material layer. With a HTS top-layer of YBCO upon at least one layer of the SrRuO.sub.3 buffer material in such an article, J.sub.c 's of up to 1.3.times.10.sup.6 A/cm.sup.2 have been demonstrated with projected I.sub.c 's of over 200 Amperes across a sample 1 cm wide.

  6. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  7. SMOOTH OIL & GAS FIELD OUTLINES MADE FROM BUFFERED WELLS

    U.S. Energy Information Administration (EIA) Indexed Site

    The VBA code provided at the bottom of this document is an updated version (from ArcGIS 9.0 to ArcGIS 9.2) of the polygon smoothing algorithm described below. A bug that occurred when multiple wells had the same location was also fixed. SMOOTH OIL & GAS FIELD OUTLINE POLYGONS MADE FROM BUFFERED WELLS Why smooth buffered field outlines? See the issues in the figure below: [pic] The smoothing application provided as VBA code below does the following: Adds area to the concave portions; doesn't

  8. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system

  9. T-731:Symantec IM Manager Code Injection Vulnerability | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code...

  10. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security...

  11. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X...

  12. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  13. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 0: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin

  14. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  15. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

  16. Vulnerability Analysis of Energy Delivery Control Systems (September 2011)

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems (September 2011) The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides recommendations for vendors and owners of those systems to identify and reduce those risks. Vulnerability Analysis of Energy Delivery Control Systems (September 2011) (2.69 MB)

  17. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability

  18. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: IBM Lotus Expeditor Multiple Vulnerabilities U-198: IBM Lotus Expeditor Multiple Vulnerabilities June 25, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus Expeditor. PLATFORM: IBM Lotus Expeditor 6.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.. Reference Links: Vendor Advisory

  19. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  20. U-013: HP Data Protector Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

  1. V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system

  2. T-564: Vulnerabilities in Citrix Licensing administration components

    Broader source: Energy.gov [DOE]

    The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

  3. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  4. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  5. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection

  6. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs

  7. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  8. COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS Jason Stamp, John Dillinger, and William Young Networked Systems Survivability and Assurance Department Jennifer DePoy Information Operations Red Team & Assessments Department Sandia National Laboratories Albuquerque, NM 87185-0785 22 May 2003 (2 nd edition, revised 11 November 2003) Copyright © 2003, Sandia Corporation. All rights reserved. Permission is granted to display, copy, publish, and distribute this document in its

  9. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591

  10. Buffered coscheduling for parallel programming and enhanced fault tolerance

    DOE Patents [OSTI]

    Petrini, Fabrizio; Feng, Wu-chun

    2006-01-31

    A computer implemented method schedules processor jobs on a network of parallel machine processors or distributed system processors. Control information communications generated by each process performed by each processor during a defined time interval is accumulated in buffers, where adjacent time intervals are separated by strobe intervals for a global exchange of control information. A global exchange of the control information communications at the end of each defined time interval is performed during an intervening strobe interval so that each processor is informed by all of the other processors of the number of incoming jobs to be received by each processor in a subsequent time interval. The buffered coscheduling method of this invention also enhances the fault tolerance of a network of parallel machine processors or distributed system processors

  11. Vulnerability Analysis of Energy Delivery Control Systems

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the

  12. T-550: Apache Denial of Service Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption).

  13. Buffer layers on metal alloy substrates for superconducting tapes

    DOE Patents [OSTI]

    Jia, Quanxi; Foltyn, Stephen R.; Arendt, Paul N.; Groves, James R.

    2004-06-29

    An article including a substrate, a layer of an inert oxide material upon the surface of the substrate, a layer of an amorphous oxide or oxynitride material upon the inert oxide material layer, a layer of an oriented cubic oxide material having a rock-salt-like structure upon the amorphous oxide material layer, and a layer of a SrRuO.sub.3 buffer material upon the oriented cubic oxide material layer is provided together with additional layers such as a HTS top-layer of YBCO directly upon the layer of a SrRuO.sub.3 buffer material layer. With a HTS top-layer of YBCO upon at least one layer of the SrRuO.sub.3 buffer material in such an article, J.sub.c 's of up to 1.3.times.10.sup.6 A/cm.sup.2 have been demonstrated with projected IC's of over 200 Amperes across a sample 1 cm wide.

  14. Sol-gel deposition of buffer layers on biaxially textured metal...

    Office of Scientific and Technical Information (OSTI)

    Sol-gel deposition of buffer layers on biaxially textured metal substances Citation Details In-Document Search Title: Sol-gel deposition of buffer layers on biaxially textured ...

