Powered by Deep Web Technologies
Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

U-191: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

91: Oracle Java Multiple Vulnerabilities 91: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes.

2

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

3

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

4

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

5

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

6

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM Maximo Asset Management Products Java Multiple 61: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

7

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple 1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

8

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Attachmate Reflection Products Java Multiple Vulnerabilities 2: Attachmate Reflection Products Java Multiple Vulnerabilities V-022: Attachmate Reflection Products Java Multiple Vulnerabilities November 13, 2012 - 1:00am Addthis PROBLEM: Attachmate Reflection Products Java Multiple Vulnerabilities PLATFORM: Reflection X 2011 Reflection Suite for X 2011 Reflection for Secure IT Server for Windows Reflection for Secure IT Client and Server for UNIX ABSTRACT: Security issues related to Reflection PKI Services Manager REFERENCE LINKS: PKI Services Manager Technical Note 2560 Secunia Advisory SA51256 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 IMPACT ASSESSMENT: High DISCUSSION: Attachmate has acknowledged multiple vulnerabilities in some Reflection

9

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Data Studio Web Console Java Multiple Vulnerabilities 8: IBM Data Studio Web Console Java Multiple Vulnerabilities V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities June 14, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE REFERENCE LINKS: Secunia Advisory SA53778 IBM Flash Alert 1640533 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: High DISCUSSION: An unspecified vulnerability within the JSSE component could allow: 1) A remote attacker to cause a denial of service 2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of

10

V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Oracle Solaris Java Multiple Vulnerabilities 1: Oracle Solaris Java Multiple Vulnerabilities V-051: Oracle Solaris Java Multiple Vulnerabilities December 20, 2012 - 12:15am Addthis PROBLEM: Oracle Solaris Java Multiple Vulnerabilities PLATFORM: Oracle Solaris 11.x ABSTRACT: Oracle has acknowledged multiple vulnerabilities in Java included in Solaris REFERENCE LINKS: Secunia Advisory: SA51618 Secunia Advisory: SA50949 Third Party Vulnerability Resolution Blog in Java 7U9 Third Party Vulnerability Resolution Blog in Java 6U37 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5067 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084

11

U-158: HP NonStop Server Java Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP NonStop Server Java Multiple Vulnerabilities 8: HP NonStop Server Java Multiple Vulnerabilities U-158: HP NonStop Server Java Multiple Vulnerabilities April 30, 2012 - 7:00am Addthis PROBLEM: HP NonStop Server Java Multiple Vulnerabilities PLATFORM: HP NonStop Server 6.x ABSTRACT: Multiple vulnerabilities have been reported in HP NonStop Server Reference links: Secunia Advisory SA48977 CVE-2011-3547 CVE-2011-3551 CVE-2011-3553 IMPACT ASSESSMENT: High Discussion: HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact: Successful exploitation of this vulnerability may allow remote manipulation

12

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-214: HP Network Node Manager Java JDK / JRE Multiple U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

13

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager Java JDK / JRE Multiple 4: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

14

V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities July 29, 2013...

15

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilit...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis...

16

V-145: IBM Tivoli Federated Identity Manager Products Java Multiple...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 -...

17

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java. IMPACT: Apache can be exploited by malicious people to conduct spoofing attacks. SOLUTION: The vendor has issued a fix. Addthis Related Articles

18

V-145: IBM Tivoli Federated Identity Manager Products Java Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: IBM Tivoli Federated Identity Manager Products Java Multiple 5: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 - 12:09am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities PLATFORM: IBM Tivoli Federated Identity Manager versions 6.1, 6.2.0, 6.2.1, and 6.2.2. IBM Tivoli Federated Identity Manager Business Gateway versions 6.1.1, 6.2.0, 6.2.1 and 6.2.2. ABSTRACT: IBM has acknowledged a weakness and two vulnerabilities in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway REFERENCE LINKS: IBM Reference #:1634544 Secunia Advisory SA53233 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: Medium DISCUSSION: CVE-2013-0440 - Unspecified vulnerability in IBM Java

19

V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli Application Dependency Discovery Manager Java 2: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities March 29, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli Application Dependency Discovery Manager PLATFORM: The vulnerabilities are reported in version 7.2.0.0 through 7.2.1.3 ABSTRACT: Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager. REFERENCE LINKS: Secunia Advisory SA52829 IBM Security Bulletin 1631786 CVE-2012-1531 CVE-2012-3143 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-5069 CVE-2012-5071 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

20

V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli Application Dependency Discovery Manager Java 2: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities March 29, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli Application Dependency Discovery Manager PLATFORM: The vulnerabilities are reported in version 7.2.0.0 through 7.2.1.3 ABSTRACT: Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager. REFERENCE LINKS: Secunia Advisory SA52829 IBM Security Bulletin 1631786 CVE-2012-1531 CVE-2012-3143 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-5069 CVE-2012-5071 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-205: IBM Tivoli System Automation for Multiplatforms Java V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities July 29, 2013 - 4:20am Addthis PROBLEM: IBM has acknowledged a weakness and multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system. PLATFORM: The weakness and the vulnerabilities are reported in versions 3.1 through 3.2.2 running on AIX, Linux, Solaris, and Windows.

22

V-122: IBM Tivoli Application Dependency Discovery Manager Java...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities March...

23

U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let...

24

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Lotus Domino Multiple Vulnerabilities 8: IBM Lotus Domino Multiple Vulnerabilities V-118: IBM Lotus Domino Multiple Vulnerabilities March 25, 2013 - 12:40am Addthis PROBLEM: IBM Lotus Domino Multiple Vulnerabilities PLATFORM: IBM Domino 8.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Lotus Domino REFERENCE LINKS: IBM Reference #:1627597 Secunia Advisory SA52753 CVE-2012-6277 CVE-2013-0486 CVE-2013-0487 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access. Successful exploitation may require certain knowledge of Domino server configuration. 2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

25

V-207: Wireshark Multiple Denial of Service Vulnerabilities ...  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

26

V-019: Google Chrome Multiple Vulnerabilities | Department of...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Google Chrome Multiple Vulnerabilities V-019: Google Chrome Multiple Vulnerabilities November 8, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

27

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple...

28

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

94: IBM Multiple Products Multiple Vulnerabilities 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1 IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2 ABSTRACT: A weakness and multiple vulnerabilities have been reported in multiple IBM products. REFERENCE LINKS: IBM Reference #:1625624 IBM Product Security Incident Response Blog Secunia Advisory SA52132

29

U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

SMB share and repairing the installation. 4) An unspecified error within the JavaScript API can be exploited to corrupt memory. NOTE: This vulnerability affects the Macintosh and...

30

T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

31

U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Oracle Java Runtime Environment (JRE) Multiple Flaws Let 4: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2011 - 6:00pm Addthis PROBLEM: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service. PLATFORM: Oracle JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior ABSTRACT: A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system. reference LINKS: Oracle Critical Patch Updates and Security Alerts

32

U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: Oracle Java Runtime Environment (JRE) Multiple Flaws Let 14: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2011 - 6:00pm Addthis PROBLEM: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service. PLATFORM: Oracle JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior ABSTRACT: A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system. reference LINKS: Oracle Critical Patch Updates and Security Alerts

33

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Shockwave Player Multiple Vulnerabilities 1: Adobe Shockwave Player Multiple Vulnerabilities V-131: Adobe Shockwave Player Multiple Vulnerabilities April 11, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Shockwave Player PLATFORM: The vulnerabilities are reported in versions 12.0.0.112 and prior ABSTRACT: This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system REFERENCE LINKS: Secunia Advisory: SA52981 Adobe Security Bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385 CVE-2013-1386 IMPACT ASSESSMENT: High DISCUSSION: This update resolves : 1) A buffer overflow vulnerability that could lead to code execution 2) Memory corruption vulnerabilities that could lead to code execution 3) Memory leakage vulnerability that could be exploited to reduce the

34

T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities 6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities March 14, 2011 - 3:05pm Addthis PROBLEM: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. PLATFORM: Sun Solaris 10 ABSTRACT: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. reference LINKS: Secunia Advisory: SA43747 Oracle Sun Advisory: CVE Multiple Vulnerabilities in Adobe Flash Player Secure List: SA43747 Oracle Sun Support Adobe Flash Player for Linux and Solaris IMPACT ASSESSMENT: High Discussion: Oracle has acknowledged multiple vulnerabilities in Solaris, which can be exploited by malicious people to disclose sensitive information, bypass

35

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

36

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

37

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

38

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

62: Drupal Multiple Vulnerabilities 62: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

39

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

162: Drupal Multiple Vulnerabilities 162: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

40

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Multiple Vulnerabilities 1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: versions prior to 26.0.1410.43. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Secunia Advisory SA52761 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. IMPACT: 1) A use-after-free error exists in Web Audio.

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Vulnerabilities 5: Google Chrome Multiple Vulnerabilities V-105: Google Chrome Multiple Vulnerabilities March 6, 2013 - 12:09am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome prior to 25.0.1364.152. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA52454 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities in Google Chrome may have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in frame loader. 2) A use-after-free error exists in browser navigation handling.

42

U-104: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Flash Player Multiple Vulnerabilities 4: Adobe Flash Player Multiple Vulnerabilities U-104: Adobe Flash Player Multiple Vulnerabilities February 16, 2012 - 6:30am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. reference LINKS: Adobe Security Bulletin Secunia Advisory 48033 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Adobe Flash Player, which

43

U-249: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

49: Google Chrome Multiple Vulnerabilities 49: Google Chrome Multiple Vulnerabilities U-249: Google Chrome Multiple Vulnerabilities August 31, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome 21.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome. reference LINKS: Secunia Advisory SA50447 Stable Channel Update CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An out-of-bounds read error exists when handling line breaks. 2) A bad cast error exists within run-ins.

44

T-540: Sybase EAServer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: Sybase EAServer Multiple Vulnerabilities 40: Sybase EAServer Multiple Vulnerabilities T-540: Sybase EAServer Multiple Vulnerabilities January 24, 2011 - 6:16am Addthis PROBLEM: Sybase EAServer Multiple Vulnerabilities PLATFORM: Sybase EAServer versions 6.3 and prior ABSTRACT: Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information. Sybase EAServer versions 6.3 and prior are affected. reference LINKS: Bugtraq ID: 45809 SyBase Advisory IMPACT ASSESSMENT: Medium Discussion: Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over

45

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

46

V-097: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Google Chrome Multiple Vulnerabilities 7: Google Chrome Multiple Vulnerabilities V-097: Google Chrome Multiple Vulnerabilities February 22, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome PLATFORM: The vulnerabilities are reported in versions prior to Google Chrome 24.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52320 Chrome Stable Channel Update CVE-2013-0879 CVE-2013-0880 CVE-2013-0881 CVE-2013-0882 CVE-2013-0883 CVE-2013-0884 CVE-2013-0885 CVE-2013-0886 CVE-2013-0887 CVE-2013-0888 CVE-2013-0889 CVE-2013-0890 CVE-2013-0891 CVE-2013-0892 CVE-2013-0893

47

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

48

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

49

V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Adobe Flash Player / AIR Multiple Vulnerabilities 0: Adobe Flash Player / AIR Multiple Vulnerabilities V-090: Adobe Flash Player / AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player / AIR Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.5.502.149 and prior for Windows and Macintosh Adobe Flash Player versions 11.2.202.262 and prior for Linux Adobe Flash Player versions 11.1.115.37 and prior for Android 4.x Adobe Flash Player versions 11.1.111.32 and prior for Android 3.x and 2.x Adobe AIR versions 3.5.0.1060 and prior Adobe AIR versions 3.5.0.1060 SDK and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR. REFERENCE LINKS: Vulnerability identifier: APSB13-05 Secunia Advisory SA52166 CVE-2013-0637 CVE-2013-0638 CVE-2013-0639

50

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

51

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

52

U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities 6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities December 22, 2011 - 6:30am Addthis PROBLEM: Mozilla Firefox / Thunderbird Multiple Vulnerabilities . PLATFORM: Mozilla Firefox 8.x and Mozilla Thunderbird 8.x ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. reference LINKS: Advisory 2011-53 Advisory 2011-54 Advisory 2011-55 Advisory 2011-56 Advisory 2011-57 Advisory 2011-58 Secunia Advisory: SA47302 IMPACT ASSESSMENT: High Discussion: Vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further

53

V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox Multiple Vulnerabilities 6: Mozilla Firefox Multiple Vulnerabilities V-126: Mozilla Firefox Multiple Vulnerabilities April 4, 2013 - 6:00am Addthis PROBLEM: Mozilla Firefox Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 20.0 ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52770 Secunia Advisory SA52293 Mozilla Security Announcement mfsa2013-30 Mozilla Security Announcement mfsa2013-31 Mozilla Security Announcement mfsa2013-32 Mozilla Security Announcement mfsa2013-34 Mozilla Security Announcement mfsa2013-35

54

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Multiple Vulnerabilities 4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system. PLATFORM: Google Chrome 28.x ABSTRACT: The vulnerabilities are reported in versions prior to 29.0.1547.57 REFERENCE LINKS: Secunia Advisory ID: 1028921 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose

55

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

56

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

57

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

58

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Mozilla Firefox Multiple Vulnerabilities 4: Mozilla Firefox Multiple Vulnerabilities V-214: Mozilla Firefox Multiple Vulnerabilities August 8, 2013 - 2:16am Addthis PROBLEM: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. PLATFORM: Mozilla Firefox 22.x ABSTRACT: The vulnerabilities are reported in versions prior to 23.0. REFERENCE LINKS: Secunia Advisory SA54418 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can

59

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

60

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Unified Customer Voice Portal (CVP) Multiple 2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT: Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. REFERENCE LINKS: Secunia Advisory SA53306 Cisco Advisory ID cisco-sa-20130508-cvp Cisco Applied Mitigation Bulletin CVE-2013-1220 CVE-2013-1221 CVE-2013-1222 CVE-2013-1223 CVE-2013-1224 CVE-2013-1225 IMPACT ASSESSMENT: Medium DISCUSSION:

62

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Multiple Vulnerabilities 8: Google Chrome Multiple Vulnerabilities V-208: Google Chrome Multiple Vulnerabilities August 1, 2013 - 2:32am Addthis PROBLEM: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. PLATFORM: Google Chrome 28.x ABSTRACT: Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54325 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to

63

U-198: IBM Lotus Expeditor Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

64

U-100: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Vulnerabilities 0: Google Chrome Multiple Vulnerabilities U-100: Google Chrome Multiple Vulnerabilities February 10, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. PLATFORM: Google Chrome 16.x ABSTRACT: A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Reference LINKS: Google Announcements and Release Channel Secunia Advisory SA47938 Security Tracker ID 1026654 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some

65

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Security AppScan Enterprise Multiple Vulnerabilities 9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security AppScan Enterprise Multiple Vulnerabilities PLATFORM: IBM Rational AppScan 5.x IBM Rational AppScan 8.x ABSTRACT: IBM has acknowledged multiple vulnerabilities REFERENCE LINKS: IBM Reference #:1626264 Secunia Advisory SA52764 CVE-2008-4033 CVE-2012-4431 CVE-2012-5081 CVE-2013-0473 CVE-2013-0474 CVE-2013-0510 CVE-2013-0511 CVE-2013-0512 CVE-2013-0513 CVE-2013-0532 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a

66

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Multiple vulnerabilities have been reported in Puppet 1: Multiple vulnerabilities have been reported in Puppet V-111: Multiple vulnerabilities have been reported in Puppet March 14, 2013 - 12:12am Addthis PROBLEM: Multiple vulnerabilities have been reported in Puppet PLATFORM: Puppet 2.x Puppet 3.x Puppet Enterprise 1.x Puppet Enterprise 2.x ABSTRACT: Puppet Multiple Vulnerabilities REFERENCE LINKS: Puppet Blog Secunia Advisory SA52596 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request. 2) An input validation error exists in the application and can be exploited

67

Integrating multiple clinical information systems using the Java Message Service framework  

E-Print Network (OSTI)

Information Systems using the Java Message Service FrameworkInformation Systems using the Java Message Service Frameworkusing Sun Microsystems’ Java programming language. The Java

Tellis, W M; Andriole, K P

2004-01-01T23:59:59.000Z

68

V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox Multiple Vulnerabilities 7: Mozilla Firefox Multiple Vulnerabilities V-187: Mozilla Firefox Multiple Vulnerabilities June 27, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Mozilla Firefox PLATFORM: Mozilla Firefox 21.x ABSTRACT: These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53970 Secunia Advisory SA53953 Mozilla Advisory mfsa2013-49 Mozilla Advisory mfsa2013-50 Mozilla Advisory mfsa2013-51 Mozilla Advisory mfsa2013-53 Mozilla Advisory mfsa2013-55 Mozilla Advisory mfsa2013-56 Mozilla Advisory mfsa2013-59 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685

69

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

70

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-180: IBM Application Manager For Smart Business Multiple V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin 1640752 Secunia Advisory SA53844 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

71

U-187: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Multiple Vulnerabilities 7: Adobe Flash Player Multiple Vulnerabilities U-187: Adobe Flash Player Multiple Vulnerabilities June 11, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Flash Player PLATFORM: Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux Adobe Flash Player 11.1.115.8 and earlier for Android 4.x Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android ABSTRACT: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates

72

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

73

U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

35: Adobe Flash Player Multiple Vulnerabilities 35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should

74

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerabilit...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java....

