National Library of Energy BETA

Sample records for flaws lets remote

  1. V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated...

  2. V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June...

  3. U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code September 18, 2012 -...

  4. T-574: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 10, 2011 - 3:05pm Addthis...

  5. U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access October 13, 2011 - 8:15am...

  6. V-218: HP Service Manager Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-029: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain Unauthorized Access...

  7. U-277: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were...

  8. T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE)

    Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service.

  9. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am ...

  10. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls ...

  11. V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am...

  12. V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service August 23, 2013 - 1:26am...

  13. V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote...

  14. V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle...

  15. V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am...

  16. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

  17. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or ...

  18. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Controls | Department of Energy 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  19. U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands PLATFORM: Struts 2.0.0 - Struts 2.3.1.1 ABSTRACT: A remote user can execute arbitrary code...

  20. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addresses | Department of Energy 39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20, 2012 - 7:00am Addthis PROBLEM: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses PLATFORM: Version(s): 6 beta 4 and prior versions ABSTRACT: A remote user can spoof SMS source addresses. Reference LINKS: SecurityTracker Alert ID: 1027410 Apple.com PCMag.com

  1. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE

  2. V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Spoof the Server | Department of Energy 65: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server May 28, 2013 - 12:46am Addthis PROBLEM: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server PLATFORM: Cisco WebEx for iOS 4.1, Other versions may also be affected. ABSTRACT: A vulnerability was reported in Cisco WebEx for iOS. REFERENCE LINKS:

  3. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sessions | Department of Energy 7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions September 27, 2011 - 8:00am Addthis PROBLEM: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions. PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows

  4. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. PLATFORM: Nexus 1000v, 5000, and 7000 Series Switches ABSTRACT: A remote user can send a specially crafted IP packet to cause the target device to reload. reference LINKS: Cisco

  5. T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Access or Modify SSL/TLS Sessions | Department of Energy 76: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions July 26, 2011 - 1:06am Addthis PROBLEM: A vulnerability was reported in Apple iOS. A remote user with the ability to conduct a man-in-the-middle attack can access or modify SSL/TLS sessions. PLATFORM: iOS 4.2.5

  6. T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service July...

  7. T-636: Wireshark Multiple Flaws Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  8. U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-699: EMC AutoStart Buffer Overflows Let Remote Users Execute Arbitrary Code U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System...

  9. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-033: Microsoft Security Bulletin Summary for November 2011 T-706: Microsoft Fraudulent Digital Certificate Issued by DigiNotar U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt ...

  10. U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    aixefixessecurityicmpfix.tar Addthis Related Articles U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service V-031: IBM WebSphere DataPower...

  11. T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain...

    Broader source: Energy.gov (indexed) [DOE]

    T-727:Microsoft Windows SSLTLS Protocol Flaw Lets Remote Users Decryption Sessions U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSLTLS Traffic and SSL Buffer Overflow Lets ...

  12. V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

  13. U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CTA 7.3.1 and later with Hotfix ESA-2012-034 Addthis Related Articles V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-036: EMC Smarts Network...

  14. U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service.

  15. U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system.

  16. U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions.

  17. U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system.

  18. U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.

  19. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.

  20. U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  1. U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  2. U-004:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  3. U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system

  4. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    overflow CVE-2012-0670. A specially crafted '.pict' file can trigger a memory corruption error CVE-2012-0671. Impact: A remote user can create a file that, when loaded by...

  5. T-662: ISC BIND Packet Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers.

  6. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information

  7. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute ... The vendor has issued a fix (16.0.0.282). Addthis Related Articles V-228: RealPlayer ...

  8. U-007: IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in IBM Rational AppScan. A remote user can cause arbitrary code to be executed on the target user's system.

  9. V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

  10. U-015: CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands

    Broader source: Energy.gov [DOE]

    Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  11. U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.

  12. U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Linux Kernel Netlink SCMCREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges U-242: Linux Kernel Netlink SCMCREDENTIALS Processing Flaw Lets Local Users Gain...

  13. V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges May...

  14. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Articles U-083:Oracle Critical Patch Update Advisory - January 2012 V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code T-576: Oracle Solaris Adobe Flash Player...

  15. V-179: Blackberry Z10 Flaw Lets Physically Local Users Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Blackberry Z10 Flaw Lets Physically Local Users Access the Device V-179: Blackberry Z10 Flaw Lets Physically Local Users Access the Device June 17, 2013 - 1:09am Addthis...

  16. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication...

  17. V-202: Cisco Video Surveillance Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive...

  18. V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks...

  19. V-220: Juniper Security Threat Response Manager Lets Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute...

  20. V-149: Microsoft Internet Explorer Object Access Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary...

  1. U-047: Siemens Automation License Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or...

  2. V-093: Symantec PGP Desktop Buffer Overflows Let Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users...

  3. U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    SDK and JRE 1.4.233 and prior ABSTRACT: A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or...

  4. V-127: Samba Bug Lets Remote Authenticated Users Modify Files...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was...

  5. T-704: RSA enVision Lets Remote Users View Files and Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain...

  6. U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting.

  7. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic...

    Office of Environmental Management (EM)

    59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSLTLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL...

  8. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload...

    Energy Savers [EERE]

    Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users ...

  9. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code ...

  10. V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive Resolvers V-172: ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive...

  11. U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain...

  12. U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers U-005: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers October 6,...

  13. U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain...

  14. U-046: Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers U-046: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers November 28, 2011 -...

  15. T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

    Broader source: Energy.gov [DOE]

    Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

  16. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information

    Broader source: Energy.gov [DOE]

    Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information.

  17. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Remote Users Conduct Cross-Site Scripting Attacks | Department of Energy 51: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks May 8, 2013 - 12:06am Addthis PROBLEM: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks

  18. V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari...

  19. V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks June 24, 2013 -...

  20. V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Samba smbd CPU Processing Loop Lets Remote Users Deny Service V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny Service August 6, 2013 - 6:00am Addthis PROBLEM: A...