  15. Buffer layer for thin film structures (Patent) | SciTech Connect

    Office of Scientific and Technical Information (OSTI)

    Buffer layer for thin film structures Citation Details In-Document Search Title: Buffer layer for thin film structures A composite structure including a base substrate and a layer...

  16. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G.; Pedretti, Kevin Thomas Tauke; Mueller, Frank; Fiala, David; Brightwell, Ronald Brian

    2012-05-01

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  17. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan

    2014-01-15

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts

  18. U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player

  19. T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

  20. Top 10 Vulnerabilities of Control Systems and Their Associated Migitations

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2006) | Department of Energy Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. Top 10 Vulnerabilities of

  1. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of Indian Energy report assesses climate change and extreme weather vulnerabilities specific to tribal energy infrastructure and systems in the contiguous United States and Alaska. It includes information about the impacts from climate change and extreme weather events on both onsite and offsite

  2. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors

  3. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides practices that can help mitigate the potential risks that can occur to some electricity sector organizations. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED

  4. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

  5. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

  6. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  7. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    :"","inlineLabel":"","visitedicon":"" Display map Period 2011-2014 References EU Smart Grid Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency...

  8. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

  9. GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material...

    National Nuclear Security Administration (NNSA)

    GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material May 29, 2014 GTRI's Remove Program works around the world to remove excess nuclear and radiological materials ...

  10. V-107: Wireshark Multiple Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  11. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Mitigations for Security Vulnerabilities Found in Control System Networks (425.98 KB) More Documents & Publications Cyber Assessment Methods for SCADA Security Introduction SCADA ...

  12. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Introduction SCADA Security for Managers and Operators DOE National SCADA Test Bed Program ...

  13. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems - 2011 Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

  14. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  15. U-172: OpenOffice.org Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

  16. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  17. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    France) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country France Coordinates...

  18. V-062: Asterisk Two Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

  19. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This ... States government or any agency thereof. energy.govindianenergy | indianenergy@hq.doe.go...

  20. V-082: Novell GroupWise Client Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

  1. U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

  2. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    on both onsite and offsite tribally owned and non-tribally owned energy infrastructure. ... Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  3. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct

  4. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton; Phillips, Cynthia A.

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  5. Costs of strikes between vulnerable missile forces

    SciTech Connect (OSTI)

    Canavan, G.H.

    1997-02-01

    This note derives the first and second strike magnitudes and costs for strikes between vulnerable missile forces with multiple warheads. The extension to mixes with invulnerable missiles is performed in a companion note. Stability increases as the number of weapons per missile is reduced. The optimal allocation of weapons between missiles and value is significant in predicting the stability impact of the reduction of the number of weapons per missile at large numbers of missiles, less significant in reducing the number of missiles for fixed weapons per missile. At low numbers of missiles, the stability indices for singlet and triplet configurations are comparable, as are the number of weapons each would deliver on value targets.

  6. MODELING UNDERGROUND STRUCTURE VULNERABILITY IN JOINTED ROCK

    SciTech Connect (OSTI)

    R. SWIFT; D. STEEDMAN

    2001-02-01

    The vulnerability of underground structures and openings in deep jointed rock to ground shock attack is of chief concern to military planning and security. Damage and/or loss of stability to a structure in jointed rock, often manifested as brittle failure and accompanied with block movement, can depend significantly on jointed properties, such as spacing, orientation, strength, and block character. We apply a hybrid Discrete Element Method combined with the Smooth Particle Hydrodynamics approach to simulate the MIGHTY NORTH event, a definitive high-explosive test performed on an aluminum lined cylindrical opening in jointed Salem limestone. Representing limestone with discrete elements having elastic-equivalence and explicit brittle tensile behavior and the liner as an elastic-plastic continuum provides good agreement with the experiment and damage obtained with finite-element simulations. Extending the approach to parameter variations shows damage is substantially altered by differences in joint geometry and liner properties.

  7. Photo-induced wettability of TiO{sub 2} film with Au buffer layer

    SciTech Connect (OSTI)

    Purkayastha, Debarun Dhar; Sangani, L. D. Varma; Krishna, M. Ghanashyam; Madhurima, V.