75

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

76

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

77

T-686: IBM Tivoli Integrated Portal Java Double Literal Denial...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

686: IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability T-686: IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability August...

78

T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Drupal Prepopulate - Multiple vulnerabilities 7: Drupal Prepopulate - Multiple vulnerabilities T-657: Drupal Prepopulate - Multiple vulnerabilities June 29, 2011 - 3:34pm Addthis PROBLEM: Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. PLATFORM: Prepopulate module for Drupal 6.x versions prior to 6.x-2.2 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2011-023 Prepopulate module Prepopulate 6.x-2.2 Update IMPACT ASSESSMENT: High Discussion: The Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. Users privileged to

79

T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Xen Multiple Buffer Overflow and Integer Overflow 6: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities May 19, 2011 - 3:05pm Addthis PROBLEM: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities PLATFORM: XenSource Xen 3.3.1, XenSource Xen 3.3, XenSource Xen 3.2, XenSource Xen 3.1.2, XenSource Xen 3.1.1, XenSource Xen 3.0.3, XenSource Xen 4.0, XenSource Xen 3.0, RedHat Enterprise Linux Virtualization 5 server, RedHat Enterprise Linux Desktop Multi OS 5 client ,RedHat Enterprise Linux 5 server, Red Hat Fedora 15 ,and Red Hat Enterprise Linux Desktop 5 client ABSTRACT: It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the

80

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mac RealPlayer Multiple Vulnerabilities 2: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: Mac RealPlayer Multiple Vulnerabilities 42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

82

V-211: IBM iNotes Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

83

T-658: Java for Mac OS X 10.6 Update 5 & Java for Mac OS X 10.5 Update 10 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Java for Mac OS X 10.6 Update 5 & Java for Mac OS X 10.5 8: Java for Mac OS X 10.6 Update 5 & Java for Mac OS X 10.5 Update 10 T-658: Java for Mac OS X 10.6 Update 5 & Java for Mac OS X 10.5 Update 10 June 30, 2011 - 3:22pm Addthis PROBLEM: Java for Mac OS X 10.6 Update 5 & Java for Mac OS X 10.5 Update 10 PLATFORM: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.6 and later, Mac OS X Server v10.6.6 and later ABSTRACT: Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_26. Further information is available via the Java

84

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

85

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

86

V-070: Apache CouchDB Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache CouchDB Multiple Vulnerabilities 0: Apache CouchDB Multiple Vulnerabilities V-070: Apache CouchDB Multiple Vulnerabilities January 16, 2013 - 1:00am Addthis PROBLEM: Apache CouchDB Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.0.4, 1.1.2, and 1.2.1. ABSTRACT: Multiple vulnerabilities have been reported in Apache CouchDB REFERENCE LINKS: Secunia Advisory SA51765 Seclists.org/fulldisclosure/2013/Jan/80 Seclists.org/fulldisclosure/2013/Jan/81 Seclists.org/fulldisclosure/2013/Jan/82 CVE-2012-5641 CVE-2012-5649 CVE-2012-5650 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed via the query parameters to browser-based test suite is not

87

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities 3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities January 26, 2011 - 7:35am Addthis PROBLEM: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. PLATFORM: Wireshark 0.8.20 through 1.2.8. ABSTRACT: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application. reference LINKS: Securityfocus IMPACT ASSESSMENT: Medium Discussion: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.Exploiting these issues may allow attackers to crash the

88

U-087: HP-UX update for Java | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: HP-UX update for Java 7: HP-UX update for Java U-087: HP-UX update for Java January 24, 2012 - 7:00am Addthis PROBLEM: HP issued an update for Java in HP-UX to address multiple vulnerabilities. PLATFORM: HP-UX 11.x ABSTRACT: Multiple vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information. reference LINKS: Secunia Advisory 47709 Secunia Advisory 46512 HP Support Document IMPACT ASSESSMENT: High Discussion: The vulnerabilities are reported in versions B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 6.0.12 and prior. Vulnerabilities inlcude the ability to hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a

89

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: ISC DHCP Multiple Denial of Service Vulnerabilities 4: ISC DHCP Multiple Denial of Service Vulnerabilities U-224: ISC DHCP Multiple Denial of Service Vulnerabilities July 31, 2012 - 7:00am Addthis PROBLEM: ISC DHCP Multiple Denial of Service Vulnerabilities PLATFORM: ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1 ABSTRACT: ISC DHCP is prone to multiple denial-of-service vulnerabilities. reference LINKS: BIND and DHCP Security Updates Released Bugtraq ID: 54665 Secunia Advisory SA50018 CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests

90

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities August 6, 2012 - 7:00am Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions 2.0.1.358 and earlier. ABSTRACT: Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software reference LINKS: BlackBerry Article ID: KB31675 Secunia Advisory SA50164 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0773 CVE-2012-0779 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

91

U-105:Oracle Java SE Critical Patch Update Advisory | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5:Oracle Java SE Critical Patch Update Advisory 5:Oracle Java SE Critical Patch Update Advisory U-105:Oracle Java SE Critical Patch Update Advisory February 16, 2012 - 11:45am Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory PLATFORM: 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior ABSTRACT: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. reference LINKS: Oracle Java SE Critical Patch Critical Patch Security Alerts SecurityTracker Alert ID: 1026688 Secunia Advisory: SA48009 Red Hat advisory IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java

92

U-105:Oracle Java SE Critical Patch Update Advisory | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

05:Oracle Java SE Critical Patch Update Advisory 05:Oracle Java SE Critical Patch Update Advisory U-105:Oracle Java SE Critical Patch Update Advisory February 16, 2012 - 11:45am Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory PLATFORM: 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior ABSTRACT: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. reference LINKS: Oracle Java SE Critical Patch Critical Patch Security Alerts SecurityTracker Alert ID: 1026688 Secunia Advisory: SA48009 Red Hat advisory IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java

93

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

211: IBM iNotes Multiple Vulnerabilities 211: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

94

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

95

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

202: Apple QuickTime Multiple Stack Overflow Vulnerabilities 202: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

96

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Stack Overflow Vulnerabilities 2: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

97

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

98

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

99

U-171: DeltaV Products Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

71: DeltaV Products Multiple Vulnerabilities 71: DeltaV Products Multiple Vulnerabilities U-171: DeltaV Products Multiple Vulnerabilities May 17, 2012 - 7:00am Addthis PROBLEM: DeltaV Products Multiple Vulnerabilities PLATFORM: DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 DeltaV ProEssentials Scientific Graph version 5.0.0.6 ABSTRACT: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference LINKS: Secunia Advisory SA49210 CVE-2012-1814 CVE-2012-1815 CVE-2012-1816 CVE-2012-1817 CVE-2012-1818 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and

100

V-080: Apple iOS Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apple iOS Multiple Vulnerabilities 0: Apple iOS Multiple Vulnerabilities V-080: Apple iOS Multiple Vulnerabilities January 30, 2013 - 12:56am Addthis PROBLEM: Apple iOS Multiple Vulnerabilities PLATFORM: Apple iOS 6.x for iPhone 3GS and later Apple iOS for iPad 6.x Apple iOS for iPod touch 6.x ABSTRACT: Two security issues and multiple vulnerabilities have been reported in Apple iOS REFERENCE LINKS: Article: HT5642 APPLE-SA-2013-01-28-1 iOS 6.1 Software Update Secunia Advisory SA52002 CVE-2011-3058 CVE-2012-2619 CVE-2012-2824 CVE-2012-2857 CVE-2012-2889 CVE-2012-3606 CVE-2012-3607 CVE-2012-3621 CVE-2012-3632 CVE-2012-3687 CVE-2012-3701 CVE-2013-0948 CVE-2013-0949 CVE-2013-0950 CVE-2013-0951 CVE-2013-0952 CVE-2013-0953 CVE-2013-0954 CVE-2013-0955 CVE-2013-0956 CVE-2013-0958 CVE-2013-0959 CVE-2013-0962 CVE-2013-0963 CVE-2013-0964

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities May 17, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in BlackBerry Tablet OS PLATFORM: BlackBerry Tablet OS 2.x ABSTRACT: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53453 Blackberry Security Advisory KB34161 CVE-2012-5248 CVE-2012-5249 CVE-2012-5250 CVE-2012-5251 CVE-2012-5252 CVE-2012-5253 CVE-2012-5254 CVE-2012-5255 CVE-2012-5256 CVE-2012-5257 CVE-2012-5258 CVE-2012-5259 CVE-2012-5260 CVE-2012-5261 CVE-2012-5262 CVE-2012-5263 CVE-2012-5264 CVE-2012-5265

102

V-132: IBM Tivoli System Automation Application Manager Multiple...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation Application Manager which...

103

The ENSDF Java Package  

Science Conference Proceedings (OSTI)

A package of computer codes has been developed to process and display nuclear structure and decay data stored in the ENSDF (Evaluated Nuclear Structure Data File) library. The codes were written in an object-oriented fashion using the java language. This allows for an easy implementation across multiple platforms as well as deployment on web pages. The structure of the different java classes that make up the package is discussed as well as several different implementations.

Sonzogni, A.A. [National Nuclear Data Center, Brookhaven National Laboratory, Upton, NY 11973-5000 (United States)

2005-05-24T23:59:59.000Z

104

Java XMGR  

SciTech Connect

The XMGR5 graphing package [1] for drawing RELAP5 [2] plots is being re-written in Java [3]. Java is a robust programming language that is available at no cost for most computer platforms from Sun Microsystems, Inc. XMGR5 is an extension of an XY plotting tool called ACE/gr extended to plot data from several US Nuclear Regulatory Commission (NRC) applications. It is also the most popular graphing package worldwide for making RELAP5 plots. In Section 1, a short review of XMGR5 is given, followed by a brief overview of Java. In Section 2, shortcomings of both tkXMGR [4] and XMGR5 are discussed and the value of converting to Java is given. Details of the conversion to Java are given in Section 3. The progress to date, some conclusions and future work are given in Section 4. Some screen shots of the Java version are shown.

Dr. George L. Mesina; Steven P. Miller

2004-08-01T23:59:59.000Z

105

Java Security  

Science Conference Proceedings (OSTI)

From the Publisher:With a market share of almost 70%, Java can be rightly called the programming language of the Web. Java security allows transmission of sensitive information, stores sensitive data, ensures that code is from a trusted source, and ensures ...

Madhushree Ganguli

2002-11-01T23:59:59.000Z

106

Integrating multiple clinical information systems using the Java message service framework to enable the delivery of urgent exam results at the point of care  

E-Print Network (OSTI)

Systems using the Java Message Service Framework. J DigitInformation Systems using the Java Message Service FrameworkED) physician. A web and Java Message Service (JMS) based

Tellis, W M; Andriole, K P

2005-01-01T23:59:59.000Z

107

T-561: IBM and Oracle Java Binary Floating-Point Number Conversion...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service...

108

T-641: Oracle Java SE Critical Patch Update Advisory - June 2011 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Oracle Java SE Critical Patch Update Advisory - June 2011 1: Oracle Java SE Critical Patch Update Advisory - June 2011 T-641: Oracle Java SE Critical Patch Update Advisory - June 2011 June 8, 2011 - 12:26pm Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory - June 2011 PLATFORM: JDK and JRE 6 Update 25 and earlier, Java SE, JDK 5.0 Update 29 and earlier Java SE, SDK 1.4.2_31 and earlier ABSTRACT: This Critical Patch Update contains 17 new security fixes for Oracle Java SE - 5 apply to client and server deployments of Java SE, 11 apply to client deployments of Java SE only, and 1 applies to server deployments of Java SE only. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Oracle CVSS scores assume that a user running a Java applet or Java Web

109

T-641: Oracle Java SE Critical Patch Update Advisory - June 2011 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

41: Oracle Java SE Critical Patch Update Advisory - June 2011 41: Oracle Java SE Critical Patch Update Advisory - June 2011 T-641: Oracle Java SE Critical Patch Update Advisory - June 2011 June 8, 2011 - 12:26pm Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory - June 2011 PLATFORM: JDK and JRE 6 Update 25 and earlier, Java SE, JDK 5.0 Update 29 and earlier Java SE, SDK 1.4.2_31 and earlier ABSTRACT: This Critical Patch Update contains 17 new security fixes for Oracle Java SE - 5 apply to client and server deployments of Java SE, 11 apply to client deployments of Java SE only, and 1 applies to server deployments of Java SE only. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Oracle CVSS scores assume that a user running a Java applet or Java Web

110

V-181: Oracle Java SE Critical Patch Update Advisory - June 2013 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Oracle Java SE Critical Patch Update Advisory - June 2013 1: Oracle Java SE Critical Patch Update Advisory - June 2013 V-181: Oracle Java SE Critical Patch Update Advisory - June 2013 June 19, 2013 - 1:06am Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory - June 2013 PLATFORM: Version(s): 5.0 Update 45, 6 Update 45, 7 Update 21; and prior versions ABSTRACT: Multiple vulnerabilities were reported in Oracle Java. REFERENCE LINKS: Oracle Java SE Critical Patch Update June 2013 SecurityTracker Alert ID: 1028679 CVE-2013-1500, CVE-2013-1571 CVE-2013-2400, CVE-2013-2407 CVE-2013-2412, CVE-2013-2437 CVE-2013-2442, CVE-2013-2443 CVE-2013-2444, CVE-2013-2445 CVE-2013-2446, CVE-2013-2447 CVE-2013-2448, CVE-2013-2449 CVE-2013-2450, CVE-2013-2451 CVE-2013-2452, CVE-2013-2453 CVE-2013-2454, CVE-2013-2455 CVE-2013-2456, CVE-2013-2457

111

T-558: Oracle Java SE and Java for Business Critical Patch Update Advisory  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Oracle Java SE and Java for Business Critical Patch Update 8: Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011 T-558: Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011 February 16, 2011 - 7:00am Addthis PROBLEM: Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011. PLATFORM: JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 27 and earlier for Solaris 9 SDK 1.4.2_29 and earlier for Solaris 8 JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux ABSTRACT: This Critical Patch Update contains 21 new security fixes for Oracle Java SE and Java for Business. 19 of these vulnerabilities may be remotely

112

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

113

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

114

T-694: IBM Tivoli Federated Identity Manager Products Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Tivoli Federated Identity Manager Products Multiple 4: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities August 16, 2011 - 3:30pm Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, where some have an unknown impact while one can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: IBM Tivoli Federated Identity Manager 6.x, IBM Tivoli Federated Identity Manager Business Gateway 6.x ABSTRACT: This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java

115

T-694: IBM Tivoli Federated Identity Manager Products Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

94: IBM Tivoli Federated Identity Manager Products Multiple 94: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities August 16, 2011 - 3:30pm Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, where some have an unknown impact while one can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: IBM Tivoli Federated Identity Manager 6.x, IBM Tivoli Federated Identity Manager Business Gateway 6.x ABSTRACT: This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java

116

The Java memory model  

Science Conference Proceedings (OSTI)

This paper describes the new Java memory model, which has been revised as part of Java 5.0. The model specifies the legal behaviors for a multithreaded program; it defines the semantics of multithreaded Java programs and partially determines legal implementations ... Keywords: Java, concurrency, memory model, multithreading

Jeremy Manson; William Pugh; Sarita V. Adve

2005-01-01T23:59:59.000Z

117

U-245: Critical Java 0-day flaw exploited | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

45: Critical Java 0-day flaw exploited 45: Critical Java 0-day flaw exploited U-245: Critical Java 0-day flaw exploited August 27, 2012 - 4:41pm Addthis PROBLEM: Attackers are exploiting a new and unpatched vulnerability that affects the latest version of Java -- Java 7 Update 6, and it works against a fully patched Windows 7 SP1 with Java 7 Update 6, Mozilla Firefox on Ubuntu Linux 10.04, Internet Explorer / Mozilla Firefox / Chrome on Windows XP, Internet Explorer / Mozilla Firefox on Windows Vista and Windows 7, and Safari on OS X 10.7.4. PLATFORM: Version(s): Java 7 Update 6 ABSTRACT: Targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims' machines REFERENCE LINKS: http://www.net-security.org/secworld.php?id=13484 zero-day CVE-2012-4681

118

T-686: IBM Tivoli Integrated Portal Java Double Literal Denial of Service  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

686: IBM Tivoli Integrated Portal Java Double Literal Denial of 686: IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability T-686: IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability August 8, 2011 - 3:00pm Addthis PROBLEM: A vulnerability in the Java Runtime Environment allows unauthenticated network attacks ( i.e. it may be exploited over a network without the need for a username and password) PLATFORM: Tivoli versions prior to 1.1.1.15. ABSTRACT: IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability. reference LINKS: IBM ID: 1508061 Secunia Advisory: SA45556 CVE-2010-4476 IMPACT ASSESSMENT: Medium Discussion: IBM has acknowledged a vulnerability in IBM Tivoli Integrated Portal, which can be exploited by malicious people to cause a DoS (Denial of Service).