  1. U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis...

  2. V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code...

  3. V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM:...

  4. V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote...

  5. V-144: HP Printers Let Remote Users Access Files on the Printer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: HP Printers Let Remote Users Access Files on the Printer V-144: HP Printers Let Remote Users Access Files on the Printer April 29, 2013 - 12:27am Addthis PROBLEM: HP Printers...

  6. V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis...

  7. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN ...

  8. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent...

  9. V-139: Cisco Network Admission Control Input Validation Flaw...

    Broader source: Energy.gov (indexed) [DOE]

    PROBLEM: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands PLATFORM: Cisco NAC Manager versions prior to 4.8.3.1 and 4.9.2 ABSTRACT: A...

  10. T-695: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code.

  11. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Buffer Overflow Lets Remote Users Execute Arbitrary Code | Department of Energy 59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute

  12. V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected

  13. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sensitive Information | Department of Energy 53: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information December 7, 2011 - 7:30am Addthis PROBLEM: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat

  14. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Arbitrary Code and Deny Service | Department of Energy 79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service October 11, 2012 - 6:00am Addthis PROBLEM: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: Version(s): prior to 4.1(9) ABSTRACT: Several vulnerabilities were reported in Cisco Firewall

  15. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code | Department of Energy 6: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code January 24, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in

  16. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially...

    Office of Environmental Management (EM)

    Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) ...

  17. U-082: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Lets Remote Users Execute Arbitrary Code January 17, 2012 - 1:00pm Addthis PROBLEM: PHP Null Pointer Dereference in zendstrndup() Lets Local Users Deny Service PLATFORM: PHP...

  18. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A ...

  19. T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 5: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code January 28, 2011 - 7:21am Addthis PROBLEM: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code. PLATFORM: RealPlayer 14.0.1 and prior versions ABSTRACT: A vulnerability was reported in RealPlayer. A remote user can

  20. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Password | Department of Energy 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker

  1. V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Login Anonymously | Department of Energy 5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously September 5, 2013 - 12:33am Addthis PROBLEM: A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously. PLATFORM: Cisco Mobility Services Engine ABSTRACT: A vulnerability in Cisco Mobility Services Engine could allow an

  2. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Commands on the Target System | Department of Energy 49: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System December 1, 2011 - 9:00am Addthis PROBLEM: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System. PLATFORM: IBM Tivoli Netcool Reporter prior to 2.2.0.8 ABSTRACT: A vulnerability was reported in IBM Tivoli Netcool

  3. V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Deny Service | Department of Energy 1: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service January 17, 2013 - 12:00am Addthis PROBLEM: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service PLATFORM: The vulnerability is reported in versions 8.7.1 and 8.7.1.1. ABSTRACT: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall

  4. V-109: Google Chrome WebKit Type Confusion Error Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 25.0.1364.160 ABSTRACT: A vulnerability was reported in...

  5. U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 91: cURL Lets Remote Users Decrypt SSL/TLS Traffic U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic January 30, 2012 - 6:45am Addthis PROBLEM: A vulnerability was reported in cURL. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) : Version(s): 7.10.6 through 7.23.1 ABSTRACT: A remote user can decrypt SSL/TLS sessions in certain cases. reference LINKS: CVE-2011-3389 SecurityTracker Alert ID: 1026587 Vendor Advisory IMPACT ASSESSMENT: Moderate Discussion: A remote user with the

  6. U-203: HP Photosmart Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions.

  7. U-176: Wireshark Multiple Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  8. V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Execute Arbitrary Code | Department of Energy 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS:

  9. T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Passwords | Department of Energy 92: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords August 12, 2011 - 3:47pm Addthis PROBLEM: A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password. PLATFORM: Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01 ABSTRACT: VMware vFabric tc

  10. U-137: HP Performance Manager Unspecified Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute...

  11. U-084: Cisco Digital Media Manager Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges....

  12. T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    The Cisco Content Services Gateway: Second Generation provides intelligent network capabilities such as flexible policy management and billing based on deep-packet inspection, as well as subscriber and application awareness capabilities that enable mobile operators to quickly and easily offer value-added, differentiated services over their mobile data networks. A DoS vulnerability exists in the Cisco Content Services Gateway: Second Generation could allow an unauthenticated attacker to cause a device reload by sending crafted ICMP messages to the affected device. Note: The Cisco Gateway GPRS Support Node (GGSN), the Cisco Mobile Wireless Home Agent (HA), the Cisco Wireless Security Gateway (WSG), the Cisco Broadband Wireless Gateway and Cisco IP Transfer Point (ITP), and the Cisco Long Term Evolution (LTE) Gateway are not affected. This vulnerability is documented in Cisco bug ID CSCtl79577 ( registered customers only) and has been assigned CVE ID CVE-2011-2064.

  13. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  14. T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server. This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6.

  15. V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1) An unspecified error when handling TeXML files can be exploited to cause memory corruption. 2) A boundary error when handling H.263 encoded movie files can be exploited to...

  16. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system - CVE-2010-1823,...

  17. T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash.

  18. U-227: bind-dyndb-ldap DN Escaping Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in bind-dyndb-ldap, which can be exploited by malicious people to cause a DoS (Denial of Service).

  19. V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) ...

  20. V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access

    Broader source: Energy.gov [DOE]

    This security update resolves a vulnerability in the HP Service Manager which allows people to have access to unauthorized information

  1. T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Windows Remote Desktop Client. A remote user can cause arbitrary code to be executed on the target user's system.

  2. V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

  3. V-227: VMware Workstation and Player vmware-mount Command Flaw...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Workstation and Player vmware-mount Command Flaw Lets Local Users Gain Root Privileges V-227: VMware Workstation and Player vmware-mount Command Flaw Lets Local Users Gain Root...

  4. U-006:Cisco Network Admission Control Manager Directory Traversal Flaw Lets Remote Users Obtain Potentially Sensitive Information

    Office of Energy Efficiency and Renewable Energy (EERE)

    An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.