    2014-04-24

    The effect of thickness of Au buffer layer (15-25 nm) between TiO{sub 2} film and substrate on the wettability of TiO{sub 2} films is reported. TiO{sub 2} films grown on Au buffer layer have a higher contact angle of 96-;100 as compared to 47.6o for the film grown without buffer layer. The transition from hydrophobicity to hydrophilicity under UV irradiation occurs within 10 min. for the buffer layered films whereas it is almost 30 min. for the film grown without buffer layer. The enhanced photo induced hydrophilicity is shown to be surface energy driven.

  8. Conductive and robust nitride buffer layers on biaxially textured substrates

    DOE Patents [OSTI]

    Sankar, Sambasivan; Goyal, Amit; Barnett, Scott A.; Kim, Ilwon; Kroeger, Donald M.

    2004-08-31

    The present invention relates to epitaxial, electrically conducting and mechanically robust, cubic nitride buffer layers deposited epitaxially on biaxially textured substrates such as metal and alloys. The invention comprises of a biaxially textured substrate with epitaxial layers of nitrides. The invention also discloses a method to form such epitaxial layers using a high rate deposition method as well as without the use of forming gases. The invention further comprises epitaxial layers of oxides on the biaxially textured nitride layers. In some embodiments the article further comprises electromagnetic devices which may be super conducting properties.

  9. Conductive and robust nitride buffer layers on biaxially textured substrates

    DOE Patents [OSTI]

    Sankar, Sambasivan [Chicago, IL; Goyal, Amit [Knoxville, TN; Barnett, Scott A [Evanston, IL; Kim, Ilwon [Skokie, IL; Kroeger, Donald M [Knoxville, TN

    2009-03-31

    The present invention relates to epitaxial, electrically conducting and mechanically robust, cubic nitride buffer layers deposited epitaxially on biaxially textured substrates such as metals and alloys. The invention comprises of a biaxially textured substrate with epitaxial layers of nitrides. The invention also discloses a method to form such epitaxial layers using a high rate deposition method as well as without the use of forming gases. The invention further comprises epitaxial layers of oxides on the biaxially textured nitride layer. In some embodiments the article further comprises electromagnetic devices which may have superconducting properties.

  10. Buffer layers on rolled nickel or copper as superconductor substrates

    DOE Patents [OSTI]

    Paranthaman, Mariappan; Lee, Dominic F.; Kroeger, Donald M.; Goyal, Amit

    2000-01-01

    Buffer layer architectures are epitaxially deposited on biaxially-textured rolled substrates of nickel and/or copper and their alloys for high current conductors, and more particularly buffer layer architectures such as Y.sub.2 O.sub.3 /Ni, YSZ/Y.sub.2 O.sub.3 /Ni, Yb.sub.2 O.sub.3 /Ni, Yb.sub.2 O.sub.3 /Y.sub.2 O.sub.3 /Ni, Yb.sub.2 O.sub.3 /CeO.sub.2 /Ni, RE.sub.2 O.sub.3 /Ni (RE=Rare Earth), and Yb.sub.2 O.sub.3 /YSZ/CeO.sub.2 /Ni, Y.sub.2 O.sub.3 /Cu, YSZ/Y.sub.2 O.sub.3 /Cu, Yb.sub.2 O.sub.3 /Cu, Yb.sub.2 O.sub.3 /Y.sub.2 O.sub.3 /Cu, Yb.sub.2 O.sub.3 /CeO.sub.2 /Cu, RE.sub.2 O.sub.3 /Cu, and Yb.sub.2 O.sub.3 /YSZ/CeO.sub.2 /Cu. Deposition methods include physical vapor deposition techniques which include electron-beam evaporation, rf magnetron sputtering, pulsed laser deposition, thermal evaporation, and solution precursor approach, which includes chemical vapor deposition, combustion CVD, metal-organic decomposition, sol-gel processing, and plasma spray.

  11. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  12. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  13. Superconducting composite with multilayer patterns and multiple buffer layers

    DOE Patents [OSTI]

    Wu, X.D.; Muenchausen, R.E.

    1993-10-12

    An article of manufacture is described including a substrate, a patterned interlayer of a material selected from the group consisting of magnesium oxide, barium-titanium oxide or barium-zirconium oxide, the patterned interlayer material overcoated with a secondary interlayer material of yttria-stabilized zirconia or magnesium-aluminum oxide, upon the surface of the substrate whereby an intermediate article with an exposed surface of both the overcoated patterned interlayer and the substrate is formed, a coating of a buffer layer selected from the group consisting of cerium oxide, yttrium oxide, curium oxide, dysprosium oxide, erbium oxide, europium oxide, iron oxide, gadolinium oxide, holmium oxide, indium oxide, lanthanum oxide, manganese oxide, lutetium oxide, neodymium oxide, praseodymium oxide, plutonium oxide, samarium oxide, terbium oxide, thallium oxide, thulium oxide, yttrium oxide and ytterbium oxide over the entire exposed surface of the intermediate article, and, a ceramic superconductor. 5 figures.