119

Java and Numerical Computing  

Science Conference Proceedings (OSTI)

Java represents both a challenge and an opportunity to practitioners of numerical computing. This article analyzes the current state of Java in numerical computing and identifies some directions for the realization of its full potential.

Ronald F. Boisvert; José Moreira; Michael Philippsen; Roldan Pozo

2001-01-01T23:59:59.000Z

120

Java Numerics: Main  

Science Conference Proceedings (OSTI)

... Workshop onJava in High Performance Computing at HPCN Eurpe 2001 Conference, Amsterdam, The Netherlands (June 25 - 27, 2001); ...

2012-11-20T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

V-132: IBM Tivoli System Automation Application Manager Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli System Automation Application Manager Multiple 2: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation Application Manager which may affect the product REFERENCE LINKS: Secunia Advisory: SA53006 IBM Security Bulletin 21633991 IBM Security Bulletin 21633992 CVE-2011-3563 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501

122

V-132: IBM Tivoli System Automation Application Manager Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli System Automation Application Manager Multiple 2: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation Application Manager which may affect the product REFERENCE LINKS: Secunia Advisory: SA53006 IBM Security Bulletin 21633991 IBM Security Bulletin 21633992 CVE-2011-3563 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501

123

T-581: Novell Access Manager Java Double Literal Denial of Service  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

81: Novell Access Manager Java Double Literal Denial of Service 81: Novell Access Manager Java Double Literal Denial of Service Vulnerability T-581: Novell Access Manager Java Double Literal Denial of Service Vulnerability March 17, 2011 - 3:05pm Addthis PROBLEM: Novell has acknowledged a vulnerability in Novell Access Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Novell Access Manager 3.1 Linux Access Gateway Novell Access Manager 3.1 Access Administration Novell Access Manager 3.1 SSLVPN Server Novell Access Manager 3.1 Windows Novell Identity Server Novell Access Manager 3.1 Linux Novell Identity Server Novell Access Manager 3.1 Java Agents ABSTRACT: Novell Access Manager Java Double Literal Denial of Service Vulnerability. reference LINKS: Secunia Advisory: SA43769 CVE-2010-4476

124

V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code 5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle Java Flaws Let Remote Users Execute Arbitrary Code PLATFORM: JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier ABSTRACT: Several vulnerabilities were reported in Oracle Java. REFERENCE LINKS: Updated Release of the February 2013 Oracle Java SE Critical Patch Update SecurityTracker Alert ID: 1028155 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted Java Web Start application or Java applet that, when loaded by the target user, will execute arbitrary

125

V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Oracle Java Reflection API Flaw Lets Remote Users Execute 2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am Addthis PROBLEM: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 7 Update 21; possibly other versions (1.7.0_21-b11) Java Server JRE is also affected. ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: SecurityTracker Alert ID: 1028466 Oracle IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create a specially crafted Java application that, when loaded and approved by the target user, will trigger a flaw in the Reflection API to bypass the security sandbox. IMPACT: A remote user can create a Java file that, when loaded by the target user,

126

Diffusion Java Applets - TMS  

Science Conference Proceedings (OSTI)

Mar 8, 2007 ... Citation: Glicksman, M.E. and Lupulescu, A. "Java Applets and Additional Presentations." Department of Materials Science and Engineering.

127

JAVA SCRIPT IS DISABLED  

Office of Scientific and Technical Information (OSTI)

This application needs JavaScript to work correctly but your browser does not have it enabled. How do I enable JavaScript??? - follow the instructions below... If your browser is not listed, please contact your system administrator. Internet Explorer (6.0) Select 'Tools' from the top menu Choose 'Internet Options' Click on the 'Security' tab Click on 'Custom Level' Scroll down until you see section labled 'Scripting' Under 'Active Scripting', select 'Enable' and click OK Internet Explorer (7.0) Select Tools > Internet Options. Click on the Security tab. Click the Custom Level button. Scroll down to the Scripting section. Select Enable for Active Scripting and Scripting of Java Applets. Click OK. Select YES if a box appears to confirm. Click OK. Close window.

128

Specifying java iterators with JML and Esc/Java2  

Science Conference Proceedings (OSTI)

The 2006 SAVCBS Workshop has posed a Challenge Problem on the topic of specifying iterators. This note provides a specification in the Java Modeling Language (JML) [1, 2] for the Java interfaces Iterator and Iterable that captures the interactions ... Keywords: ESC/Java2, JML, specification, static analysis, verification

David R. Cok

2006-11-01T23:59:59.000Z

129

T-606: Sun Java System Access Manager Lets Remote Users Partially Modify  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

06: Sun Java System Access Manager Lets Remote Users Partially 06: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data April 20, 2011 - 3:58am Addthis PROBLEM: Two vulnerabilities were reported in Sun Java System Access Manager. A remote authenticated user can partially access data on the target system. A remote user can partially modify data on the target system. PLATFORM: Sun Java versions 7.1, 8.0 ABSTRACT: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data. reference LINKS: SecurityTracker Alert ID: 1025408 CVE-2011-0844 CVE-2011-0847 Oracle Critical Patch Update Advisory

130

Java Metadata Facility  

SciTech Connect

The Java Metadata Facility is introduced by Java Specification Request (JSR) 175 [1], and incorporated into the Java language specification [2] in version 1.5 of the language. The specification allows annotations on Java program elements: classes, interfaces, methods, and fields. Annotations give programmers a uniform way to add metadata to program elements that can be used by code checkers, code generators, or other compile-time or runtime components. Annotations are defined by annotation types. These are defined the same way as interfaces, but with the symbol {at} preceding the interface keyword. There are additional restrictions on defining annotation types: (1) They cannot be generic; (2) They cannot extend other annotation types or interfaces; (3) Methods cannot have any parameters; (4) Methods cannot have type parameters; (5) Methods cannot throw exceptions; and (6) The return type of methods of an annotation type must be a primitive, a String, a Class, an annotation type, or an array, where the type of the array is restricted to one of the four allowed types. See [2] for additional restrictions and syntax. The methods of an annotation type define the elements that may be used to parameterize the annotation in code. Annotation types may have default values for any of its elements. For example, an annotation that specifies a defect report could initialize an element defining the defect outcome submitted. Annotations may also have zero elements. This could be used to indicate serializability for a class (as opposed to the current Serializability interface).

Buttler, D J

2008-03-06T23:59:59.000Z

131

T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM and Oracle Java Binary Floating-Point Number Conversion 61: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability February 21, 2011 - 7:00am Addthis PROBLEM: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability. PLATFORM: The following Java products are affected: Java SE: Oracle JDK and JRE 6 Update 23 and prior for Windows, Solaris, and Linux Oracle JDK 5.0 Update 27 and prior for Solaris 9 Oracle SDK 1.4.2_29 and prior for Solaris 8 IBM JDK 6 Update SR9 and prior IBM JDK 5 Update SR12-FP3 and prior IBM JDK 1.4.2 Update SR13-FP8 and prior Java for Business: Oracle JDK and JRE 6 Update 23 and prior for Windows, Solaris, and Linux Oracle JDK and JRE 5.0 Update 27 and prior for Windows, Solaris, and Linux

132

National Vulnerability Database Full Vulnerability Listing  

Science Conference Proceedings (OSTI)

NVD Complete Vulnerability Listing. This web page contains direct links to every National Vulnerability Database vulnerability entry. ...

133

A Java commodity grid kit.  

SciTech Connect

In this paper we report on the features of the Java Commodity Grid Kit. The Java CoG Kit provides middleware for accessing Grid functionality from the Java framework. Java CoG Kit middleware is general enough to design a variety of advanced Grid applications with quite different user requirements. Access to the Grid is established via Globus protocols, allowing the Java CoG Kit to communicate also with the C Globus reference implementation. Thus, the Java CoG Kit provides Grid developers with the ability to utilize the Grid, as well as numerous additional libraries and frameworks developed by the Java community to enable network, Internet, enterprise, and peer-to peer computing. A variety of projects have successfully used the client libraries of the Java CoG Kit to access Grids driven by the C Globus software. In this paper we also report on the efforts to develop server side Java CoG Kit components. As part of this research we have implemented a prototype pure Java resource management system that enables one to run Globus jobs on platforms on which a Java virtual machine is supported, including Windows NT machines.

von Laszewski, G.; Foster, I.; Gawor, J.; Lane, P.; Mathematics and Computer Science

2001-07-01T23:59:59.000Z

134

Java Vertexing Tools  

SciTech Connect

This document describes the implementation of the topological vertex finding algorithm ZVTOP within the org.lcsim reconstruction and analysis framework. At the present date, Java vertexing tools allow users to perform topological vertexing on tracks that have been obtained from a Fast MC simulation. An implementation that will be able to handle fully reconstructed events is being designed from the ground up for longevity and maintainability.

Strube, Jan; /Oregon U.; Graf, Norman; /SLAC

2006-03-03T23:59:59.000Z

135

T-558: Oracle Java SE and Java for Business Critical Patch Update...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011 T-558: Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011...

136

Java support on genepool: java6 (jdk1.6) will be removed on 08...  

NLE Websites -- All DOE Office Websites (Extended Search)

Java support on genepool: java6 (jdk1.6) will be removed on 08302013; firefox security updates Java support on genepool: java6 (jdk1.6) will be removed on 08302013; firefox...

137

Converting java programs to use generic libraries  

Science Conference Proceedings (OSTI)

Java 1.5 will include a type system (called JSR-14) that supports parametric polymorphism, or generic classes. This will bring many benefits to Java programmers, not least because current Java practice makes heavy use of ... Keywords: JSR-14, Java 1.5, Java 5, generic types, instantiation types, parameterized types, parametric polymorphism, raw types, type inference

Alan Donovan; Adam Kiežun; Matthew S. Tschantz; Michael D. Ernst

2004-10-01T23:59:59.000Z

138

V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java 7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in IBM Lotus Notes PLATFORM: IBM Notes 8.0.x, 8.5.x, 9.0 ABSTRACT: A remote user can cause Java applets to be executed on the target user's system REFERENCE LINKS: Security Tracker Alert ID 1028504 IBM Security Bulletin 1633819 CVE-2013-0127 CVE-2013-0538 IMPACT ASSESSMENT: Medium DISCUSSION: The mail client does not filter 'applet' and 'javascript' tags in HTML-based email messages. A remote user can send a specially crafted email message that, when loaded by the target user, will execute arbitrary Java code on the target system. The code will run with the privileges of the

139

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

140

V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java 7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in IBM Lotus Notes PLATFORM: IBM Notes 8.0.x, 8.5.x, 9.0 ABSTRACT: A remote user can cause Java applets to be executed on the target user's system REFERENCE LINKS: Security Tracker Alert ID 1028504 IBM Security Bulletin 1633819 CVE-2013-0127 CVE-2013-0538 IMPACT ASSESSMENT: Medium DISCUSSION: The mail client does not filter 'applet' and 'javascript' tags in HTML-based email messages. A remote user can send a specially crafted email message that, when loaded by the target user, will execute arbitrary Java code on the target system. The code will run with the privileges of the

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

142

Practical pluggable types for Java.  

E-Print Network (OSTI)

??This paper introduces the Checker Framework, which supports adding pluggable type systems to the Java language in a backward-compatible way. A type system designer defines… (more)

Papi, Matthew M

2008-01-01T23:59:59.000Z

143

Converting Java Programs to Use Generic Libraries  

E-Print Network (OSTI)

Java 1.5 will include a type system (called JSR-14) that supports parametric polymorphism, or generic classes. This will bring many benefits to Java programmers, not least because current Java practice makes heavy use of ...

Donovan, Alan

2004-03-30T23:59:59.000Z

144

Converting Java programs to use generic libraries  

E-Print Network (OSTI)

Java 1.5 will include a type system (called JSR-14) that supports parametric polymorphism, or generic classes. This will bring many benefits to Java programmers, not least because current Java practise makes heavy use of ...

Donovan, Alan A. A., 1976-

2004-01-01T23:59:59.000Z

145

V-072: Red Hat update for java-1.7.0-openjdk | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Red Hat update for java-1.7.0-openjdk 2: Red Hat update for java-1.7.0-openjdk V-072: Red Hat update for java-1.7.0-openjdk January 18, 2013 - 6:00am Addthis PROBLEM: Red Hat has issued an update for java-1.7.0-openjdk. PLATFORM: The vulnerabilities are reported in Red Hat Enterprise Linux 5 and 6 ABSTRACT: Red Hat has issued an update for java-1.7.0-openjdk. REFERENCE LINKS: Secunia Advisory SA51858 RHSA-2013:0165-1 CVE-2012-3174 CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. IMPACT: Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. SOLUTION: Vendor advises to upgrade to these updated packages, which resolve these

146

An improved slicer for Java  

Science Conference Proceedings (OSTI)

We present an improved slicing algorithm for Java. The best algorithm known so far, first presented in [11], is not always precise if nested objects are used as actual parameters. The new algorithm presented in this paper always generates correct and ... Keywords: Java, object trees, static program slicing

Christian Hammer; Gregor Snelting

2004-06-01T23:59:59.000Z

147

Formalizing the safety of Java, the Java virtual machine, and Java card  

Science Conference Proceedings (OSTI)

We review the existing literature on Java safety, emphasizing formal approaches, and the impact of Java safety on small footprint devices such as smartcards. The conclusion is that although a lot of good work has been done, a more concerted effort is ... Keywords: Common criteria, programming

Pieter H. Hartel; Luc Moreau

2001-12-01T23:59:59.000Z

148

Template_JavaOne03  

Science Conference Proceedings (OSTI)

... | JavaOne 2003 | Session #1024. 9. S-CSCF. MGCF. MGW. HSS. Application Server. SIP for J2ME. JAIN SIP. SIP for J2ME. JAIN SIP. SIP for J2ME. ...

2009-02-03T23:59:59.000Z

149

Refactoring for parameterizing Java classes  

E-Print Network (OSTI)

Type safety and expressiveness of many existing Java libraries and theirclient applications would improve, if the libraries were upgraded to definegeneric classes. Efficient and accurate tools exist to assist clientapplications ...

Kiezun, Adam

2006-09-05T23:59:59.000Z

150

Mechanisms of Java Rainfall Anomalies  

Science Conference Proceedings (OSTI)

The large-scale circulation departure patterns associated with the interannual variability of (July–June) rainfall in Java are studied on the basis of ship observations (1911–73) in the Indian Ocean and surface station records. Circulation ...

Eric C. Hackert; Stefan Hastenrath

1986-04-01T23:59:59.000Z

151

Practical pluggable types for Java  

E-Print Network (OSTI)

This paper introduces the Checker Framework, which supports adding pluggable type systems to the Java language in a backward-compatible way. A type system designer defines type qualifiers and their semantics, and a compiler ...

Papi, Matthew M

2008-01-01T23:59:59.000Z

152

Redefining Agrarian Power: Resurgent Agrarian Movements in West Java, Indonesia  

E-Print Network (OSTI)

Agrarian Movements in West Java, Indonesia Suraya Afiff Noeron agrarian change in Java in the 1970s and has, moreand agrarian change in Java, West Kalimantan, and other

Afiff, Suraya; Fauzi, Noer; Hart, Gillian; Ntsebeza, Lungisile; Peluso, Nancy

2005-01-01T23:59:59.000Z

153

Argonne's Vulnerability  

NLE Websites -- All DOE Office Websites (Extended Search)

finding finding and fixing security flaws Argonne's Vulnerability assessment Team VAT researchers spend their workdays devising and demonstrating ways to defeat a wide variety of security devices, systems, and programs, ranging from electronic voting machines and global positioning systems (GPS) to nuclear safeguards programs and biometrics-based access control. This involves analyzing the security features, reverse-engineering the technology or

154

Animation projects in CS1 from scheme to Java  

Science Conference Proceedings (OSTI)

Scheme animation projects are transformed into Java projects. Keywords: computer science for liberal arts, introductory programming course, java programming

Mirela Djordjevi?

2011-06-01T23:59:59.000Z

155

Platform Independence Java Virtual Machine (JVM)  

E-Print Network (OSTI)

of User Appliances and Communications Links But completely compatible Because the Market demandsIFace area = new Area(); java.rmi.Naming.bind(url, area) Client: AreaIFace area = (AreaIFace) java.rmi.Naming.lookup

Martin, Jonathan E.

156

Transparent Consistent Replication of Java RMI Objects  

Science Conference Proceedings (OSTI)

The Java Remote Method Invocation (JRMI) specification simplifies the development of distributed Java applications, but provides little support to guarantee reliable, highly available operation. The Aroma System is middleware that transparently enhances ...