  5. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  6. U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information.

  7. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system.

  8. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

    Energy Savers [EERE]

    iOS. A remote user can cause arbitrary code to be executed on the target user's system. ... A remote user can create a specially crafted file that, when loaded by the target user, ...

  9. T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases.

  10. U-118: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially information.

  11. U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system

  12. U-153: EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions.

  13. T-719:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can cause the backend server to remain in an error state until the retry timeout expires.

  14. U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Execution of arbitrary code via network A remote user can cause arbitrary code to be executed on the target

  15. U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

  16. U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands

    Broader source: Energy.gov [DOE]

    A remote user can create a URL that, when loaded by the target authenticated administrative user, will execute arbitrary commands on the target system.

  17. U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.

  18. T-718:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  19. U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  20. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  1. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration.

  2. U-036: Apple iOS Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create content that, when loaded by the target user, will execute arbitrary code on or obtain potentially sensitive information from the target user's system.

  3. U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can send a series of specially crafted TCP packets to trigger a kernel panic on the target system.

  4. U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system.

  5. T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system.

  6. U-201: HP System Management Homepage Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

  7. U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  8. T-692: VMware vFabric tc Server Lets Remote Users Login Using...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A remote user can login using an obfuscated version of their password. PLATFORM: ... user can use the password in obfuscated form (or in plain text form) to authenticate. ...

  9. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  10. V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data.

  11. U-192: VMware Workstation/Player VM Remote Device Bug Lets Local...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    aBSTRACT: A local or remote user can cause denial of service conditions on the target virtual system. reference LINKS: Vendor Advisory Security Tracker ID 1027173 CVE-2012-3289...

  12. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444 Bugtraq ID: 55184 CVE-2012-4595, CVE-2012-4596, CVE-2012-4597 IMPACT ASSESSMENT: Medium Discussion A remote...

  13. T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory

    Broader source: Energy.gov [DOE]

    The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software.

  14. T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  15. U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system.

  16. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7.1, and BlackBerry PlayBook tablet software ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's...

  17. V-235: Cisco Mobility Services Engine Configuration Error Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login ...

  18. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

  19. Flawed reasoning

    SciTech Connect (OSTI)

    Frankena, M.W.; Owen, B.M.

    1993-07-15

    The FERC's failure to investigate the Entergy/GSU merger's effects on market power may force other agencies to examine electric utility mergers on their own. The competitive effects of the proposed merger Entergy and Gulf States Utilities (GSU) will not be further investigated by the Federal Energy Regulatory Commission (FERC), according to a January 1993 order. The FERC's primary justification is that the [open quotes]open access[close quotes] transmission conditions offered by the merging parties eliminated concern over market power in transmission and bulk power. The FERC's reasoning is flawed. If the merger were to lead to an increase in market power, the proposed transmission conditions would not prevent the merged firm from exercising that power. The FERC also justifies its decision not to investigate the competitive effects of the merger on the grounds that no intervenor had demonstrated that present competition between the two systems is more than de minimis. This is not an appropriate standard. Intervenors demonstrated that Entergy's and GSU's transmission system offer alternative contract routes for bulk power between generators and customers. Even if Entergy and GSU both do not actually sell significant amounts of the same transmission-service, an antitrust evaluation should consider whether the availability of a second, independent route constrains the pricing of the first. The FERC's reasoning indicates that it has lost its way in carrying out its responsibilities to protect consumers. Open access to transmission systems may play an important role in increasing competition in bulk power markets. However, the FERC's goal should be to promote competition, not merely to open access for its own sake. In its enthusiasm to secure [open quotes]open access[close quotes], the FERC appears willing to ignore possible reductions in competition.

  20. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates

    Broader source: Energy.gov [DOE]

    A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases.

  1. Flaw detection and evaluation

    DOE Patents [OSTI]

    Wilks, Robert S.; Sturges, Jr., Robert H.

    1983-01-01

    The invention provides a method of and apparatus for optically inspecting nuclear fuel pellets for surface flaws. The inspection system includes a prism and lens arrangement for scanning the surface of each pellet as the same is rotated. The resulting scan produces data indicative of the extent and shape of each flaw which is employed to generate a flaw quality index for each detected flaw. The flaw quality indexes from all flaws are summed and compared with an acceptable surface quality index. The result of the comparison is utilized to control the acceptance or rejection of the pellet.

  2. U-074: Microsoft.NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary commands on the target system. A remote user can access a target user's account. A remote user can redirect users to arbitrary sites.

  3. U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate.

  4. U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system.

  5. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

  6. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL.

  7. U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause the target application to execute arbitrary code on the target user's system.

  8. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system

  9. U-177: Lotus Quickr for Domino ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Lotus Quickr for Domino. A remote user can cause arbitrary code to be executed on the target user's system.

  10. U-012: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in BlackBerry Enterprise Server. A remote user can impersonate another messaging user within the same organization.

  11. U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system.

  12. U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

  13. U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when processed by the target filter, will cause partial denial of service conditions.

  14. T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote DNS server can supply very large RRSIG RRsets in a negative response to trigger an off-by-one error in a buffer size check and cause the target requesting named process to crash. A remote user can cause named to crash.

  15. U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    Several vulnerabilities were reported in Apple OS X. A remote user can execute arbitrary code on the target system. A remote user can obtain a password hash in certain cases. A local user can obtain elevated privileges on the target system. A local user can obtain password keystrokes.

  16. T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Red Hat Directory Server. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A local user can cause denial of service conditions.

  17. T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.

  18. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access

    Broader source: Energy.gov [DOE]

    Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.

  19. U-029: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain Unauthorized Access U-029: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain...