  14. T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

  15. Doped Y.sub.2O.sub.3 buffer layers for laminated conductors

    DOE Patents [OSTI]

    Paranthaman, Mariappan Parans [Knoxville, TN; Schoop, Urs [Westborough, MA; Goyal, Amit [Knoxville, TN; Thieme, Cornelis Leo Hans [Westborough, MA; Verebelyi, Darren T [Oxford, MA; Rupich, Martin W [Framingham, MA

    2007-08-21

    A laminated conductor includes a metallic substrate having a surface, a biaxially textured buffer layer supported by the surface of the metallic substrate, the biaxially textured buffer layer comprising Y.sub.2O.sub.3 and a dopant for blocking cation diffusion through the Y.sub.2O.sub.3, and a biaxially textured conductor layer supported by the biaxially textured buffer layer.

  16. U-191: Oracle Java Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes

  17. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  18. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J; Pleszkoch, Mark G; Sayre, Kirk D; Linger, Richard C

    2012-01-01

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  19. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis PROBLEM: Cisco Unified Communications Manager contains a vulnerability that could allow an authenticated, remote attacker to inject arbitrary script code on a targeted system. PLATFORM: Cisco Unified Communications Manager versions prior to 8.5(1), 8.0(3), 7.1(5)su1, and 6.1(5)su2 are

  20. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  1. Inert Gas Buffered Milling and Particle Size Separation of μm...

    Office of Scientific and Technical Information (OSTI)

    Size Separation of m-Scale Superconducting Precursor Powders Citation Details In-Document Search Title: Inert Gas Buffered Milling and Particle Size Separation of ...

  2. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  3. U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

  4. T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.

  5. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  6. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate...

  7. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  8. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  9. T-542: SAP Crystal Reports Server Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.

  10. V-173: Plesk 0-Day Vulnerability | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro...

  11. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 9.0 or update to version 8.5.3 Fix Pack 4 when available Addthis Related Articles T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service...

  12. U.S. Energy Sector Vulnerability Report | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support climate change preparedness and resilience planning -- and to advance the Energy Department's goal of promoting energy security -- the Department is assessing the threats of climate change and extreme weather to the Nation' energy system. Two reports have been released that examine the current and potential future impacts of climate change and extreme weather on the

  13. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 96: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can

  14. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  15. Superconducting composite with multilayer patterns and multiple buffer layers

    DOE Patents [OSTI]

    Wu, Xin D.; Muenchausen, Ross E.

    1993-01-01

    An article of manufacture including a substrate, a patterned interlayer of a material selected from the group consisting of magnesium oxide, barium-titanium oxide or barium-zirconium oxide, the patterned interlayer material overcoated with a secondary interlayer material of yttria-stabilized zirconia or magnesium-aluminum oxide, upon the surface of the substrate whereby an intermediate article with an exposed surface of both the overcoated patterned interlayer and the substrate is formed, a coating of a buffer layer selected from the group consisting of cerium oxide, yttrium oxide, curium oxide, dysprosium oxide, erbium oxide, europium oxide, iron oxide, gadolinium oxide, holmium oxide, indium oxide, lanthanum oxide, manganese oxide, lutetium oxide, neodymium oxide, praseodymium oxide, plutonium oxide, samarium oxide, terbium oxide, thallium oxide, thulium oxide, yttrium oxide and ytterbium oxide over the entire exposed surface of the intermediate article, and, a ceramic superco n FIELD OF THE INVENTION The present invention relates to the field of superconducting articles having two distinct regions of superconductive material with differing in-plane orientations whereby the conductivity across the boundary between the two regions can be tailored. This invention is the result of a contract with the Department of Energy (Contract No. W-7405-ENG-36).

  16. Catalyst functionalized buffer sorbent pebbles for rapid separation of carbon dioxide from gas mixtures

    DOE Patents [OSTI]

    Aines, Roger D

    2015-03-31

    A method for separating CO.sub.2 from gas mixtures uses a slurried media impregnated with buffer compounds and coating the solid media with a catalyst or enzyme that promotes the transformation of CO.sub.2 to carbonic acid. Buffer sorbent pebbles with a catalyst or enzyme coating are provided for rapid separation of CO.sub.2 from gas mixtures.