N. Narasimhan; L. E. Moser; P. M. Melliar-Smith

2000-09-01T23:59:59.000Z

157

Advanced Transactions in Enterprise JavaBeans  

Science Conference Proceedings (OSTI)

Enterprise JavaBeans (EJB) is a new technology that aims at supporting distributed transactional component-based applications written in Java. In recent years, a lot of new advanced software applications have arisen, which have new requirements for transaction ...

Marek Prochazka

2000-11-01T23:59:59.000Z

158

Symbolic Script Programming for Java  

E-Print Network (OSTI)

Computer algebra in Java is a promising field of development. It has not yet reached an industrial strength, in part because of a lack of good user interfaces. Using a general purpose scripting language can bring a natural mathematical notation, akin to the one of specialized interfaces included in most computer algebra systems. We present such an interface for Java computer algebra libraries, using scripts available in the JSR 223 framework. We introduce the concept of `symbolic programming' and show its usefulness by prototypes of symbolic polynomials and polynomial rings.

Jolly, Raphael

2009-01-01T23:59:59.000Z

159

Remote Invocation in Java G52CON Concepts of Concurrency Remote Invocation in Java  

E-Print Network (OSTI)

.out.println(account.balance()); } catch (Exception e) { // Error handling } } } Remote Invocation in Java G52CON ­ Concepts of Concurrency1 Remote Invocation in Java G52CON ­ Concepts of Concurrency Remote Invocation in Java · Provided by the java.rmi package · Based on a model of remote method invocation (RMI), equivalent to remote procedure

Mills, Steven

160

JAVA based LCD Reconstruction and Analysis Tools  

Science Conference Proceedings (OSTI)

We summarize the current status and future developments of the North American Group's Java-based system for studying physics and detector design issues at a linear collider. The system is built around Java Analysis Studio (JAS) an experiment-independent Java-based utility for data analysis. Although the system is an integrated package running in JAS, many parts of it are also standalone Java utilities.

Bower, G.

2004-10-11T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

Features of the Java commodity grid kit.  

SciTech Connect

In this paper we report on the features of the Java Commodity Grid Kit (Java CoG Kit). The Java CoG Kit provides middleware for accessing Grid functionality from the Java framework. Java CoG Kit middleware is general enough to design a variety of advanced Grid applications with quite different user requirements. Access to the Grid is established via Globus Toolkit protocols, allowing the Java CoG Kit to also communicate with the services distributed as part of the C Globus Toolkit reference implementation. Thus, the Java CoG Kit provides Grid developers with the ability to utilize the Grid, as well as numerous additional libraries and frameworks developed by the Java community to enable network, Internet, enterprise and peer-to-peer computing. A variety of projects have successfully used the client libraries of the Java CoG Kit to access Grids driven by the C Globus Toolkit software. In this paper we also report on the efforts to develop serverside Java CoG Kit components. As part of this research we have implemented a prototype pure Java resource management system that enables one to run Grid jobs on platforms on which a Java virtual machine is supported, including Windows NT machines.

von Laszewski, G.; Gawor, J.; Lane, P.; Rehn, N.; Russell, M.; Mathematics and Computer Science

2002-11-01T23:59:59.000Z

162

ESC/Java2 Implementation Notes  

E-Print Network (OSTI)

Abstract: ESC/Java2 is a tool for statically checking program specifications. It expands significantly upon ESC/Java, on which it is built. It is consistent with the definition of JML and of Java 1.4. It adds additional static checking to that in ESC/Java; most significantly, it adds support for checking frame conditions and annotations containing method calls. This document describes the status of the final release of ESC/Java2, along with some notes regarding the details of that implementation.

David R. Cok; Joseph R. Kiniry; Dermot Cochran

2008-01-01T23:59:59.000Z

163

Java 1.5.0 API Sun’s Java Tutorial Ed Faulkner’s Java Reference  

E-Print Network (OSTI)

Put these lines in your.environment: add 6.186 add-f java_v1.5.0 setenv JAVA_HOME /mit/java_v1.5.0 setenv CLASSPATH /mit/6.186/2005/maslab.jar:. If you’re Serverphobic, just ask for help. You’ll learn fast, and you’ll be glad you did. Using the Documentation

Yuran Lu Agenda; Threading Java; On Server; Maslab Api

2005-01-01T23:59:59.000Z

164

Identifying Reference Objects by Hierarchical Clustering in Java Environment  

E-Print Network (OSTI)

Recently Java programming environment has become so popular. Java programming language is a language that is designed to be portable enough to be executed in wide range of computers ranging from cell phones to supercomputers. Computer programs written in Java are compiled into Java Byte code instructions that are suitable for execution by a Java Virtual Machine implementation. Java virtual Machine is commonly implemented in software by means of an interpreter for the Java Virtual Machine instruction set. As an object oriented language, Java utilizes the concept of objects. Our idea is to identify the candidate objects' references in a Java environment through hierarchical cluster analysis using reference stack and execution stack.

Saha, Rahul

2011-01-01T23:59:59.000Z

165

MESURE Tool to benchmark Java Card platforms  

E-Print Network (OSTI)

The advent of the Java Card standard has been a major turning point in smart card technology. With the growing acceptance of this standard, understanding the performance behavior of these platforms is becoming crucial. To meet this need, we present in this paper a novel benchmarking framework to test and evaluate the performance of Java Card platforms. MESURE tool is the first framework which accuracy and effectiveness are independent from the particular Java Card platform tested and CAD used.

Bouzefrane, Samia; Paradinas, Pierre

2009-01-01T23:59:59.000Z

166

U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Cisco AnyConnect VPN Client Two Vulnerabilities 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader

167

Object and Reference Immutability using Java Generics  

E-Print Network (OSTI)

A compiler-checked immutability guarantee provides useful documentation, facilitates reasoning, and enables optimizations. This paper presents Immutability Generic Java (IGJ), a novel language extension that expresses ...

Zibin, Yoav

2007-03-16T23:59:59.000Z

168

OpenMath JavaBeans - CECM  

E-Print Network (OSTI)

Sep 24, 1998 ... The technology studied in this project uses Java to construct components, ... It is also a general communications standard which supports the ...

169

SystemRequirements java Repository CRAN  

E-Print Network (OSTI)

Description Low-level interface to Java VM very much like.C/.Call and friends. Allows creation of objects, calling methods and accessing fields.

Simon Urbanek; Maintainer Simon Urbanek; Depends R; R Topics Documented

2010-01-01T23:59:59.000Z

170

Emerging Java Technologies for Math Education  

E-Print Network (OSTI)

PIMS-CECM Workshop on Emerging Java Technologies for Math Education. Centre For Experimental and Constructive Mathematics logo. A Workshop at the  ...

171

InterProlog: Towards a declarative embedding of logic programming in Java  

E-Print Network (OSTI)

Abstract. InterProlog is the first Prolog-Java interface to support multiple Prolog systems through the same API; currently XSB and SWI Prolog, with GNU Prolog and YAP under development – on Windows, Linux and Mac OS X. It promotes coarse-grained integration between logic and object-oriented layers, by providing the ability to bidirectionally map any class data structure to a Prolog term; integration is done either through the Java Native Interface or TCP/IP sockets. It is proposed as a first step towards a common standard Java + Prolog API, gifting the Java developer with the best inference engines, and the logic programmer with simple access to the mainstream object-oriented platform. 1

Miguel Calejo

2004-01-01T23:59:59.000Z

172

Predictors Of Java Programming Self Efficacy Among Engineering Students In A Nigerian University  

E-Print Network (OSTI)

The study examined the relationship between Java programming self-efficacy and programming background of engineering students in a Nigerian University. One hundred and ninety two final year engineering students randomly selected from six engineering departments of the university participated in the study. Two research instruments: Programming Background Questionnaire and Java Programming Self-Efficacy Scale were used in collecting relevant information from the subjects. The resulting data were analyzed using Pearson product correlation and Multiple regression analysis. Findings revealed that Java Programming self-efficacy has no significant relationship with each of the computing and programming background factors. It was additionally obtained that the number of programming courses offered and programming courses weighed scores were the only predictors of Java self-efficacy.

Jegede, Philip Olu

2009-01-01T23:59:59.000Z

173

V-120: EMC Smarts Network Configuration Manager Java RMI Access...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control...

174

Recoverable Class Loaders for a Fast Restart of Java Applications  

Science Conference Proceedings (OSTI)

Nov 8, 2008 ... able a fast start-up and recovery of Java applications. This is achieved by snapshooting the static state of Java applications namely the class ...

175

Stability of Java interfaces: a preliminary investigation  

Science Conference Proceedings (OSTI)

The attribute of stability is regarded by some as an important attribute of software. Some claims regarding software design quality imply that what are called interfaces in Java are stable. This paper introduces some new metrics for investigating ... Keywords: java interface, software metrics, stability

Jonathan Chow; Ewan Tempero

2011-05-01T23:59:59.000Z

176

Formalising Java RMI with explicit code mobility  

Science Conference Proceedings (OSTI)

This paper presents an object-oriented, Java-like core language with primitives for distributed programming and explicit code mobility. We apply our formulation to prove the correctness of several optimisations for distributed programs. Our language ... Keywords: Code mobility, Distribution, Java, Optimisation, RMI, Runtime, Types

Alexander Ahern; Nobuko Yoshida

2007-12-01T23:59:59.000Z

177

First International Workshop on Persistence and Java  

Science Conference Proceedings (OSTI)

These proceedings record the First International Workshop on Persistence and Java, which was held in Drymen, Scotland in September 1996. The focus of this workshop was the relationship between the Java languages and long-term data storage, such as databases ...

Malcolm Atkinson; Mick Jordan

1996-11-01T23:59:59.000Z

178

Testing of java web services for robustness  

Science Conference Proceedings (OSTI)

This paper presents a new compile-time analysis that enables a testing methodology for white-box coverage testing of error recovery code (i.e., exception handlers) in Java web services using compiler-directed fault injection. The analysis allows compiler-generated ... Keywords: def-use testing, exceptions, java, test coverage metrics

Chen Fu; Barbara G. Ryder; Ana Milanova; David Wonnacott

2004-07-01T23:59:59.000Z

179

NV: Nessus Vulnerability Visualization for the Web  

SciTech Connect

Network vulnerability is a critical component of network se- curity. Yet vulnerability analysis has received relatively lit- tle attention from the security visualization community. In this paper we describe nv, a web-based Nessus vulnerability visualization. Nv utilizes treemaps and linked histograms to allow system administrators to discover, analyze, and man- age vulnerabilities on their networks. In addition to visual- izing single Nessus scans, nv supports the analysis of sequen- tial scans by showing which vulnerabilities have been fixed, remain open, or are newly discovered. Nv was also designed to operate completely in-browser, to avoid sending sensitive data to outside servers. We discuss the design of nv, as well as provide case studies demonstrating vulnerability analysis workflows which include a multiple-node testbed and data from the 2011 VAST Challenge.

Harrison, Lane [University of North Carolina, Charlotte; Spahn, Riley B [ORNL; Iannacone, Michael D [ORNL; Downing, Evan P [ORNL; Goodall, John R [ORNL

2012-01-01T23:59:59.000Z

180

Sandia secure processor : a native Java processor.  

SciTech Connect

The Sandia Secure Processor (SSP) is a new native Java processor that has been specifically designed for embedded applications. The SSP's design is a system composed of a core Java processor that directly executes Java bytecodes, on-chip intelligent IO modules, and a suite of software tools for simulation and compiling executable binary files. The SSP is unique in that it provides a way to control real-time IO modules for embedded applications. The system software for the SSP is a 'class loader' that takes Java .class files (created with your favorite Java compiler), links them together, and compiles a binary. The complete SSP system provides very powerful functionality with very light hardware requirements with the potential to be used in a wide variety of small-system embedded applications. This paper gives a detail description of the Sandia Secure Processor and its unique features.

Wickstrom, Gregory Lloyd; Gale, Jason Carl; Ma, Kwok Kee

2003-08-01T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

Software Vulnerability Taxonomy Consolidation  

SciTech Connect

In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to system administrators, software developers and vulnerability researchers is not yet achieved, this work has resulted in the most exhaustive collection of vulnerability data to date.

Polepeddi, S

2004-12-08T23:59:59.000Z

182

Sawja: Static Analysis Workshop for Java  

E-Print Network (OSTI)

Static analysis is a powerful technique for automatic verification of programs but raises major engineering challenges when developing a full-fledged analyzer for a realistic language such as Java. This paper describes the Sawja library: a static analysis framework fully compliant with Java 6 which provides OCaml modules for efficiently manipulating Java bytecode programs. We present the main features of the library, including (i) efficient functional data-structures for representing program with implicit sharing and lazy parsing, (ii) an intermediate stack-less representation, and (iii) fast computation and manipulation of complete programs.

Hubert, Laurent; Besson, Frédéric; Demange, Delphine; Jensen, Thomas; Monfort, Vincent; Pichardie, David; Turpin, Tiphaine

2010-01-01T23:59:59.000Z

183

Java fundamentals i and ii (video training), First edition  

Science Conference Proceedings (OSTI)

Java Fundamentals I and II will show you everything you need to know to start building robust, powerful software with Java SE. This collection provides $2,000 (USD) worth of expert Java training! Your instructor, Paul Deitel, has personally taught Java ...

Paul J. Deitel

2008-02-01T23:59:59.000Z

184

Quantifying software vulnerability  

Science Conference Proceedings (OSTI)

The technique known as ACE Analysis allows researchers to quantify a hardware structure's Architectural Vulnerability Factor (AVF) using simulation. This allows researchers to understand a hardware structure's vulnerability to soft errors and consider ... Keywords: fault tolerance, modeling, soft errors

Vilas Sridharan; David R. Kaeli

2008-05-01T23:59:59.000Z

185

Tornado Vulnerability in Texas  

Science Conference Proceedings (OSTI)

Tornado vulnerability depends on the incidence of and societal exposure to tornadoes for a particular location. This study assesses the vulnerability of Texas counties to tornadoes using tornado incidence and societal exposure composite scores. ...

Richard W. Dixon; Todd W. Moore

2012-01-01T23:59:59.000Z

186

Java persistence with hibernate, Second edition  

Science Conference Proceedings (OSTI)

Persistence -- the ability of data to outlive an instance of a program -- is central to modern applications. Hibernate, the most popular Java persistence tool, provides automatic and transparent object/relational mapping so it's a snap to work with SQL ...

Christian Bauer; Gavin King

2006-11-01T23:59:59.000Z

187

Computer algebra in Java: libraries and scripting  

E-Print Network (OSTI)

We have developed two computer algebra systems (CAS) written in Java [Jolly:2007,Kredel:2006]. The Java libraries can be used as any of the numerous other Java library packages. For the use-case of interactively entering and manipulating mathematical expressions there is a need of a scripting front-end for our libraries. Most other CAS invent and implement their own scripting interface for this purpose. We, however, do not want to reinvent the wheel and propose to use a contemporary scripting language with access to Java code. In this paper we discuss the requirements for a scripting language in computer algebra and check whether the languages Python, Ruby, Groovy and Scala meet these requirements. We conclude, that with minor problems any of these languages is suitable for our purpose.

Jolly, Raphael

2008-01-01T23:59:59.000Z

188

Javarifier : inference of reference immutability in Java  

E-Print Network (OSTI)

Javari is an extension of Java that supports reference immutability constraints. Programmers write Javari type qualifiers, such as the readonly type qualifier, in their programs, and the Javari typechecker detects mutation ...

Quinonez, Jamie

2008-01-01T23:59:59.000Z

189

Verification for Java's Reentrant Multithreading Concept  

Science Conference Proceedings (OSTI)

Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread-classes, allowing for a multithreaded flow of control. the concurrency model offers coordination via lock-synchronization, and communication by ...

Erika Ábrahám-Mumm; Frank S. de Boer; Willem P. de Roever; Martin Steffen

2002-04-01T23:59:59.000Z

190

NSTB Summarizes Vulnerable Areas  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Commonly Found in Energy Control Systems Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. The paper "Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems" describes the vulnerabilities and recommended strategies for mitigating them. It should be of use to asset owners and operators, control system vendors, system integrators, and third-party vendors interested in enhancing the security characteristics of current and future products.

191

Hyper-Threaded Java: Use the Java Concurrency API to Speed Up Time-Consuming Tasks  

SciTech Connect

This is for a Java World article that was already published on Nov 21, 2006. When I originally submitted the draft, Java World wasn't in the available lists of publications. Now that it is, Hanford Library staff recommended that I resubmit so it would be counted. Original submission ID: PNNL-SA-52490

Scarberry, Randy

2006-11-21T23:59:59.000Z

192

Java Jr.: Fully abstract trace semantics for a core Java language.  