  20. V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service ...

  1. T-703: Cisco Unified Communications Manager Open Query Interface Lets

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Obtain Database Contents | Department of Energy 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5

  2. U-081: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  3. T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists due to improper validation of program executables downloaded by the Cisco AnyConnect Secure Mobility Client. An unauthenticated, remote attacker could exploit the vulnerability by convincing the targeted user to view a malicious website. If successful, the attacker could execute arbitrary code on the system with the privileges of the user. Cisco confirmed the vulnerability in a security advisory and released software updates.

  4. The HMDS Coating Flaw Removal Tool

    SciTech Connect (OSTI)

    Monticelli, M V; Nostrand, M C; Mehta, N; Kegelmeyer, L; Johnson, M A; Fair, J; Widmayer, C

    2008-10-24

    In many high energy laser systems, optics with HMDS sol gel antireflective coatings are placed in close proximity to each other making them particularly susceptible to certain types of strong optical interactions. During the coating process, halo shaped coating flaws develop around surface digs and particles. Depending on the shape and size of the flaw, the extent of laser light intensity modulation and consequent probability of damaging downstream optics may increase significantly. To prevent these defects from causing damage, a coating flaw removal tool was developed that deploys a spot of decane with a syringe and dissolves away the coating flaw. The residual liquid is evacuated leaving an uncoated circular spot approximately 1mm in diameter. The resulting uncoated region causes little light intensity modulation and thus has a low probability of causing damage in optics downstream from the mitigated flaw site.

  5. V-153: Symantec Brightmail Gateway Input Validation Flaw Permits...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Symantec Brightmail Gateway Input Validation Flaw Permits Cross-Site Scripting Attacks V-153: Symantec Brightmail Gateway Input Validation Flaw Permits Cross-Site Scripting...

  6. U-252: Barracuda Web Filter Input Validation Flaws Permit Cross...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks U-252: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks September...

  7. V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote...

  8. ULTRASONIC FLAW DETECTION METHOD AND MEANS

    DOE Patents [OSTI]

    Worlton, D.C.

    1961-08-15

    A method of detecting subsurface flaws in an object using ultrasonic waves is described. An ultnasonic wave of predetermined velocity and frequency is transmitted to engage the surface of the object at a predetermined angle of inci dence thereto. The incident angle of the wave to the surface is determined with respect to phase velocity, incident wave velocity, incident wave frequency, and the estimated depth of the flaw so that Lamb waves of a particular type and mode are induced only in the portion of the object between the flaw and the surface. These Lamb waves are then detected as they leave the object at an angle of exit equal to the angle of incidence. No waves wlll be generated in the object and hence received if no flaw exists beneath the surface. (AEC)

  9. NON-DESTRUCTIVE FLAW DETECTION APPARATUS

    DOE Patents [OSTI]

    Stateman, M.J.; Holloway, H.R.

    1957-12-17

    An apparatus is described for the non-destructive detection of flaws in electrical conducting articles. The particular feature of the detection apparatus is that a flaw in the front or back of the test article will not be masked by signals caused by the passage of the end and front of the article through the detection apparatus. The present invention alleviates the above problem by mounting detection coils on directly opposite sides of the test passageway so that the axes of the pickup coils are perpendicular to the axis of an energizing coil through which the article is passed. A flaw in the article will cause a change in the voltage induced in one pickup coil, but passage of the end or front of the article will not produce unequal signals. The signals are compared in appropriate electrical circuitry to actuate a recorder only when unequal signals are present, indicating the presence of a flaw.

  10. Midland reactor pressure vessel flaw distribution

    SciTech Connect (OSTI)

    Foulds, J.R.; Kennedy, E.L.; Rosinski, S.T.

    1993-12-01

    The results of laboratory nondestructive examination (NDE), and destructive cross-sectioning of selected weldment sections of the Midland reactor pressure vessel were analyzed per a previously developed methodology in order to develop a flaw distribution. The flaw distributions developed from the NDE results obtained by two different ultrasonic test (UT) inspections (Electric Power Research Institute NDE Center and Pacific Northwest Laboratories) were not statistically significantly different. However, the distribution developed from the NDE Center`s (destructive) cross-sectioning-based data was found to be significantly different than those obtained through the UT inspections. A fracture mechanics-based comparison of the flaw distributions showed that the cross-sectioning-based data, conservatively interpreted (all defects considered as flaws), gave a significantly lower vessel failure probability when compared with the failure probability values obtained using the UT-based distributions. Given that the cross-sectioning data were reportedly biased toward larger, more significant-appearing (by UT) indications, it is concluded that the nondestructive examinations produced definitively conservative results. In addition to the Midland vessel inspection-related analyses, a set of twenty-seven numerical simulations, designed to provide a preliminary quantitative assessment of the accuracy of the flaw distribution method used here, were conducted. The calculations showed that, in more than half the cases, the analysis produced reasonably accurate predictions.

  11. Flaw Tolerance for Multiple Fatique Cracks

    SciTech Connect (OSTI)

    Gosselin, Stephen R.; Simonen, Fredric A.; Carter, R. G.

    2005-07-01

    This paper documents important details of the technical bases for changes to Appendix L. Calculations identified aspect ratios for equivalent single cracks (ESC) between the extremes of a 6:1 ratio and a full circumferential crack that can be used in Appendix L flaw tolerance assessments to account for the initiation, growth, and linking of multiple fatigue cracks. Probabilistic fracture mechanics (PFM) calculations determined ESC aspect ratios that result in the same through-wall crack probability as multiple small cracks (0.02 inch depth) that initiate and coalesce. The computations considered two materials (stainless and low alloy steels), three pipe diameters, five cyclic membrane-to-gradient stress ratios and a wide range of primary loads. Subsequent deterministic calculations identified the ESC aspect ratio for the hypothetical reference flaw depth assumptions in Appendix L. This paper also describes computations that compare the Appendix L flaw tolerance allowable operating period for the ESC models with results obtained when the a single default 6:1 aspect ratio reference flaw.

  12. U-144:Juniper Secure Access Input Validation Flaw Permits Cross...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4:Juniper Secure Access Input Validation Flaw Permits Cross-Site Scripting Attacks U-144:Juniper Secure Access Input Validation Flaw Permits Cross-Site Scripting Attacks April 10,...