  17. Catalyst functionalized buffer sorbent pebbles for rapid separation of carbon dioxide from gas mixtures

    DOE Patents [OSTI]

    Aines, Roger D.

    2013-03-12

    A method for separating CO.sub.2 from gas mixtures uses a slurried media impregnated with buffer compounds and coating the solid media with a catalyst or enzyme that promotes the transformation of CO.sub.2 to carbonic acid. Buffer sorbent pebbles with a catalyst or enzyme coating are provided for rapid separation of CO.sub.2 from gas mixtures.

  18. Method of deforming a biaxially textured buffer layer on a textured metallic substrate and articles therefrom

    DOE Patents [OSTI]

    Lee, Dominic F.; Kroeger, Donald M.; Goyal, Amit

    2000-01-01

    The present invention provides methods and biaxially textured articles having a deformed epitaxial layer formed therefrom for use with high temperature superconductors, photovoltaic, ferroelectric, or optical devices. A buffer layer is epitaxially deposited onto biaxially-textured substrates and then mechanically deformed. The deformation process minimizes or eliminates grooves, or other irregularities, formed on the buffer layer while maintaining the biaxial texture of the buffer layer. Advantageously, the biaxial texture of the buffer layer is not altered during subsequent heat treatments of the deformed buffer. The present invention provides mechanical densification procedures which can be incorporated into the processing of superconducting films through the powder deposit or precursor approaches without incurring unfavorable high-angle grain boundaries.

  19. Propagation of misfit dislocations from buffer/Si interface into Si

    DOE Patents [OSTI]

    Liliental-Weber, Zuzanna; Maltez, Rogerio Luis; Morkoc, Hadis; Xie, Jinqiao

    2011-08-30

    Misfit dislocations are redirected from the buffer/Si interface and propagated to the Si substrate due to the formation of bubbles in the substrate. The buffer layer growth process is generally a thermal process that also accomplishes annealing of the Si substrate so that bubbles of the implanted ion species are formed in the Si at an appropriate distance from the buffer/Si interface so that the bubbles will not migrate to the Si surface during annealing, but are close enough to the interface so that a strain field around the bubbles will be sensed by dislocations at the buffer/Si interface and dislocations are attracted by the strain field caused by the bubbles and move into the Si substrate instead of into the buffer epi-layer. Fabrication of improved integrated devices based on GaN and Si, such as continuous wave (CW) lasers and light emitting diodes, at reduced cost is thereby enabled.

  20. T-639: Debian update for libxml2 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Debian update for libxml2 T-639: Debian update for libxml2 June 7, 2011 - 3:35pm Addthis PROBLEM: libxml2 is vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code. PLATFORM: Package: libxml2 version 2.7.8. Other versions may also be affected ABSTRACT: Libxml2 XPath Nodeset Processing Vulnerability reference LINKS: Secunia Advisory: SA44817 Secunia Advisory: SA44711 DSA 2255-1 Vulnerability Report: Debian GNU/Linux 6.0 Download Package

  1. V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability

    Broader source: Energy.gov [DOE]

    The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution

  2. T-607: Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability.

  3. Climate variability and climate change vulnerability and adaptation. Workshop summary

    SciTech Connect (OSTI)

    Bhatti, N.; Cirillo, R.R.; Dixon, R.K.

    1995-12-31

    Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

  4. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT

  5. Buffer architecture for biaxially textured structures and method of fabricating same

    DOE Patents [OSTI]

    Norton, David P.; Park, Chan; Goyal, Amit

    2004-04-06

    The invention relates to an article with an improved buffer layer architecture comprising a substrate having a metal surface, and an epitaxial buffer layer on the surface of the substrate. The epitaxial buffer layer comprises at least one of the group consisting of ZrO.sub.2, HfO.sub.2, and compounds having at least one of Ca and a rare earth element stabilizing cubic phases of ZrO.sub.2 and/or HfO.sub.2. The article can also include a superconducting layer deposited on the epitaxial buffer layer. The article can also include an epitaxial capping layer between the epitaxial buffer layer and the superconducting layer. A method for preparing an epitaxial article comprises providing a substrate with a metal surface, depositing on the metal surface an epitaxial buffer layer comprising at least one material selected from the group consisting of ZrO.sub.2, HfO.sub.2, and compounds having at least one of Ca and a rare earth element stabilizing cubic phases of at least one of ZrO.sub.2 and HfO.sub.2. The epitaxial layer depositing step occurs in a vacuum with a background pressure of no more than 1.times.10.sup.-5 Torr. The method can further comprise depositing a superconducting layer on the epitaxial layer, and depositing an epitaxial capping layer between the epitaxial buffer layer and the superconducting layer.