E-Print Network (OSTI)

actions which represent interaction across package boundaries. A detailed example based on the Observer, subset of the Java language which allows for the declaration of classes and interfaces in packages. It includes two extensions of Java: it allows for packages to contain object declarations (rather than

Jeffrey, Alan

193

JavaScript Error, Brookhaven National Laboratory (BNL)  

NLE Websites -- All DOE Office Websites (Extended Search)

Web Services Web Services Enabling JavaScript or Active Scripting We're Sorry, you don't seem to have JavaScript enabled in your browser. Some functions in this site may not work properly without it enabled or your web browser is running an older version of JavaScript. Please enabled your JavaScript, then go back and try again or upgrade your browser version to view this web page correctly. Press the button below to see if you have JavaScript enabled. If nothing happened, then it is possible that JavaScript is disabled on your browser. The following instructions shown below describes how to enable JavaScript or Active Scripting in your browser. If your browser isn't listed, please consult its online help pages. JavaScript Test ITD Homepage Need Help? How to Enable JavaScript

194

Philosophy on Vulnerability Assessments  

NLE Websites -- All DOE Office Websites (Extended Search)

capabilities/vat/assess/ capabilities/vat/assess/ ARGONNE NATIONAL LABORATORY, Nuclear Engineering Division, 9700 South Cass Ave., Argonne, IL Philosophy on Vulnerability Assessments Argonne Vulnerability Assessment Team Roger G. Johnston, Ph.D., CPP , 630-252-6168 1. There are a number of conventional tools for finding security vulnerabilities. These include security surveys, risk management, design basis threat, CARVER Method, Delphi Method, software vulnerability assessment tools, infrastructure modeling, etc. 2. These tools have some value, and indeed we have used them all. 3. Experience has shown, however, that these methods do not usually result in dramatic improvements to security, nor do they reliably predict catastrophic security incidents that

195

JR: Flexible Distributed Programming in an Extended Java  

Science Conference Proceedings (OSTI)

Abstract: Java provides a clean object-oriented programming model and allows for inherently system-independent programs. Unfortunately, Java has a limited concurrency model, providing only threads and remote method invocation (RMI). The JR programming ...

2001-04-01T23:59:59.000Z

196

Inductive Proof Outlines for Exceptions in Multithreaded Java  

Science Conference Proceedings (OSTI)

In this paper we give an operational semantics and introduce an assertional proof system for exceptions in a multithreaded Java sublanguage. Keywords: Java, exceptions, multi-threading, proof systems

Erika Ábrahám; Frank S. de Boer; Willem-Paul de Roever; Martin Steffen

2006-05-01T23:59:59.000Z

197

JR: Flexible distributed programming in an extended Java  

Science Conference Proceedings (OSTI)

Java provides a clean object-oriented programming model and allows for inherently system-independent programs. Unfortunately, Java has a limited concurrency model, providing only threads and remote method invocation (RMI).The JR programming language ... Keywords: Concurrency, Java, SR, concurrent object-oriented programming

Aaron W. Keen; Tingjian Ge; Justin T. Maris; Ronald A. Olsson

2004-05-01T23:59:59.000Z

198

Discrete-event simulation in Java: a practitioner's experience  

Science Conference Proceedings (OSTI)

The experience of a simulation practitioner with development of a new Java simulation engine and its application to a large simulation model is described. Our simulation engine is implemented as a simple extension of the Java programming language and ... Keywords: Java, discrete-event simulation, parallel processing, practitioner, supply chain

D. H. King; Harvey S. Harrison

2010-07-01T23:59:59.000Z

199

Specification and Runtime Verification of Java Card Programs  

Science Conference Proceedings (OSTI)

Java Card is a version of Java developed to run on devices with severe storage and processing restrictions. The applets that run on these devices are frequently intended for use in critical, highly distributed, mobile conditions. They are required to ... Keywords: Compiler, JCML, JML, Java Card, Runtime Verification

Umberto Souza da Costa; Anamaria Martins Moreira; Martin A. Musicante; Plácido A. Souza Neto

2009-07-01T23:59:59.000Z

200

Event Reconstruction for Many-core Architectures using Java  

SciTech Connect

Although Moore's Law remains technically valid, the performance enhancements in computing which traditionally resulted from increased CPU speeds ended years ago. Chip manufacturers have chosen to increase the number of core CPUs per chip instead of increasing clock speed. Unfortunately, these extra CPUs do not automatically result in improvements in simulation or reconstruction times. To take advantage of this extra computing power requires changing how software is written. Event reconstruction is globally serial, in the sense that raw data has to be unpacked first, channels have to be clustered to produce hits before those hits are identified as belonging to a track or shower, tracks have to be found and fit before they are vertexed, etc. However, many of the individual procedures along the reconstruction chain are intrinsically independent and are perfect candidates for optimization using multi-core architecture. Threading is perhaps the simplest approach to parallelizing a program and Java includes a powerful threading facility built into the language. We have developed a fast and flexible reconstruction package (org.lcsim) written in Java that has been used for numerous physics and detector optimization studies. In this paper we present the results of our studies on optimizing the performance of this toolkit using multiple threads on many-core architectures.

Graf, Norman A.; /SLAC

2012-04-19T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

Enterprise JavaBeans 3.1  

Science Conference Proceedings (OSTI)

Learn how to code, package, deploy, and test functional Enterprise JavaBeans with the latest edition of this bestselling guide. Written by the developers of JBoss EJB 3.1, this book not only brings you up to speed on each component type and container ...

Andrew Lee Rubinger; Bill Burke

2010-09-01T23:59:59.000Z

202

Enforcing Secure Object Initialization in Java  

E-Print Network (OSTI)

Sun and the CERT recommend for secure Java development to not allow partially initialized objects to be accessed. The CERT considers the severity of the risks taken by not following this recommendation as high. The solution currently used to enforce object initialization is to implement a coding pattern proposed by Sun, which is not formally checked. We propose a modular type system to formally specify the initialization policy of libraries or programs and a type checker to statically check at load time that all loaded classes respect the policy. This allows to prove the absence of bugs which have allowed some famous privilege escalations in Java. Our experimental results show that our safe default policy allows to prove 91% of classes of java.lang, java.security and javax.security safe without any annotation and by adding 57 simple annotations we proved all classes but four safe. The type system and its soundness theorem have been formalized and machine checked using Coq.

Hubert, Laurent; Monfort, Vincent; Pichardie, David

2010-01-01T23:59:59.000Z

203

JAVA & Parallelism/Real-time systems  

E-Print Network (OSTI)

Windowing Toolkit (AWT) in a memory-efficient way. JAVA Application Environment (JAE) Support enables the same applets and applications to run on other servers or platforms running the JAVA Virtual Machine. CHAPTER 2 Embedded and Real-Time JAVA According to the designers at Sun Microsystems, is JAVA also suitable for Embedded or Real-Time systems. Before proceeding further it is worth trying to define the phrase `real-time system' more precisely. 2.1 Definition of a real-time system There are many interpretations of the exact nature of a real-time system; however, they all have in common the notion of response time, the time taken for the system to generate output from some associated input. The Oxford Dictionary of Computing [48] gives the following definition of a real-time system. A real-time system is... Any system in which the time at which output is produced is significant. This is usually because the input corresponds to some movement in the physical world, and the output ha...

D. F. Nooren

1998-01-01T23:59:59.000Z

204

Automatic translation from Circus to Java  

Science Conference Proceedings (OSTI)

Circus is a combination of Z and CSP that supports the development of state-rich reactive systems based on refinement. In this paper we present JCircus, a tool that automatically translates Circus programs into Java, for the purpose of animation and ...

Angela Freitas; Ana Cavalcanti

2006-08-01T23:59:59.000Z

205

Formal Development of Safe and Secure Java Card Applets  

E-Print Network (OSTI)

This thesis is concerned with different aspects of JAVA CARD application development and use of formal methods in the JAVA CARD world. JAVA CARD is a technology that provides means to program smart (chip) cards with (a subset of) the JAVA language. The use of formal methods in the JAVA CARD context is highly justified due to the criticality of JAVA CARD applications. First of all, JAVA CARD applications are usually security critical (e.g., authentication, electronic cash), second, they are cost critical (i.e. they are distributed in large amounts making updates quite difficult) and finally, they can also be legally critical (e.g., when the digital signature law is considered). Thus the robustness and correctness of JAVA CARD applications should be enforced by the best means possible, i.e. by the use of formal verification techniques. At the same time JAVA CARD seems to be a good target for formal verification—due to the relative simplicity of JAVA CARD applications (as compared to full JAVA), formal verification becomes a feasible and manageable task. In this thesis, we touch upon different

Wojciech Mostowski; Wojciech Mostowski; C Wojciech Mostowski

2005-01-01T23:59:59.000Z

206

IDebug: An Advanced Debugging Framework for Java  

E-Print Network (OSTI)

IDebug, the Infospheres debugging framework, is an advanced debugging framework for Java. This framework provides the standard core debugging and specification constructs such as assertions, debug levels and categories, stack traces, and specialized exceptions. Debugging functionality can be fine-tuned to a per-thread and/or a per-class basis, debugging contexts can be stored to and recovered from persistent storage, and several aspects of the debugging run-time are configurable at the meta-level. Additionally, the framework is designed for extensibility. Planned improvements include support for debugging distributed object systems via currying call stacks across virtual machine contexts and debug information logging with a variety of networking media including unicast, multicast, RMI, distributed events, and JavaSpaces. Finally, we are adding support for debugging mobile agent systems by providing mobile debug logs. 1 Introduction Programming technologies have evolved greatly over th...

Joseph R. Kiniry

1998-01-01T23:59:59.000Z

207

System Assurance: Beyond Detecting Vulnerabilities, 1st edition  

Science Conference Proceedings (OSTI)

In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable ...

Nikolai Mansourov; Djenana Campara

2010-12-01T23:59:59.000Z

208

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

209

The New Sundanese Peasants' Union: Peasant Movements, Changes in Land Control, and Agrarian Questions in Garut, West Java  

E-Print Network (OSTI)

of the Association of West Java Plantations; and Ir. H.Questions in Garut, West Java *) Noer Fauzi Berkeleyorganization in West Java, Indonesia, was extraordinarily

Fauzi, Noer

2005-01-01T23:59:59.000Z

210

Energy vulnerability relationships  

Science Conference Proceedings (OSTI)

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

211

Plutonium Vulnerability Management Plan  

Science Conference Proceedings (OSTI)

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

212

Redefining Agrarian Power: Resurgent Agrarian Movements in West Java, Indonesia  

E-Print Network (OSTI)

Movements in West Java, Indonesia Suraya Afiff Noer Fauzienvironmental change in Indonesia since 1985. She receivedenvironmental change in Indonesia since the 1990s. In Fall

Afiff, Suraya; Fauzi, Noer; Hart, Gillian; Ntsebeza, Lungisile; Peluso, Nancy

2005-01-01T23:59:59.000Z

213

OpenMath and Java for Math Education - CECM  

E-Print Network (OSTI)

The intent of this web page is to organize resources and information related to the development of OpenMath compliant Java based web applications for math ...

214

Main-Memory Management to Support Orthogonal Persistence for Java  

E-Print Network (OSTI)

Daynes,L. Atkinson,M.P. Proceedings of the Second International Workshop on Persistence and Java pp 37-60

Daynes, L.

215

Instructional JAVA modules based on molecular simulation - TMS  

Science Conference Proceedings (OSTI)

Nov 9, 2007 ... This website contains a selection of instructional JAVA modules designed to increase understanding of molecular simulations and molecular ...

216

RTZen: Highly Predictable, Real-time Java Middleware for Distributed and Embedded Systems  

E-Print Network (OSTI)

Real-Time Speci?cation for Java. Addison-Wesley (2000) 8.Vitek, J. : Real-time java scoped memory: Design patternsof the jRate Real-Time Java Implementation. In Meersman,

Raman, Krishna; Zhang, Yue; Panahi, Mark; Colmenares, Juan A; Klefstad, Raymond; Harmon, Trevor

2005-01-01T23:59:59.000Z

217

Review of Correspondence Analysis and Data Coding with Java and R  

E-Print Network (OSTI)

and Data Coding with Java and R Fionn Murtagh Chapman &Analysis and Data Coding with Java and R The book is modernexamples done in both R and Java. But again, in this respect

de Leeuw, Jan

2005-01-01T23:59:59.000Z

218

V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code March 5, 2013 - 12:53am Addthis PROBLEM: Oracle Java...

219

Review of Correspondence Analysis and Data Coding with Java and R  

E-Print Network (OSTI)

and Data Coding with Java and R Fionn Murtagh Chapman &Analysis and Data Coding with Java and R The book is modernexamples done in both R and Java. But again, in this respect

Jan de Leeuw

2011-01-01T23:59:59.000Z

220

Vulnerability due to Nocturnal Tornadoes  

Science Conference Proceedings (OSTI)

This study investigates the human vulnerability caused by tornadoes that occurred between sunset and sunrise from 1880 to 2007. Nocturnal tornadoes are theorized to enhance vulnerability because they are difficult to spot and occur when the ...

Walker S. Ashley; Andrew J. Krmenec; Rick Schwantes

2008-10-01T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

T-606: Sun Java System Access Manager Lets Remote Users Partially...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

06: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data T-606: Sun Java System Access Manager Lets Remote...

222

Another step towards a smart compilation manager for Java  

Science Conference Proceedings (OSTI)

In a recent work we have proposed a compilation strategy (that is, a way to decide which unchanged sources have to be recompiled) for a substantial subset of Java which has been shown to be sound and minimal. That is, an unchanged source ... Keywords: Java, separate compilation

G. Lagorio

2004-03-01T23:59:59.000Z

223

Object Oriented Verification Kernels for Secure Java Applications  

Science Conference Proceedings (OSTI)

This paper presents an approach to the verification of large Java programs. The focus lies on programs that implement a distributed communicating system e.g. in a Mor E-Commerce scenario. When trying to verify such programs, thousands of Java classes ...

Holger Grandy; Kurt Stenzel; Wolfgang Reif

2005-09-01T23:59:59.000Z

224

Proceedings of the Second International Workshop on Persistence and Java  

Science Conference Proceedings (OSTI)

These proceedings record the Second International Workshop on Persistence and Java, that was held in Half Moon Bay in the San Francisco Bay Area, in August 1997. The focus of the workshop series is the relationship between the Java platform and longterm ...

Malcolm Atkinson; Mick Jordan

1997-12-01T23:59:59.000Z

225

RTVR: a flexible java library for interactive volume rendering  

Science Conference Proceedings (OSTI)

This paper presents several distinguishing design features of RTVR - a Java-based library for real-time volume rendering. We describe, how the careful design of data structures, which in our case are based on voxel enumeration, and an intelligent use ... Keywords: interactive volume visualization, internet-based visualization, java

Lukas Mroz; Helwig Hauser

2001-10-01T23:59:59.000Z

226

JAVA SWING-BASED PLOTTING PACKAGE RESIDING WITHIN XAL  

Science Conference Proceedings (OSTI)

A data plotting package residing in the XAL tools set is presented. This package is based on Java SWING, and therefore it has the same portability as Java itself. The data types for charts, bar-charts, and color-surface plots are described. The algorithms, performance, interactive capabilities, limitations, and the best usage practices of this plotting package are discussed.

Shishlo, Andrei P [ORNL; Chu, Paul [Stanford University; Pelaia II, Tom [ORNL

2007-01-01T23:59:59.000Z

227

Groebner bases in Java with applications in computer graphics  

E-Print Network (OSTI)

In this paper we present a Java implementation of the algorithm that computes Buchbereger's and reduced Groebner's basis step by step. The Java application enables graphical representation of the intersection of two surfaces in 3-dimensional space and determines conditions of existence and planarity of the intersection.

Malesevic, Branko; Campara, Milan

2010-01-01T23:59:59.000Z

228

Towards a program logic for JavaScript  

Science Conference Proceedings (OSTI)

JavaScript has become the most widely used language for client-side web programming. The dynamic nature of JavaScript makes understanding its code notoriously difficult, leading to buggy programs and a lack of adequate static-analysis tools. We believe ... Keywords: javascript, separation logic, web

Philippa Anne Gardner; Sergio Maffeis; Gareth David Smith

2012-01-01T23:59:59.000Z

229

CS1, arcade games and the free Java book  

Science Conference Proceedings (OSTI)

Computer game programming has been adopted by some instructors and schools in an effort to motivate students and make the learning more relevant to the student's world than the console programs many of their instructors learned with. This paper describes ... Keywords: acm java, cs1, free java book, games

Daniel L. Schuster

2010-03-01T23:59:59.000Z

230

Reflexes: Abstractions for integrating highly responsive tasks into Java applications  

Science Conference Proceedings (OSTI)

Achieving submillisecond response times in a managed language environment such as Java or C# requires overcoming significant challenges. In this article, we propose Reflexes, a programming model and runtime system infrastructure that lets developers ... Keywords: Java virtual machine, Real-time systems, memory management

Jesper Honig Spring; Filip Pizlo; Jean Privat; Rachid Guerraoui; Jan Vitek

2010-08-01T23:59:59.000Z

231

Software application implement in java for electrical lines dimensioning  

Science Conference Proceedings (OSTI)

In this paper it was present a software package implemented in java useful for dimensioning of low voltage lines mono phase and three phases (AC and DC). The modeled networks are tree type. This software with graphical user interface allows the estimation ... Keywords: computer software, electrical lines, java, optimal dimensioning

Cristian Abrudean; Manuela Panoiu

2008-11-01T23:59:59.000Z

232

Java-Applet For Radio Spectra Analysis  

E-Print Network (OSTI)

New services for Clusters of Galaxies Database created in the Astronomical Institute of SPbU have been constructed. The detailed description of database and its content is available at http://www.astro.spbu.ru/CLUSTERS/. The information contained in the database can be used for solution of the specific astronomical problems. One of these problems is the researches of radio emission spectra of clusters' objects. The researches can give help in solution of the problems of origin and evolution of extragalactic radio sources. Spectra of radio galaxies contain important information about radio power in the processes responsible for their activity. This report presents the software for the database that provides work with radio spectra of extragalactic sources. This client-application has been released as the Java-applet and thus provides a Web based interface that is supported on many operating systems. The facilities of the applet such as approximations of spectra measurement points and calculation of spectral parameters are illustrated in the report. Also we demonstrate new version of the application that realized on Java2 and gave access to additional functions such as printing.