  13. Sandia Wind-Turbine Blade Flaw Detection Experiments in Denmark

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Wind-Turbine Blade Flaw Detection Experiments in Denmark - Sandia Energy Energy Search ... Twitter Google + Vimeo GovDelivery SlideShare Sandia Wind-Turbine Blade Flaw Detection ...

  14. U-001:Symantec IM Manager Input Validation Flaws

    Broader source: Energy.gov [DOE]

    Symantec IM Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Code Execution Attacks.

  15. Procedure for flaw detection in cast stainless steel

    DOE Patents [OSTI]

    Kupperman, David S.

    1988-01-01

    A method of ultrasonic flaw detection in cast stainless steel components incorporating the steps of determining the nature of the microstructure of the cast stainless steel at the site of the flaw detection measurements by ultrasonic elements independent of the component thickness at the site; choosing from a plurality of flaw detection techniques, one such technique appropriate to the nature of the microstructure as determined and detecting flaws by use of the chosen technique.

  16. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    a critical vulnerability that allows for remote code execution June 12, 2013 V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code A...

  17. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    a critical vulnerability that allows for remote code execution June 12, 2013 V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code A...

  18. TASK PLAN: Tribal Issues Topic Group

    Office of Environmental Management (EM)

    Security Controls | Department of Energy 6: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  19. Non-destructive evaluation means and method of flaw reconstruction utilizing an ultrasonic multi-viewing transducer data acquistion system

    DOE Patents [OSTI]

    Thompson, Donald O.; Wormley, Samuel J.

    1989-03-28

    A multi-viewing ultrasound transducer acquisition system for non-destructive evaluation, flaw detection and flaw reconstruction in materials. A multiple transducer assembly includes a central transducer surrounded by a plurality of perimeter transducers, each perimeter transducer having an axis of transmission which can be angularly oriented with respect to the axis of transmission of the central transducer to intersect the axis of transmission of the central transducer. A control apparatus automatically and remotely positions the transducer assembly with respect to the material by a positioning apparatus and adjusts the pe GRANT REFERENCE This invention was conceived and reduced to practice at least in part under a grant from the Department of Energy under Contract No. W-7407-ENG-82.

  20. U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow ...

  1. T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet...

  2. V-120: EMC Smarts Network Configuration Manager Java RMI Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control...

  3. U-021: Cisco Unified Communications Manager Directory Traversal...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files. PLATFORM: Cisco Unified Communications Manager 6.x, 7.x and 8.x ABSTRACT: A vulnerability...

  4. Ultrasonic Flaw Detection of Cracks and Machined Flaws as Observed Through Austenitic Stainless Steel Piping Welds

    SciTech Connect (OSTI)

    Anderson, Michael T.; Cinson, Anthony D.; Crawford, Susan L.; Cumblidge, Stephen E.; Diaz, Aaron A.

    2009-07-01

    Piping welds in the pressure boundary of light water reactors (LWRs) are subject to a volumetric examination based on Section XI of the American Society of Mechanical Engineers (ASME) Boiler and Pressure Vessel Code. Due to access limitations and high background radiation levels, the technique used is primarily ultrasonic rather than radiographic. Many of the austenitic welds in safety-related piping systems provide limited access to both sides of the weld, so a far-side examination is necessary. Historically, far-side inspections have performed poorly because of the coarse and elongated grains that make up the microstructures of austenitic weldments. The large grains cause the ultrasound to be scattered, attenuated, and redirected. Additionally, grain boundaries or weld geometry may reflect coherent ultrasonic echoes, making flaw detection and discrimination a more challenging endeavor. Previous studies conducted at the Pacific Northwest National Laboratory (PNNL) on ultrasonic far-side examinations in austenitic piping welds involved the application of conventional transducers, use of low-frequency Synthetic Aperture Focusing Techniques (SAFT), and ultrasonic phased-array (PA) methods on specimens containing implanted thermal fatigue cracks and machined reflectors [1-2]. From these studies, PA inspection provided the best results, detecting nearly all of the flaws from the far side. These results were presented at the Fifth International Conference on NDE in Relation to Structural Integrity for Nuclear and Pressurised Components in 2006. This led to an invitation to examine field-removed specimens containing service-induced intergranular stress corrosion cracks (IGSCC) at the Electric Power Research Institute’s (EPRI) Nondestructive Evaluation (NDE) Center, in Charlotte, North Carolina. Results from this activity are presented.

  5. V-160: Wireshark Multiple Bugs Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    can be exploited to cause a crash via specially crafted packets. 6) An error in the MPEG DSM-CC dissector (dissectorspacket-mpeg-dsmcc.c) can be exploited to cause a crash via...

  6. V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    issued a fix (7.1.2). Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  7. U-193: NetBSD System Call Return Value Validation Flaw Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    On Intel CPUs, the sysret instruction can be manipulated into returning to specific non-canonical addresses, which may yield a CPU reset. We cannot currently rule out with utter confidence that this vulnerability could not also be used to execute code with kernel privilege instead of crashing the system.

  8. U-230: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5.

  9. Spotlight on Austin, Texas: Let Your Contractor Be Your Guide...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Your Contractor Be Your Guide for Big Rewards Spotlight on Austin, Texas: Let Your Contractor Be Your Guide for Big Rewards Spotlight on Austin, Texas: Let Your Contractor Be ...

  10. V-112: Microsoft SharePoint Input Validation Flaws Permit Cross...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks V-112: Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial...

  11. V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks May 31, 2013 - 6:00am Addthis...

  12. U-106: Citrix XenServer Multiple Flaws in Web Self Service Have...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact February 17, 2012...

  13. V-124: Splunk Web Input Validation Flaw Permits Cross-Site Scripting...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-124: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks April 2, 2013 - 1:13am Addthis...