  6. Reprogrammable read only variable threshold transistor memory with isolated addressing buffer

    DOE Patents [OSTI]

    Lodi, Robert J.

    1976-01-01

    A monolithic integrated circuit, fully decoded memory comprises a rectangular array of variable threshold field effect transistors organized into a plurality of multi-bit words. Binary address inputs to the memory are decoded by a field effect transistor decoder into a plurality of word selection lines each of which activates an address buffer circuit. Each address buffer circuit, in turn, drives a word line of the memory array. In accordance with the word line selected by the decoder the activated buffer circuit directs reading or writing voltages to the transistors comprising the memory words. All of the buffer circuits additionally are connected to a common terminal for clearing all of the memory transistors to a predetermined state by the application to the common terminal of a large magnitude voltage of a predetermined polarity. The address decoder, the buffer and the memory array, as well as control and input/output control and buffer field effect transistor circuits, are fabricated on a common substrate with means provided to isolate the substrate of the address buffer transistors from the remainder of the substrate so that the bulk clearing function of simultaneously placing all of the memory transistors into a predetermined state can be performed.

  7. GaAs buffer layer technique for vertical nanowire growth on Si substrate

    SciTech Connect (OSTI)

    Xu, Xiaoqing Parizi, Kokab B.; Huo, Yijie; Kang, Yangsen; Philip Wong, H.-S.; Li, Yang

    2014-02-24

    Gold catalyzed vapor-liquid-solid method is widely applied to IIIV nanowire (NW) growth on Si substrate. However, the easy oxidation of Si, possible Si contamination in the NWs, high defect density in the NWs, and high sensitivity of the NW morphology to growth conditions largely limit its controllability. In this work, we developed a buffer layer technique by introducing a GaAs thin film with predefined polarity as a template. It is found that samples grown on these buffer layers all have high vertical NW yields in general, due to the single-orientation of the buffer layers. Low temperature buffer with smoother surface leads to highest yield of vertical NWs, while high temperature (HT) buffer with better crystallinity results in perfect NW quality. The defect-free property we observed here is very promising for optoelectronic device applications based on GaAs NW. Moreover, the buffer layers can eliminate Si contamination by preventing Si-Au alloy formation and by increasing the thickness of the Si diffusion barrier, thus providing more flexibility to vertical NW growth. The buffer layer technique we demonstrated here could be easily extended to other III-V on Si system for electronic and photonic applications.

  8. Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

  9. Comparator circuits with local ramp buffering for a column-parallel single slope ADC

    DOE Patents [OSTI]

    Milkov, Mihail M.

    2016-04-26

    A comparator circuit suitable for use in a column-parallel single-slope analog-to-digital converter comprises a comparator, an input voltage sampling switch, a sampling capacitor arranged to store a voltage which varies with an input voltage when the sampling switch is closed, and a local ramp buffer arranged to buffer a global voltage ramp applied at an input. The comparator circuit is arranged such that its output toggles when the buffered global voltage ramp exceeds the stored voltage. Both DC- and AC-coupled comparator embodiments are disclosed.

  10. Method for making MgO buffer layers on rolled nickel or copper as superconductor substrates

    DOE Patents [OSTI]

    Paranthaman, Mariappan (Knoxville, TN); Goyal, Amit (Knoxville, TN); Kroeger, Donald M. (Knoxville, TN); List, III, Frederic A. (Andersonville, TN)

    2002-01-01

    Buffer layer architectures are epitaxially deposited on biaxially-textured rolled-Ni and/or Cu substrates for high current conductors, and more particularly buffer layer architectures such as MgO/Ag/Pt/Ni, MgO/Ag/Pd/Ni, MgO/Ag/Ni, MgO/Ag/Pd/Cu, MgO/Ag/Pt/Cu, and MgO/Ag/Cu. Techniques used to deposit these buffer layers include electron beam evaporation, thermal evaporation, rf magnetron sputtering, pulsed laser deposition, metal-organic chemical vapor deposition (MOCVD), combustion CVD, and spray pyrolysis.