A. S. Trushkina; A. G. Gubanov

2000-12-29T23:59:59.000Z

233

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Drupal Secure Password Hashes Module Security Bypass 74: Drupal Secure Password Hashes Module Security Bypass Vulnerability T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability July 22, 2011 - 3:00pm Addthis PROBLEM: Drupal Secure Password Hashes Module Security Bypass Vulnerability PLATFORM: Drupal Secure Password Hashes 6.X-1.0 Drupal Secure Password Hashes 5.X-1.4 ABSTRACT: The Secure Password Hashes module for Drupal is prone to a security-bypass vulnerability. reference LINKS: Drupal Homepage SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities IMPACT ASSESSMENT: Medium Discussion: This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the {users} database column but does not replace the pass attribute of the account

234

Guide to Critical Infrastructure Protection Cyber Vulnerability...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized...

235

Security Automation and the National Vulnerability Database  

Science Conference Proceedings (OSTI)

... 6 Page 7. National Vulnerability Database Role Receive CVE ... Environmental Integrity ... Use Case: Vulnerability Management CVE 2012-3544 30 ...

2013-06-05T23:59:59.000Z

236

HEPA Filter Vulnerability Assessment  

SciTech Connect

This assessment of High Efficiency Particulate Air (HEPA) filter vulnerability was requested by the USDOE Office of River Protection (ORP) to satisfy a DOE-HQ directive to evaluate the effect of filter degradation on the facility authorization basis assumptions. Within the scope of this assessment are ventilation system HEPA filters that are classified as Safety-Class (SC) or Safety-Significant (SS) components that perform an accident mitigation function. The objective of the assessment is to verify whether HEPA filters that perform a safety function during an accident are likely to perform as intended to limit release of hazardous or radioactive materials, considering factors that could degrade the filters. Filter degradation factors considered include aging, wetting of filters, exposure to high temperature, exposure to corrosive or reactive chemicals, and exposure to radiation. Screening and evaluation criteria were developed by a site-wide group of HVAC engineers and HEPA filter experts from published empirical data. For River Protection Project (RPP) filters, the only degradation factor that exceeded the screening threshold was for filter aging. Subsequent evaluation of the effect of filter aging on the filter strength was conducted, and the results were compared with required performance to meet the conditions assumed in the RPP Authorization Basis (AB). It was found that the reduction in filter strength due to aging does not affect the filter performance requirements as specified in the AB. A portion of the HEPA filter vulnerability assessment is being conducted by the ORP and is not part of the scope of this study. The ORP is conducting an assessment of the existing policies and programs relating to maintenance, testing, and change-out of HEPA filters used for SC/SS service. This document presents the results of a HEPA filter vulnerability assessment conducted for the River protection project as requested by the DOE Office of River Protection.

GUSTAVSON, R.D.

2000-05-11T23:59:59.000Z

237

RTJBench: A RealTime Java Benchmarking Framework  

E-Print Network (OSTI)

Abstract. The paper gives an overview of RTJBench, a framework designed to assist in the task of benchmarking programs written in the Real-Time Specification for Java, but with potentially more general applicability. RTJBench extends the JUnit framework for unit testing of Java applications with tools for real-time environment configuration, simple data processing and configurable graphical presentation services. We present design principles of RTJBench and give an example of a benchmarking suite we have been using for daily regression benchmarking of the Open Virtual Machine. Keywords: Benchmarking, regression benchmarking, Real-Time Specification for Java

Marek Prochazka; Andrey Madan; Jan Vitek; Wenchang Liu

2004-01-01T23:59:59.000Z

238

Prototyping Faithful Execution in a Java virtual machine.  

SciTech Connect

This report presents the implementation of a stateless scheme for Faithful Execution, the design for which is presented in a companion report, ''Principles of Faithful Execution in the Implementation of Trusted Objects'' (SAND 2003-2328). We added a simple cryptographic capability to an already simplified class loader and its associated Java Virtual Machine (JVM) to provide a byte-level implementation of Faithful Execution. The extended class loader and JVM we refer to collectively as the Sandia Faithfully Executing Java architecture (or JavaFE for short). This prototype is intended to enable exploration of more sophisticated techniques which we intend to implement in hardware.

Tarman, Thomas David; Campbell, Philip LaRoche; Pierson, Lyndon George

2003-09-01T23:59:59.000Z

239

Object-Oriented Programming 2CSE 1325: Object-Oriented Programming in Java  

E-Print Network (OSTI)

1 Object-Oriented Programming in Java 2CSE 1325: Object-Oriented Programming in Java Take control, practice! #12;2 3CSE 1325: Object-Oriented Programming in Java Course Contents · Introduction to object-oriented large, high-quality software systems. 4CSE 1325: Object-Oriented Programming in Java Buzzwords

Lei, Jeff Yu

240

FAMIX Java language plugin 1.0 Author Sander Tichelaar (tichel@iam.unibe.ch)  

E-Print Network (OSTI)

packages in Java map directly to the directory structure of source code, i.e. the source code for a certain parameters and local variables 1.1.x ­> 1.2.x: ­ Addition of a new keyword (strictfp) #12; 3.2 Package (interpreted) Package Figure 2: Package A Package maps in Java to the Java package construct. Packages in Java

Nierstrasz, Oscar

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

A Deductive Proof System for Multithreaded Java with Exceptions  

Science Conference Proceedings (OSTI)

Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread-classes, allowing for a multithreaded flow of control. Besides that, the language offers a flexible exception mechanism for handling errors or ...

Erika Ábrahám; Frank S. de Boer; Willem-Paul de Roever; Martin Steffen

2008-07-01T23:59:59.000Z

242

Visualising Memory Graphs: Interactive Debugging using Java3D  

E-Print Network (OSTI)

that three dimensional visualisation cau be a useful tool for debugging, program analysis, and a viable - 3D Modelling in Java 6 3 Requirements 9 4 Design 10 4.1 Preliminaries 10 4.1.1 Creating

Oxford, University of

243

A Deductive Proof System for Multithreaded Java with Exceptions  

Science Conference Proceedings (OSTI)

Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread-classes, allowing for a multithreaded flow of control. Besides that, the language offers a flexible exception mechanism for handling errors or ...

Erika Ábrahám; Frank S. de Boer; Willem-Paul de Roever; Martin Steffen

2008-12-01T23:59:59.000Z

244

Java Automation Controller and Real-Time Systems  

NLE Websites -- All DOE Office Websites (Extended Search)

Java Automation Controller and Real-Time Systems Java Automation Controller and Real-Time Systems Speaker(s): Greg Bollella Date: June 29, 2009 - 12:00pm Location: 90-3122 Java has always been a disruptive technology and now it is breaking the mold in industrial, process, building, and transportation automation systems. For many years, programmable logic controllers (PLCs), the digital versions of old relay-based control systems (such as that used in the NYC Subway system in the late 1800s) have primarily controlled these systems. PLCs are the workhorses of the controls industry but the market is characterized by proprietary, closed, expensive, special-purpose solutions. A Java-based automation controller breaks the mold by allowing control algorithms, which require strict real-time capabilities, to run on

245

Pointer analysis for Java programs : novel techniques and applications  

E-Print Network (OSTI)

This dissertation presents a pointer analysis for Java programs, together with several practical analysis applications. For each program point, the analysis is able to construct a points-to graph that describes how local ...

S?lcianu, Alexandru D. (Alexandru Doru), 1975-

2006-01-01T23:59:59.000Z

246

Implementing fast javaTM monitors with relaxed-locks  

Science Conference Proceedings (OSTI)

The JavaTM Programming Language permits synchronization operations (lock, unlock, wait, notify) on any object. Synchronization is very common in applications and is endemic in the library code upon which applications depend. It is therefore ...

David Dice

2001-04-01T23:59:59.000Z

247

Automatic certification of Java source code in rewriting logic  

Science Conference Proceedings (OSTI)

In this paper we propose an abstract certification techniquefor Java which is based on rewriting logic, a very general logical and semanticframework efficiently implemented in the functional programminglanguage Maude. Starting from a specification of ...

Mauricio Alba-Castro; María Alpuente; Santiago Escobar

2007-07-01T23:59:59.000Z

248

Predictability of Java Monsoon Rainfall Anomalies: A Case Study  

Science Conference Proceedings (OSTI)

A substantial portion of the interannual variability of rainfall at Jakarta, Java, can be predicted from antecedent pressure anomalies at Darwin, northern Australia; the pressure persistence, the concurrent correlation of pressure and rainfall, ...

Stefan Hastenrath

1987-01-01T23:59:59.000Z

249

Swizzle barrier optimizations for orthogonal persistence in Java  

E-Print Network (OSTI)

Brahnmath,K. Nystrom,N. Hosking,A.L. Cutts,Q.I. Proceedings of the Third International Workshop on Persistence and Java (Tiburon, California, September 1998), Advances in Persistent Object Systems pp 268-278 Morgan Kaufmann

Brahnmath, K.; Nystrom, N.; Hosking, A.L.; Cutts, Q.I.

250

Refactoring Sequential Java Code for Concurrency via Concurrent Libraries  

E-Print Network (OSTI)

Parallelizing existing sequential programs to run efficiently on multicores is hard. The Java 5 packagejava.util.concurrent (j.u.c.) supports writing concurrent programs: much of the complexity of writing threads-safe and ...

Ernst, Michael D.

2008-09-30T23:59:59.000Z

251

Analysing, Profiling and Optimising Orthogonal Persistence for Java  

E-Print Network (OSTI)

Cutts,Q.I. Hosking,A. Proceedings of the Second International Workshop on Persistence and Java (PJW2), Half Moon Bay, CA, USA (Atkinson, M., Jordan, M. Eds) pp 107-115 Sun Microsystems Inc.

Cutts, Q.I.

252

Java Performance for Scientific Applications on LLNL Computer Systems  

Science Conference Proceedings (OSTI)

Languages in use for high performance computing at the laboratory--Fortran (f77 and f90), C, and C++--have many years of development behind them and are generally considered the fastest available. However, Fortran and C do not readily extend to object-oriented programming models, limiting their capability for very complex simulation software. C++ facilitates object-oriented programming but is a very complex and error-prone language. Java offers a number of capabilities that these other languages do not. For instance it implements cleaner (i.e., easier to use and less prone to errors) object-oriented models than C++. It also offers networking and security as part of the language standard, and cross-platform executables that make it architecture neutral, to name a few. These features have made Java very popular for industrial computing applications. The aim of this paper is to explain the trade-offs in using Java for large-scale scientific applications at LLNL. Despite its advantages, the computational science community has been reluctant to write large-scale computationally intensive applications in Java due to concerns over its poor performance. However, considerable progress has been made over the last several years. The Java Grande Forum [1] has been promoting the use of Java for large-scale computing. Members have introduced efficient array libraries, developed fast just-in-time (JIT) compilers, and built links to existing packages used in high performance parallel computing.

Kapfer, C; Wissink, A

2002-05-10T23:59:59.000Z

253

Org.Lcsim: Event Reconstruction in Java  

SciTech Connect

Maximizing the physics performance of detectors being designed for the International Linear Collider, while remaining sensitive to cost constraints, requires a powerful, efficient, and flexible simulation, reconstruction and analysis environment to study the capabilities of a large number of different detector designs. The preparation of Letters Of Intent for the International Linear Collider involved the detailed study of dozens of detector options, layouts and readout technologies; the final physics benchmarking studies required the reconstruction and analysis of hundreds of millions of events. We describe the Java-based software toolkit (org.lcsim) which was used for full event reconstruction and analysis. The components are fully modular and are available for tasks from digitization of tracking detector signals through to cluster finding, pattern recognition, track-fitting, calorimeter clustering, individual particle reconstruction, jet-finding, and analysis. The detector is defined by the same xml input files used for the detector response simulation, ensuring the simulation and reconstruction geometries are always commensurate by construction. We discuss the architecture as well as the performance.

Graf, Norman A.; /SLAC

2012-04-19T23:59:59.000Z

254

V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: RealPlayer MP4 Processing Buffer Overflow Vulnerability 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when processing MP4 files and can be exploited to cause a heap-based buffer overflow via a specially crafted MP4 file. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 16.0.1.18. Addthis Related Articles U-042: Mac RealPlayer Multiple Vulnerabilities V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

255

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE))

The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides...

256

NSTB Summarizes Vulnerable Areas | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. NSTB Summarizes Vulnerable Areas More Documents & Publications...

257

A Political Ecology of the Citarum River Basin: Exploring "Integrated Water Resources Management" in West Java, Indonesia  

E-Print Network (OSTI)

Management” in West Java, Indonesia By Jenna CavelleBandung in the province of West Java 1 . From here the rivermakes its exodus at the Java Sea slightly east of Indonesia’

Cavelle, Jenna

2013-01-01T23:59:59.000Z

258

Power, Labor, and Livelihood: Processes of Change in Rural Java: Notes and Reflections on a Village Revisited  

E-Print Network (OSTI)

two upland villages in Central Java. We returned to one ofDevelopment in Rural Java: A Study of the OrganizationalKecamatan Cibadak, West Java, and Kecamatan Kendal, Central

Hart, Gillian

2004-01-01T23:59:59.000Z

259

Energy Spending and Vulnerable Households  

E-Print Network (OSTI)

 off than before. In particular large households with low  incomes seem to have been adversely affected by the new tariff structures since  they have comparably large energy expenditure (Bennet et al., 2002).    5. Vulnerable Households and Energy Spending  The...  tariffs can play an important part in the public debate  on  eradicating  fuel  poverty  and  helping  the  vulnerable  households.  Smart  metering  can  provide  consumers  with  information  on  the  actual  energy  consumption and might  lead  to...

Jamasb, Tooraj; Meier, Helena

2011-01-26T23:59:59.000Z

260

Translating Nondeterministic Functional Language based on Attribute Grammars into Java  

E-Print Network (OSTI)

Knowledge-based systems are suitable for realizing advanced functions that require domain-specific expert knowledge, while knowledge representation languages and their supporting environments are essential for realizing such systems. Although Prolog is useful and effective in realizing such a supporting environment, the language interoperability with other implementation languages, such as Java, is often an important issue in practical application development. This paper describes the techniques for translating a knowledge representation language that is a nondeterministic functional language based on attribute grammars into Java. The translation is based on binarization and the techniques proposed for Prolog to Java translation although the semantics are different from those of Prolog. A continuation unit is introduced to handle continuation efficiently, while the variable and register management on backtracking is simplified by using the single and unidirectional assignment features of variables. An experim...

Umeda, Masanobu; Sone, Hiroaki; Katamine, Keiichi

2011-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

Jeannie: Granting Java native interface developers their wishes  

E-Print Network (OSTI)

Higher-level languages interface with lower-level languages such as C to access platform functionality, reuse legacy libraries, or improve performance. This raises the issue of how to best integrate different languages while also reconciling productivity, safety, portability, and efficiency. This paper presents Jeannie, a new language design for integrating Java with C. In Jeannie, both Java and C code are nested within each other in the same file and compile down to JNI, the Java platform’s standard foreign function interface. By combining the two languages ’ syntax and semantics, Jeannie eliminates verbose boiler-plate code, enables static error detection across the language boundary, and simplifies dynamic resource management. We describe the Jeannie language and its compiler, while also highlighting lessons from composing two mature programming languages.