  14. Fabrication Flaw Density and Distribution In Repairs to Reactor Pressure Vessel and Piping Welds

    SciTech Connect (OSTI)

    GJ Schuster, FA Simonen, SR Doctor

    2008-04-01

    The Pacific Northwest National Laboratory is developing a generalized fabrication flaw distribution for the population of nuclear reactor pressure vessels and for piping welds in U.S. operating reactors. The purpose of the generalized flaw distribution is to predict component-specific flaw densities. The estimates of fabrication flaws are intended for use in fracture mechanics structural integrity assessments. Structural integrity assessments, such as estimating the frequency of loss-of-coolant accidents, are performed by computer codes that require, as input, accurate estimates of flaw densities. Welds from four different reactor pressure vessels and a collection of archived pipes have been studied to develop empirical estimates of fabrication flaw densities. This report describes the fabrication flaw distribution and characterization in the repair weld metal of vessels and piping. This work indicates that large flaws occur in these repairs. These results show that repair flaws are complex in composition and sometimes include cracks on the ends of the repair cavities. Parametric analysis using an exponential fit is performed on the data. The relevance of construction records is established for describing fabrication processes and product forms. An analysis of these records shows there was a significant change in repair frequency over the years when these components were fabricated. A description of repair flaw morphology is provided with a discussion of fracture mechanics significance. Fabrication flaws in repairs are characterized using optimized-access, high-sensitivity nondestructive ultrasonic testing. Flaw characterizations are then validated by other nondestructive evaluation techniques and complemented by destructive testing.

  15. NON-DESTRUCTIVE METHOD AND MEANS FOR FLAW DETECTION

    DOE Patents [OSTI]

    Hochschild, R.

    1959-03-10

    BS>An improved method is presented for the nondestructive detection of flaws in olectrictilly conductivc articles using magnetic field. According to thc method a homogoneous mignetic field is established in the test article;it right angle" to the artyicle. A probe is aligned with its axis transverse to the translates so hat th4 probe scans the surface of the test article while the axis of the robe is transverse to the direction of translation of the article. In this manner any output current obtained in thc probe is an indication of the size and location of a flaw in the article under test, with a miiiimum of signal pick- up in the probe from the established magnetic field.

  16. T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw

    Broader source: Energy.gov [DOE]

    An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.

  17. Method for fabricating prescribed flaws in the interior of metals

    DOE Patents [OSTI]

    Hsu, David K.; Thompson, Donald O.

    1989-03-07

    The method for fabricating a metal body having a flaw of predetermined size and shape located therein comprises placing half of the metal powder required to make the metal body in the die of a press and pressing it to create a flat upper surface thereon. A piece of copper foil is cut to the size and shape of the desired interior crack and placed on the upper surface of the powder and centered in position. The remaining powder is then placed in the die to cover the copper foil. The powder is first cold pressed and removed from the press. The powder metal piece is then sintered in a furnace at a temperature above the melting point of the copper and below the melting point of the metal. It is then removed from the furnace, cooled to room temperature, and placed back in the die and pressed further. This procedure results in an interior flaw or crack. Modified forms of the method involve using a press-sinter-press-sinter cycle with the first sinter being below the melting point of the copper and the second sinter being above the melting point of the copper and below the melting point of the metal.

  18. Eddy current probe and method for flaw detection in metals

    DOE Patents [OSTI]

    Watjen, J.P.

    1987-06-23

    A flaw detecting system is shown which includes a probe having a pair of ferrite cores with in-line gaps in close proximity to each other. An insulating, non-magnetic, non-conducting holder fills the gaps and supports the ferrite cores in a manner such that the cores form a generally V-shape. Each core is provided with an excitation winding and a detection winding. The excitation windings are connected in series or parallel with an rf port for connection thereof to a radio frequency source. The detection windings, which are differentially wound, are connected in series circuit to a detector port for connection to a voltage measuring instrument. The ferrite cores at the in-line gaps directly engage the metal surface of a test piece, and the probe is scanned along the test piece. In the presence of a flaw in the metal surface the detection winding voltages are unbalanced, and the unbalance is detected by the voltage measuring instrument. The insulating holder is provided with a profile which conforms to that of a prominent feature of the test piece to facilitate movement of the probe along the feature, typically an edge or a corner. 9 figs.

  19. Eddy current probe and method for flaw detection in metals

    DOE Patents [OSTI]

    Watjen, John P.

    1987-06-23

    A flaw detecting system is shown which includes a probe having a pair of ferrite cores with in-line gaps in close proximity to each other. An insulating, non-magnetic, non-conducting holder fills the gaps and supports the ferrite cores in a manner such that the cores form a generally V-shape. Each core is provided with an excitation winding and a detection winding. The excitation windings are connected in series or parallel with an rf port for connection thereof to a radio frequency source. The detection windings, which are differentially wound, are connected in series circuit to a detector port for connection to a voltage measuring instrument. The ferrite cores at the in-line gaps directly engage the metal surface of a test piece, and the probe is scanned along the test piece. In the presence of a flaw in the metal surface the detection winding voltages are unbalanced, and the unbalance is detected by the voltage measuring instrument. The insulating holder is provided with a profile which conforms to that of a prominent feature of the test piece to facilitate movement of the probe along the feature, typically an edge or a corner.

  20. U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Scripting and URL Redirection Attacks | Department of Energy 12: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks July 13, 2012 - 7:00am Addthis PROBLEM: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks PLATFORM: RSA Authentication Manager 7.1 is vulnerable; other

  1. Defining a Possible Low LET Bystander Effect

    SciTech Connect (OSTI)

    Charles R. Geard

    2009-05-04

    Current radiation protection guidelines assume a linear response to ionizing radiations down through doses where epidemiological studies provide very limited to no information as to the propriety of such assumptions. The bystander response is a non-targeted effect which might impact such guidelines. These studies while clearly affirming a bystander response for high LET radiations, do not provide such affirmation for environmentally relevant low dose, low LET radiations. Caution and further study are necessary before making judgements that could impact on current standards.