Martin Hirzel; Robert Grimm

2007-01-01T23:59:59.000Z

262

Add Java extensions to your wiki: Java applets can bring dynamic functionality to your wiki pages  

SciTech Connect

Virtually everyone familiar with today’s world wide web has encountered the free online encyclopedia Wikipedia many times. What you may not know is that Wikipedia is driven by an excellent open-source product called MediaWiki which is available to anyone for free. This has led to a proliferation of wiki sites devoted to just about any topic one can imagine. Users of a wiki can add content -- all that is required of them is that they type in their additions into their web browsers using the simple markup language called wikitext. Even better, the developers of wikitext made it extensible. With a little server-side development of your own, you can add your own custom syntax. Users aware of your extensions can then utilize them on their wiki pages with a few simple keystrokes. These extensions can be custom decorations, formatting, web applications, and even instances of the venerable old Java applet. One example of a Java applet extension is the Jmol extension (REF), used to embed a 3-D molecular viewer. This article will walk you through the deployment of a fairly elaborate applet via a MediaWiki extension. By no means exhaustive -- an entire book would be required for that -- it will demonstrate how to give the applet resize handles using using a little Javascript and CSS coding and some popular Javascript libraries. It even describes how a user may customize the extension somewhat using a wiki template. Finally, it explains a rudimentary persistence mechanism which allows applets to save data directly to the wiki pages on which they reside.

Scarberry, Randall E.

2008-08-12T23:59:59.000Z

263

V-143: Fresh Java issues being exploited in the wild | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Fresh Java issues being exploited in the wild 3: Fresh Java issues being exploited in the wild V-143: Fresh Java issues being exploited in the wild April 26, 2013 - 6:00am Addthis PROBLEM: A new Metasploit module for the Java 7u17 sandbox bypass emerged PLATFORM: All versions of Java SE-7 (including the recently released 1.7.0_21-b11) ABSTRACT: Java issues are being exploited in the wild by exploit kits, with Cool and Redkit specifically being known to use these bugs, and others likely to follow shortly. REFERENCE LINKS: SecList SE-2012-01 Security Explorations IMPACT ASSESSMENT: Medium DISCUSSION: It can be used to achieve a complete Java security sandbox bypass on a target system. IMPACT: Manipulation of data System access SOLUTION: Vendor recommends patch systems immediately Addthis Related Articles V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary

264

V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am...

265

JACK: a tool for validation of security and behaviour of Java applications  

Science Conference Proceedings (OSTI)

We describe the main features of JACK (Java Applet Correctness Kit), a tool for the validation of Java applications, annotated with JML specifications. JACK has been especially designed to improve the quality of trusted personal device applications. ...

Gilles Barthe; Lilian Burdy; Julien Charles; Benjamin Grégoire; Marieke Huisman; Jean-Louis Lanet; Mariela Pavlova; Antoine Requet

2006-11-01T23:59:59.000Z

266

V-072: Red Hat update for java-1.7.0-openjdk | Department of...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: Red Hat update for java-1.7.0-openjdk V-072: Red Hat update for java-1.7.0-openjdk January 18, 2013 - 6:00am Addthis PROBLEM: Red Hat has issued an update for...

267

Concurrencer: a tool for retrofitting concurrency into sequential Java applications via concurrent libraries  

E-Print Network (OSTI)

Parallelizing existing sequential programs to run efficiently on multicores is hard. The Java 5 package java.util.concurrent (j.u.c.) supports writing concurrent programs. To use this package, programmers still need to ...

Dig, Danny

268

6.092 Introduction to Software Engineering in Java, January (IAP) 2009  

E-Print Network (OSTI)

This course is an introduction to Java programming and software engineering. It is designed for those who have little or no programming experience in Java and covers concepts useful to 6.005. The focus is on developing ...

Jones, Evan

269

A Progressive Network Management Architecture Enabled By Java Technology  

E-Print Network (OSTI)

This paper proposes a framework based completely on Java technology. The advantages brought about by the use of Java in network management answer some critical problems existing in current systems. With this work we address several factors concerning interoperability and security in heterogeneous network environments. Specifically, we present a manager application and a multithreaded agent engine that make use of a lightweight communication mechanism for message exchange. A MIB parser is introduced to accelerate handling of incoming management requests, and the RSA public-key cryptosystem is implemented to provide both encryption and authentication features. Results, measured in terms of response time, compare favourably with other published work and standard management frameworks.

Gavalas, Damianos; Ghanbari, Mohammed; O'Mahony, Mike

2010-01-01T23:59:59.000Z

270

Implementing the Gaia Astrometric Global Iterative Solution (AGIS) in Java  

E-Print Network (OSTI)

This paper provides a description of the Java software framework which has been constructed to run the Astrometric Global Iterative Solution for the Gaia mission. This is the mathematical framework to provide the rigid reference frame for Gaia observations from the Gaia data itself. This process makes Gaia a self calibrated, and input catalogue independent, mission. The framework is highly distributed typically running on a cluster of machines with a database back end. All code is written in the Java language. We describe the overall architecture and some of the details of the implementation.

O'Mullane, William; Lindegren, Lennart; Hernandez, Jose; Hobbs, David

2011-01-01T23:59:59.000Z

271

Object-oriented Programming Laws for Annotated Java Programs  

E-Print Network (OSTI)

Object-oriented programming laws have been proposed in the context of languages that are not combined with a behavioral interface specification language (BISL). The strong dependence between source-code and interface specifications may cause a number of difficulties when transforming programs. In this paper we introduce a set of programming laws for object-oriented languages like Java combined with the Java Modeling Language (JML). The set of laws deals with object-oriented features taking into account their specifications. Some laws deal only with features of the specification language. These laws constitute a set of small transformations for the development of more elaborate ones like refactorings.

Freitas, Gabriel Falconieri; Massoni, Tiago; Gheyi, Rohit; 10.4204/EPTCS.21.6

2010-01-01T23:59:59.000Z

272

A Non-Null Annotation Inferencer for Java Bytecode  

E-Print Network (OSTI)

We present a non-null annotations inferencer for the Java bytecode language. We previously proposed an analysis to infer non-null annotations and proved it soundness and completeness with respect to a state of the art type system. This paper proposes extensions to our former analysis in order to deal with the Java bytecode language. We have implemented both analyses and compared their behaviour on several benchmarks. The results show a substantial improvement in the precision and, despite being a whole-program analysis, production applications can be analyzed within minutes.

Hubert, Laurent

2010-01-01T23:59:59.000Z

273

Java+ITP: A Verification Tool Based on Hoare Logic and Algebraic Semantics  

Science Conference Proceedings (OSTI)

Java+ITP is an experimental tool for the verification of properties of a sequential imperative subset of the Java language. It is based on an algebraic continuation passing style (CPS) semantics of this fragment as an equational theory in Maude. It supports ... Keywords: Hoare logic, Java, algebraic semantics, program verification

Ralf Sasse; José Meseguer

2007-07-01T23:59:59.000Z

274

JCML: A specification language for the runtime verification of Java Card programs  

Science Conference Proceedings (OSTI)

Java Card is a version of Java developed to run on devices with severe storage and processing restrictions. The applets that run on these devices are frequently intended for use in critical, highly distributed, mobile conditions. They are required to ... Keywords: JCML, JML, Java Card, Runtime verification

Umberto Souza da Costa; Anamaria Martins Moreira; Martin A. Musicante; Plácido A. Souza Neto

2012-04-01T23:59:59.000Z

275

Development of Java multi-threaded simulation for chemical reacting flow of ethanol  

Science Conference Proceedings (OSTI)

Multi-threading in Java enhances computational performance and facilitates the development of parallel software. To obtain high performance on multi-core systems, this study develops a multi-threaded simulation code using Java for the chemical reacting ... Keywords: Benchmark, Chemical reaction, Computational fluid dynamics, Ethanol detonation, Java, Multi-thread

E. Yamada; T. Shimada; A. K. Hayashi

2012-12-01T23:59:59.000Z

276

The Use of Java in High Performance Computing: A Data Mining Example  

E-Print Network (OSTI)

The Use of Java in High Performance Computing: A Data Mining Example David Walker and Omer Rana in high performance computing is discussed with particular reference to the efforts of the Java Grande Java, Parallel Computing, Neu­ ral Networks, Distributed Objects 1 Introduction High performance

Walker, David W.

277

V-137: Apple Mac OS X update for Java | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apple Mac OS X update for Java V-137: Apple Mac OS X update for Java April 18, 2013 - 6:00am Addthis PROBLEM: Apple Mac OS X update for Java PLATFORM: Mac OS X 10.6, OS X Lion...

278

Poplar: Java composition with labels and AI planning  

Science Conference Proceedings (OSTI)

Class evolution in object-oriented programming often causes so-called breaking changes, largely because of the rigidity of component interconnections in the form of explicit method calls and field accesses. We present a Java extension, Poplar, which ... Keywords: adaptation, ai planning, code synthesis, components, composition, evolution, object-oriented programming, protocols

Johan T. Nyström Persson; Shinichi Honiden

2011-10-01T23:59:59.000Z

279

Expanding and extending the security features of java  

Science Conference Proceedings (OSTI)

The popularity of the web has had several significant impacts, two of note here: (1) increasing sophistication of web pages, including more regular use of Java and other mobile code, and (2) decreasing average level of sophistication as the user population ...

Nimisha V. Mehta; Karen R. Sollins

1998-01-01T23:59:59.000Z

280

Java^TM RemoteMethod Invocation Specification  

E-Print Network (OSTI)

2.7 Exception Handling in Remote Method Invocation. . . . . 11 2.8 Object Methods Overridden Handling in Remote Method Invocation . Object Methods Overridden by the RemoteObject Class . The Semantics.7 Exception Handling in Remote Method Invocation Since remote methods include java.rmi.Remote

Demurjian, Steven A.

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

A provenly correct translation of Fickle into Java  

Science Conference Proceedings (OSTI)

We present a translation from Fickle, a small object-oriented language allowing objects to change their class at runtime, into Java. The translation is provenly correct in the sense that it preserves the static and dynamic semantics. Moreover, ... Keywords: Type and effect systems, semantics preserving translation

D. Ancona; C. Anderson; F. Damiani; S. Drossopoulou; P. Giannini; E. Zucca

2007-04-01T23:59:59.000Z

282

HEP data analysis using jHepWork and Java  

E-Print Network (OSTI)

A role of Java in high-energy physics and recent progress in development of a platform-independent data-analysis framework, jHepWork, is discussed. The framework produces professional graphics and has many libraries for data manipulation.

Chekanov, S

2008-01-01T23:59:59.000Z

283

A Combined Pointer and Purity Analysis for Java Programs  

E-Print Network (OSTI)

We present a new method purity analysis for Java programs.A method is pure if it does not mutate any location that exists in the program state right before method invocation.Our analysis is built on top of a combined pointer ...

Salcianu, Alexandru

2004-05-17T23:59:59.000Z

284

HEP data analysis using jHepWork and Java  

E-Print Network (OSTI)

A role of Java in high-energy physics and recent progress in development of a platform-independent data-analysis framework, jHepWork, is discussed. The framework produces professional graphics and has many libraries for data manipulation.

S. Chekanov

2008-09-04T23:59:59.000Z

285

jYang : A YANG parser in java  

E-Print Network (OSTI)

The NETCONF con?guration protocol of the IETF Network Work- ing Group provides mechanisms to manipulate the con?guration of network devices. YANG is the language currently under consideration within the IETF to specify the data models to be used in NETCONF . This report describes the design and development of a syntax and semantics parser for YANG in java.

Nataf, Emmanuel

2009-01-01T23:59:59.000Z

286

Refactoring Composite to Visitor and Inverse Transformation in Java  

E-Print Network (OSTI)

We describe how to use refactoring tools to transform a Java program conforming to the Composite design pattern into a program conforming to the Visitor design pattern with the same external behavior. We also describe the inverse transformation. We use the refactoring tools provided by IntelliJ IDEA and Eclipse.

Ajouli, Akram

2011-01-01T23:59:59.000Z

287

HEP data analysis using jHepWork and Java.  

SciTech Connect

A role of Java in high-energy physics (HEP) and recent progress in development of a platform-independent data-analysis framework, jHepWork, is discussed. The framework produces professional graphics and has many libraries for data manipulation.

Chekanov, S.; High Energy Physics

2009-03-23T23:59:59.000Z

288

Supplement V.F: Packages For Introduction to Java Programming  

E-Print Network (OSTI)

. · To protect classes. Packages provide protection so that the protected members of the classes are accessible of the package name and the file system directory structure. For the package named com.prenhall.mypackage, youSupplement V.F: Packages For Introduction to Java Programming By Y. Daniel Liang 1 Introduction

Liang, Y. Daniel

289

Nested parallelism for multi-core HPC systems using Java  

Science Conference Proceedings (OSTI)

Since its introduction in 1993, the Message Passing Interface (MPI) has become a de facto standard for writing High Performance Computing (HPC) applications on clusters and Massively Parallel Processors (MPPs). The recent emergence of multi-core processor ... Keywords: Java MPI, MPJ, MPJ express, Multi-core messaging

Aamir Shafi; Bryan Carpenter; Mark Baker

2009-06-01T23:59:59.000Z

290

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

291

FAMIX Java language plug-in 1.0 Author Sander Tichelaar (tichel@iam.unibe.ch)  

E-Print Network (OSTI)

packages in Java map directly to the directory structure of source code, i.e. the source code for a certain parameters and local variables 1.1.x -> 1.2.x: - Addition of a new keyword (strictfp) #12;3.2 Package (interpreted) Package Figure 2: Package A Package maps in Java to the Java package construct. Packages in Java

Nierstrasz, Oscar

292

Coastal Impacts, Adaptation, and Vulnerabilities  

E-Print Network (OSTI)

· Robert R. Twilley, Louisiana State University · Jordan West, U.S. Environmental Protection Agency Chapter and Restoration Authority of Louisiana · Richard Raynie, Coastal Protection and Restoration Authority of Louisiana.3.7 Emergency Response, Recovery, and Vulnerability Reduction 4.3.8 Coastal and Nearshore Oil and Ga0 4.4 Human

Kossin, James P.

293

Understanding cyber threats and vulnerabilities  

Science Conference Proceedings (OSTI)

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ... Keywords: actor, critical infrastructure, cyber crime, cyber terrorism, cyber threat, cyber vulnerabilities

Eric Luiijf

2012-01-01T23:59:59.000Z

294

Poplar: A Java Extension for Evolvable Component Integration  

E-Print Network (OSTI)

The Java programming language contains many features that aid component-based software development (CBSD), such as interfaces, visibility levels, and strong support for encapsulation. However, component evolution often causes so-called breaking changes, largely because of the rigidity of component interconnections in the form of explicit method calls and field accesses. We present a Java extension, Poplar, which we are currently developing. In Poplar, inter-component dependencies are expressed using declarative queries; concrete linking code, generated using a planning algorithm, replaces these at compile time. Poplar includes a minimal specification language based on typestate-like protocols and labels, and a lightweight effect system, which ensures the absence of unwanted interference between hand-written code and generated code. We give several examples of fully automatic component integration using Poplar, and demonstrate its potential to simplify object-oriented software development greatly through evolv...

Nyström-Persson, Johan

2011-01-01T23:59:59.000Z

295

Java Technology : a Strategic Solution for Interactive Distributed Applications  

E-Print Network (OSTI)

In a world demanding the best performance from financial investments, distributed applications occupy the first place among the proposed solutions. This particularity is due to their distributed architecture which is able to acheives high performance. Currently, many research works aim to develop tools that facilitate the implementation of such applications. The urgent need for such applications in all areas pushes researchers to accelerate this process. However, the lack of standardization results in the absence of strategic decisions taken by computer science community. In this article, we argue that Java technology represents an elegant compromise ahead of the list of the currently available solutions. In fact, by promoting the independence of hardware and software, Java technology makes it possible to overcome pitfalls that are inherent to the creation of distributed applications.

Alustwani, Husam; Mostefaoui, Ahmed; Salomon, Michel

2009-01-01T23:59:59.000Z

296

Creating A Model HTTP Server Program Using java  

E-Print Network (OSTI)

HTTP Server is a computer programs that serves webpage content to clients. A webpage is a document or resource of information that is suitable for the World Wide Web and can be accessed through a web browser and displayed on a computer screen. This information is usually in HTML format, and may provide navigation to other webpage's via hypertext links. WebPages may be retrieved from a local computer or from a remote HTTP Server. WebPages are requested and served from HTTP Servers using Hypertext Transfer Protocol (HTTP). WebPages may consist of files of static or dynamic text stored within the HTTP Server's file system. Client-side scripting can make WebPages more responsive to user input once in the client browser. This paper encompasses the creation of HTTP server program using java language, which is basically supporting for HTML and JavaScript.

Veerasamy, Bala Dhandayuthapani

2010-01-01T23:59:59.000Z

297

NEHRP - Hazard Vulnerability and Disaster Resiliency ...  

Science Conference Proceedings (OSTI)

... Hazard Vulnerability and Disaster Resiliency. 2013. ... gaps for achieving resilience in the ... protection, emergency response, business continuity, and ...

298

V-073: IBM Tivoli Federated Identity Manager Signature Verification...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Web Server HTTP TRACETRACK Support Lets Remote Users Obtain Potentially Sensitive Information V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities...

299

V-073: IBM Tivoli Federated Identity Manager Signature Verification...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities...

300

U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

System Multiple Vulnerabilities U-255: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code...