  2. Fabrication Flaw Density and Distribution in the Repairs of Reactor Pressure Vessels

    SciTech Connect (OSTI)

    Schuster, George J.; Doctor, Steven R.; Simonen, Fredric A.

    2006-02-15

    The Pacific Northwest National Laboratory (PNNL) is developing a generalized flaw size and density distribution for the population of U.S. reactor pressure vessels (RPVs). The purpose of the generalized flaw distribution is to predict vessel specific flaw rates for use in probabilistic fracture mechanics calculations that estimate vessel failure probability. Considerable progress has been made on the construction of an engineering data base of fabrication flaws in U.S. nuclear RPVs. The fabrication processes and product forms used to construct U.S. RPVs are represented in the data base. A validation methodology has been developed for characterizing the flaws for size, shape, orientation, and composition. The relevance of construction records has been established for describing fabrication processes and product forms. The fabrication flaws were detected in material removed from cancelled nuclear power plants using high sensitivity nondestructive ultrasonic testing, and validated by other nondestructive evaluation (NDE) techniques, and complemented by destructive testing. This paper describes research that has generated data on welding flaws, which indicated that the largest flaws occur in weld repairs. Recent research results confirm that repair flaws are complex in composition and may include cracks on the repair ends. Section III of the American Society of Mechanical Engineers (ASME) Boiler and Pressure Vessel Code for nuclear power plant components requires radiographic examinations (RT) of welds and requires repairs for RT indications that exceed code acceptable sizes. PNNL has previously obtained the complete construction records for two RPVs. Analysis of these records show a significant change in repair frequency.

  3. INFOGRAPHIC: Let's Get to Work on Solar Soft Costs | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let's Get to Work on Solar Soft Costs INFOGRAPHIC: Let's Get to Work on Solar Soft Costs December 2, 2013 - 1:00pm Addthis Learn how soft costs are contributing to the price of ...

  4. Solar Decathlon 2015: Let the Competition Begin | Department...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Let the Competition Begin Solar Decathlon 2015: Let the Competition Begin February 13, 2014 - 1:00pm Addthis The Solar Decathlon competition has provided more than 17,000 college ...

  5. Sandia National Laboratories: Let it rain

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Let it rain By Karli Massey Thursday, September 01, 2016 Sandia's clean water stewards focus on stormwater runoff Sandia experts, students explore mechanical challenges at summer institute Environmental technical professional John Kay (4141) inspects a construction site at Sandia before a storm to ensure proper protection measures are in place near stormwater drains. Monsoon season is well underway in New Mexico and other areas across the Southwest. The flash floods caused by monsoon storms

  6. Remote Access

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Remote Access Remote Access Laboratory employees can access Research Library databases and products from offsite using our EZproxy service. This service is limited to LANL employees with active Z numbers and cryptocards. Access Electronic Collections with EZproxy Remote Access Journals - Books - Standards - Databases (WOK, etc) How to use EZproxy: From this page: Click on the icon above. From external site: Select "OFFSITE LANL Employee". Enter your Z number and Cryptocard passcode.

  7. T-701: Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks.

  8. U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site...

    Broader source: Energy.gov (indexed) [DOE]

    WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks PLATFORM: Version(s): prior to 3.4.1 ABSTRACT: Several vulnerabilities...

  9. T-602: BlackBerry Enterprise Server Input Validation Flaw in...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    02: BlackBerry Enterprise Server Input Validation Flaw in BlackBerry Web Desktop Manager Permits Cross-Site Scripting Attacks T-602: BlackBerry Enterprise Server Input Validation...

  10. Identify Structural Flaw Location and Type with an Inverse Algorithm of Resonance Inspection

    SciTech Connect (OSTI)

    Xu, Wei; Lai, Canhai; Sun, Xin

    2015-10-20

    To evaluate the fitness-for-service of a structural component and to quantify its remaining useful life, aging and service-induced structural flaws must be quantitatively determined in service or during scheduled maintenance shutdowns. Resonance inspection (RI), a non-destructive evaluation (NDE) technique, distinguishes the anomalous parts from the good parts based on changes in the natural frequency spectra. Known for its numerous advantages, i.e., low inspection cost, high testing speed, and broad applicability to complex structures, RI has been widely used in the automobile industry for quality inspection. However, compared to other contemporary direct visualization-based NDE methods, a more widespread application of RI faces a fundamental challenge because such technology is unable to quantify the flaw details, e.g. location, dimensions, and types. In this study, the applicability of a maximum correlation-based inverse RI algorithm developed by the authors is further studied for various flaw cases. It is demonstrated that a variety of common structural flaws, i.e. stiffness degradation, voids, and cracks, can be accurately retrieved by this algorithm even when multiple different types of flaws coexist. The quantitative relations between the damage identification results and the flaw characteristics are also developed to assist the evaluation of the actual state of health of the engineering structures.

  11. Development of flaw acceptance criteria for aging management of spent nuclear fuel multi-purpose canisters

    SciTech Connect (OSTI)

    Lam, Poh -Sang; Sindelar, Robert L.

    2015-03-09

    A typical multipurpose canister (MPC) is made of austenitic stainless steel and is loaded with spent nuclear fuel assemblies. The canister may be subject to service-induced degradation when it is exposed to aggressive atmospheric environments during a possibly long-term storage period if the permanent repository is yet to be identified and readied. Because heat treatment for stress relief is not required for the construction of an MPC, stress corrosion cracking may be initiated on the canister surface in the welds or in the heat affected zone. An acceptance criteria methodology is being developed for flaw disposition should the crack-like defects be detected by periodic in-service Inspection. The first-order instability flaw sizes has been determined with bounding flaw configurations, that is, through-wall axial or circumferential cracks, and part-through-wall long axial flaw or 360° circumferential crack. The procedure recommended by the American Petroleum Institute (API) 579 Fitness-for-Service code (Second Edition) is used to estimate the instability crack length or depth by implementing the failure assessment diagram (FAD) methodology. The welding residual stresses are mostly unknown and are therefore estimated with the API 579 procedure. It is demonstrated in this paper that the residual stress has significant impact on the instability length or depth of the crack. The findings will limit the applicability of the flaw tolerance obtained from limit load approach where residual stress is ignored and only ligament yielding is considered.

  12. Development of flaw acceptance criteria for aging management of spent nuclear fuel multiple-purpose canisters

    SciTech Connect (OSTI)

    Lam, P.; Sindelar, R.

    2015-03-09

    A typical multipurpose canister (MPC) is made of austenitic stainless steel and is loaded with spent nuclear fuel assemblies. The canister may be subject to service-induced degradation when it is exposed to aggressive atmospheric environments during a possibly long-term storage period if the permanent repository is yet to be identified and readied. Because heat treatment for stress relief is not required for the construction of an MPC, stress corrosion cracking may be initiated on the canister surface in the welds or in the heat affected zone. An acceptance criteria methodology is being developed for flaw disposition should the crack-like defects be detected by periodic In-service Inspection. The first-order instability flaw sizes has been determined with bounding flaw configurations, that is, through-wall axial or circumferential cracks, and part-through-wall long axial flaw or 360° circumferential crack. The procedure recommended by the American Petroleum Institute (API) 579 Fitness-for-Service code (Second Edition) is used to estimate the instability crack length or depth by implementing the failure assessment diagram (FAD) methodology. The welding residual stresses are mostly unknown and are therefore estimated with the API 579 procedure. It is demonstrated in this paper that the residual stress has significant impact on the instability length or depth of the crack. The findings will limit the applicability of the flaw tolerance obtained from limit load approach where residual stress is ignored and only ligament yielding is considered.

  13. V-198: Red Hat Enterprise MRG Messaging Qpid Python Certificate...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks V-198: Red Hat Enterprise MRG Messaging Qpid Python...

  14. V-195: RSA Authentication Manager Lets Local Users View the Administra...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password...

  15. Flaws Identification Using Eddy Current Differential Transducer and Artificial Neural Networks

    SciTech Connect (OSTI)

    Chady, T.; Lopato, P.

    2006-03-06

    In this paper we present a multi-frequency excitation eddy current differential transducer and dynamic neural models which were used to detect and identify artificial flaws in thin conducting plates. Plates are made of Inconel600. EDM notches have relative depth from 10% to 80% and length from 2 mm to 7 mm. All flaws were located on the opposite surface of the examined specimen. Measured signals were used as input for training and verifying dynamic neural networks with a moving window. Wide range of ANN (Artificial Neural Network) structures are examined for different window length and different number of frequency components in excitation signal. Observed trends are presented in this paper.

  16. V-229: IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Attacks | Department of Energy 9: IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks V-229: IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks August 28, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in IBM Lotus iNotes PLATFORM: IBM Lotus iNotes 8.5.x ABSTRACT: IBM Lotus iNotes 8.5.x contains four cross-site scripting vulnerabilities REFERENCE LINKS: Security Tracker Alert ID 1028954 IBM Security Bulletin 1647740

  17. Apparatus and method for detecting and/or measuring flaws in conductive material

    DOE Patents [OSTI]

    Hockey, Ronald L.; Riechers, Douglas M.

    2000-01-01

    The present invention uses a magnet and sensor coil unilaterial and in relative motion to a conductive material, to measure perturbation or variation in the magnetic field in the presence of a flaw. A liftoff compensator measures a distance between the conductive material and the magnet.

  18. Anisotropic determination and correction for ultrasonic flaw detection by spectral analysis

    DOE Patents [OSTI]

    Adler, Laszlo; Von Cook, K.; Simpson, Jr., William A.; Lewis, D. Kent

    1978-01-01

    The anisotropic nature of a material is determined by measuring the velocity of an ultrasonic longitudinal wave and a pair of perpendicular ultrasonic shear waves through a sample of the material each at a plurality of different angles in three planes orthogonal to each other. The determined anisotropic nature is used as a correction factor in a spectral analyzing system of flaw determination.

  19. U-073: Bugzilla Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Bugzilla. A remote user can conduct cross-site scripting attacks.

  20. Flaw Stability Considering Residual Stress for Aging Management of Spent Nuclear Fuel Multiple-Purpose Canisters

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Lam, Poh-Sang; Sindelar, Robert L.

    2016-04-28

    A typical multipurpose canister (MPC) is made of austenitic stainless steel and is loaded with spent nuclear fuel assemblies. Because heat treatment for stress relief is not required for the construction of the MPC, the canister is susceptible to stress corrosion cracking in the weld or heat affected zone regions under long-term storage conditions. Logic for flaw acceptance is developed should crack-like flaws be detected by Inservice Inspection. The procedure recommended by API 579-1/ASME FFS-1, Fitness-for-Service, is used to calculate the instability crack length or depth by failure assessment diagram. It is demonstrated that the welding residual stress has amore » strong influence on the results.« less

  1. U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems.

  2. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    in certain cases. reference LINKS: Vendor Advisory Security Tracker ID 1026744 CVE-2012-0866 IMPACT ASSESSMENT: Medium Discussion: For trigger functions marked SECURITY...

  3. U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ID: 1026774 Apple Security Updates About the security content of iOS 5.1 Software Update CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585,...

  4. U-110: Samba Bug Lets Remote Users Execute Arbitrary Code | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    code on the target system. reference LINKS: Vendor Advisory Security Tracker ID 1026739 CVE-2012-0870 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Samba....

  5. T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker.

  6. U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead were reported in Adobe Flash Player.

  7. V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2013-1009,...

  8. U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2011-3016, CVE-2011-3021,...

  9. V-199: Solaris Bugs Let Local Users Gain Root Privileges, Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    recommends applying July Critical Patch Update Addthis Related Articles V-181: Oracle Java SE Critical Patch Update Advisory - June 2013 V-051: Oracle Solaris Java Multiple...

  10. V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers

    Broader source: Energy.gov [DOE]

    A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c