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Apache OFBiz Cross-Site Scripting and Code Execution 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior versions may also be affected. references LINKS: Vendor Advisory Secunia Advisory 48800 CVE-2012-1621 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised within the "getServerError()" function in checkoutProcess.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code

302

Vulnerability Assessment Team (VAT) - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability Assessment Team Vulnerability Assessment Team VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

303

GIS on the fly » to realize wireless GIS network by Java mobile phone  

E-Print Network (OSTI)

Java cellular phone has arrived in the marketplace as the latest device of a mobile gear. The gear is very compact, allowing 10KB for Java program size and 5KB for data size. Although small in size, it features innovative computer system architecture. Java program can be sent dynamically to the gear in a streaming manner over wireless network. In addition, compared to conventional mobile computers, Java cell phone is very cheap both in hardware price and in communication cost. Java cell phone has an enormous potential as a mobile gear. In this paper, we discuss our trial of constructing a extensive wireless GIS network by utilizing Java cell phone as a GIS terminal. 1.

Shuichi Takino

2001-01-01T23:59:59.000Z

304

Using Java for distributed computing in the Gaia satellite data processing  

E-Print Network (OSTI)

In recent years Java has matured to a stable easy-to-use language with the flexibility of an interpreter (for reflection etc.) but the performance and type checking of a compiled language. When we started using Java for astronomical applications around 1999 they were the first of their kind in astronomy. Now a great deal of astronomy software is written in Java as are many business applications. We discuss the current environment and trends concerning the language and present an actual example of scientific use of Java for high-performance distributed computing: ESA's mission Gaia. The Gaia scanning satellite will perform a galactic census of about 1000 million objects in our galaxy. The Gaia community has chosen to write its processing software in Java. We explore the manifold reasons for choosing Java for this large science collaboration. Gaia processing is numerically complex but highly distributable, some parts being embarrassingly parallel. We describe the Gaia processing architecture and its realisation...

O'Mullane, William; Parsons, Paul; Lammers, Uwe; Hoar, John; Hernandez, Jose

2011-01-01T23:59:59.000Z

305

Java on the MScIT Course at the University of Glasgow  

E-Print Network (OSTI)

Poet,R.R. Belhadj-Mostefa,K. Proceedings of the 4th Java in the Computing Curriculum Conference (South Bank University)

Poet, R.R.; Belhadj-Mostefa, K.; Proceedings of the 4th Java in the Computing Curriculum Conference (South Bank University) [More Details

306

V-028: Splunk Multiple Cross-Site Scripting and Denial of Service  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Splunk Multiple Cross-Site Scripting and Denial of Service 8: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities V-028: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities November 20, 2012 - 2:00am Addthis PROBLEM: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities PLATFORM: Splunk versions 4.3.5 and 5.0 ABSTRACT: Splunk is prone to multiple vulnerabilities REFERENCE LINKS: SecurityTracker Alert ID: 1027785 SecurityTracker Alert ID: 1027784 Bugtraq ID: 56581 Secunia Advisory SA51337 Secunia Advisory SA51351 Splunk Vulnerability Descriptions IMPACT ASSESSMENT: Medium DISCUSSION: Splunk is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions

307

Grain - A Java Analysis Framework for Total Data Readout  

E-Print Network (OSTI)

Grain is a data analysis framework developed to be used with the novel Total Data Readout data acquisition system. In Total Data Readout all the electronics channels are read out asynchronously in singles mode and each data item is timestamped. Event building and analysis has to be done entirely in the software post-processing the data stream. A flexible and efficient event parser and the accompanying software framework have been written entirely in Java. The design and implementation of the software are discussed along with experiences gained in running real-life experiments.

P. Rahkila

2007-11-21T23:59:59.000Z

308

Mining Bug Databases for Unidentified Software Vulnerabilities  

SciTech Connect

Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

2012-06-01T23:59:59.000Z

309

Assessing Network Infrastructure Vulnerabilities to Physical ...  

Science Conference Proceedings (OSTI)

... networks, air traffic control systems, and water distribution systems ... is that we consider the vulnerability to this ... States is buried in the ground within a ...

1999-11-05T23:59:59.000Z

310

Vulnerability analysis of three remote voting methods  

E-Print Network (OSTI)

This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities.

Enguehard, Chantal

2009-01-01T23:59:59.000Z

311

Seals Applications - Vulnerability Assessment Team - Nuclear...  

NLE Websites -- All DOE Office Websites (Extended Search)

Physical Security Maxims Read the Security Maxims Devil's Dictionary of Security Terms For more information: Vulnerability Assessment Section Sect. Manager: Roger G....

312

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

313

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This...

314

Multics Security Evaluation (Volume II): Vulnerability Analysis  

Science Conference Proceedings (OSTI)

Page 1. ESD-TR-74-J93, Vor. II ' MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS Pau r A. Karger, 2Lt ...

2013-04-15T23:59:59.000Z

315

Toward a Resiliency and Vulnerability Observatory Network ...  

Science Conference Proceedings (OSTI)

... is already undertaking extensive investment in its ... vulnerability or more generally, equity, should permeate all ... etc.), parcel and/or tax portfolio data ...

2009-02-05T23:59:59.000Z

316

Exploiting static application knowledge in a Java compiler for embedded systems: a case study  

Science Conference Proceedings (OSTI)

Offering many benefits in terms of productivity and reliability, Java is becoming an attractive choice for the field of embedded computing. However, its programming model that relies on the capabilities of just-in-time compilation limits the opportunities ... Keywords: Java, KESO, embedded systems

Christoph Erhardt; Michael Stilkerich; Daniel Lohmann; Wolfgang Schröder-Preikschat

2011-09-01T23:59:59.000Z

317

Managing programmed instruction and collaborative peer tutoring in the classroom: Applications in teaching JavaTM  

Science Conference Proceedings (OSTI)

To fulfill part of the course requirements, 34 undergraduate students in two courses completed an online programmed instruction tutor as the first technical training exercise in a Java(TM) programming course designed for information systems majors. The ... Keywords: Collaborative peer tutoring, Interteaching, Java training, Programmed instruction

Henry H. Emurian; Heather K. Holden; Rachel A. Abarbanel

2008-03-01T23:59:59.000Z

318

Use of XML and Java for collaborative petroleum reservoir modeling on the Internet  

Science Conference Proceedings (OSTI)

The GEMINI (Geo-Engineering Modeling through INternet Informatics) is a public-domain, web-based freeware that is made up of an integrated suite of 14 Java-based software tools to accomplish on-line, real-time geologic and engineering reservoir modeling. ... Keywords: GEMINI, Java, Petroleum web-based software, Reservoir modeling, Web start, XML

John Victorine; W. Lynn Watney; Saibal Bhattacharya

2005-11-01T23:59:59.000Z

319

Sound-colour synaesthesia, chromatic representation of sounds waves in Java applets  

Science Conference Proceedings (OSTI)

The paper herein presents a way in which sound waves are chromatically represented in Java language. It intends to be, as its' title reveals, an instructional material providing help in developing interactive tools for efficient education in sciences, ... Keywords: RGB light, education, java applets, music, sounds waves

Stela Dragulin; Livia Sangeorzan; Mircea Parpalea

2010-09-01T23:59:59.000Z

320

Using You Tube to enhance student class preparation in an introductory Java course  

Science Conference Proceedings (OSTI)

We provided 21 short YouTube videos for an Introduction to Programming in Java course. Students were surveyed on how often they watched the videos and did the readings, and how much these activites contributed to their learning. When professors ... Keywords: java, videos, youtube

Martin C. Carlisle

2010-03-01T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

SableVM: a research framework for the efficient execution of java bytecode  

Science Conference Proceedings (OSTI)

SableVM is an open-source virtual machine for Java intended as a research framework for efficient execution of Java bytecode. The framework is essentially composed of an extensible bytecode interpreter using state-of-the-art and innovative techniques. ...

Etienne M. Gagnon; Laurie J. Hendren

2001-04-01T23:59:59.000Z

322

9 Modelling the CoCoME with the JAVA/A Component Model  

E-Print Network (OSTI)

-founded and coherent modelling and programming concepts for components: based on sound theoretical foundations it en and a Java-based architectural programming language. 9.1.1 Goals and Scope of the Component Model The JAVA is the representation of software architecture entities in a programming language. For this purpose we introduced

Gilmore, Stephen

323

An evaluation of Java's I/O capabilities for high-performance computing.  

SciTech Connect

Java is quickly becoming the preferred language for writing distributed applications because of its inherent support for programming on distributed platforms. In particular, Java provides compile-time and run-time security, automatic garbage collection, inherent support for multithreading, support for persistent objects and object migration, and portability. Given these significant advantages of Java, there is a growing interest in using Java for high-performance computing applications. To be successful in the high-performance computing domain, however, Java must have the capability to efficiently handle the significant I/O requirements commonly found in high-performance computing applications. While there has been significant research in high-performance I/O using languages such as C, C++, and Fortran, there has been relatively little research into the I/O capabilities of Java. In this paper, we evaluate the I/O capabilities of Java for high-performance computing. We examine several approaches that attempt to provide high-performance I/O--many of which are not obvious at first glance--and investigate their performance in both parallel and multithreaded environments. We also provide suggestions for expanding the I/O capabilities of Java to better support the needs of high-performance computing applications.

Dickens, P. M.; Thakur, R.

2000-11-10T23:59:59.000Z

324

Mechanisms for Secure Modular Programming in Java Lujo Bauer Andrew W. Appel Edward W. Felten  

E-Print Network (OSTI)

structure the interaction between different parts of a program. They must do this not only to protect Java packages, however, is the ability to structure modules so as to provide different views, protected, package-scope, or public) aren't expressive enough, so Java resorts to using a security manager

Appel, Andrew W.

325

Reconstructed streamflow for Citarum River, Java, Indonesia: linkages to tropical climate dynamics  

E-Print Network (OSTI)

Reconstructed streamflow for Citarum River, Java, Indonesia: linkages to tropical climate dynamics Abstract The Citarum river basin of western Java, Indonesia, which supplies water to 10 million residents in drought and flood prone regions of the globe (e.g. Boer 2007). In Indonesia, integrated action is needed

Ummenhofer, Caroline C.

326

Monsoon drought over Java, Indonesia, during the past two centuries Rosanne D'Arrigo,1  

E-Print Network (OSTI)

Monsoon drought over Java, Indonesia, during the past two centuries Rosanne D'Arrigo,1 Rob Wilson,2 reconstruct the boreal autumn (October­November) Palmer Drought Severity Index (PDSI) for Java, Indonesia between the climate of Indonesia and the large scale tropical Indo-Pacific climate system. Citation: D

327

The Java-Sumatra Aerial Mega-Tramway  

E-Print Network (OSTI)

A mega-tramway based on the Indonesian islands of Sumatra and Java is proposed to span Sunda Strait. The Java-Sumatra Aerial Mega-Tramway (JSAMT) will be self-elevating and will regularly and cheaply launch passengers and cargoes via two conveyor belt-like facilities using standard winged shipping containers like those currently used by international trucking and ocean shipping industries that are volplaned across the Sunda Strait. The JSAMT will be a self-sustaining toll facility free of any requirement for international loans or funding guarantees for its construction. Its existence will remove any immediate need for an expensive to dig/maintain Nusantara Tunnel. We offer the formative basic technical specifications for the JSAMT and indicate some of the physical and cultural geographical facts underpinning our macro-engineering proposal; offshoots of a perfected and tested JSAMT may be installed at Palk Strait between India and Sri Lanka, the Gibraltar Strait and the Bering Strait by mid-21st Century.

Alexander Bolonkin; Richard Cathcart

2007-01-09T23:59:59.000Z

328

U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities ...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Skip to main content Energy.gov Office of the Chief Information Officer Search form Search Office of the Chief Information Officer Services Assistive Technology Forms Guidance...

329

V-157: Adobe Reader / Acrobat Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

the Adobe Reader sandbox protection. 5) An unspecified error related to the Javascript API can be exploited to disclose certain information. 6) An unspecified error can be...

330

V-111: Multiple vulnerabilities have been reported in Puppet...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

listening for incoming connections and permission to access the "run" REST endpoint (disabled by default). 4) An error when handling serialized attributes can be exploited to...

331

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

data is viewed. 3) Certain input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4)...

332

Problems in the initial teaching of programming using Java: the case for replacing J2SE with J2ME  

Science Conference Proceedings (OSTI)

In their analysis of the use of Java as a first teaching language, the ACM Java Task Force (JTF) identified a number of issues with the Java language and APIs which caused significant pedagogic problems. The focus of their work, and hence of their characterisation ... Keywords: introductory programming, programming languages

Ian Utting

2006-06-01T23:59:59.000Z

333

V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ownCloud Cross-Site Scripting and File Upload 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

334

Modular Workflow Engine for Distributed Services using Lightweight Java Clients  

E-Print Network (OSTI)

In this article we introduce the concept and the first implementation of a lightweight client-server-framework as middleware for distributed computing. On the client side an installation without administrative rights or privileged ports can turn any computer into a worker node. Only a Java runtime environment and the JAR files comprising the workflow client are needed. To connect all clients to the engine one open server port is sufficient. The engine submits data to the clients and orchestrates their work by workflow descriptions from a central database. Clients request new task descriptions periodically, thus the system is robust against network failures. In the basic set-up, data up- and downloads are handled via HTTP communication with the server. The performance of the modular system could additionally be improved using dedicated file servers or distributed network file systems. We demonstrate the design features of the proposed engine in real-world applications from mechanical engineering. We have used ...

Vetter, R -M; Peetz, J -V

2009-01-01T23:59:59.000Z

335

T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML 8: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities January 5, 2011 - 2:28pm Addthis PROBLEM: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities PLATFORM: Mozilla Firefox 3.5.11 - 3.6.10, Mozilla SeaMonkey 2.0 - 2.0.9 Vulnerable Platforms Details ABSTRACT: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the

336

StrBioLib: a Java library for development of custom computationalstructural biology applications  

SciTech Connect

Summary: StrBioLib is a library of Java classes useful fordeveloping software for computational structural biology research.StrBioLib contains classes to represent and manipulate proteinstructures, biopolymer sequences, sets of biopolymer sequences, andalignments between biopolymers based on either sequence or structure.Interfaces are provided to interact with commonly used bioinformaticsapplications, including (PSI)-BLAST, MODELLER, MUSCLE, and Primer3, andtools are provided to read and write many file formats used to representbioinformatic data. The library includes a general-purpose neural networkobject with multiple training algorithms, the Hooke and Jeeves nonlinearoptimization algorithm, and tools for efficient C-style string parsingand formatting. StrBioLib is the basis for the Pred2ary secondarystructure prediction program, is used to build the ASTRAL compendium forsequence and structure analysis, and has been extensively tested throughuse in many smaller projects. Examples and documentation are available atthe site below.Availability: StrBioLib may be obtained under the terms ofthe GNU LGPL license from http://strbio.sourceforge.net/Contact:JMChandonia@lbl.gov

Chandonia, John-Marc

2007-05-14T23:59:59.000Z

337

Definitions, Seals - Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Definitions Definitions VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

338

Safety - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety Safety VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

339

Useful Resources- Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Publications Selected Publications VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

340

India-Vulnerability Assessment and Enhancing Adaptive Capacities...  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

342

Election Security - Vulnerability Assessment Team - Nuclear Engineerin...  

NLE Websites -- All DOE Office Websites (Extended Search)

on LinkedIn The Vulnerability Assessment Team has demonstrated easy to execute, non-cyber attacks on two different kinds of electronic voting machines. We believe that too...

343

New York City's Vulnerability to Coastal Flooding  

Science Conference Proceedings (OSTI)

New York City, New York (NYC), is extremely vulnerable to coastal flooding; thus, verification and improvements in storm surge models are needed in order to protect both life and property. This paper highlights the Stony Brook Storm Surge (SBSS) ...

Brian A. Colle; Frank Buonaiuto; Malcolm J. Bowman; Robert E. Wilson; Roger Flood; Robert Hunter; Alexander Mintz; Douglas Hill

2008-06-01T23:59:59.000Z

344

Dynamic Information Flow Analysis for JavaScript in a Web Browser  

E-Print Network (OSTI)

Flow Analysis for JavaScript in a Web Browser by Thomas H.a central technology of the web, but it is also the sourceinformation flows in javascript web applications. In ACM

Austin, Thomas Howard

2013-01-01T23:59:59.000Z

345

Kopitiam: modular incremental interactive full functional static verification of java code  

Science Conference Proceedings (OSTI)

We are developing Kopitiam, a tool to interactively prove full functional correctness of Java programs using separation logic by interacting with the interactive theorem prover Coq. Kopitiam is an Eclipse plugin, enabling seamless integration into the ...

Hannes Mehnert

2011-04-01T23:59:59.000Z

346

Interannual Variability of Sea Surface Temperature off Java and Sumatra in a Global GCM  

Science Conference Proceedings (OSTI)

Using results from the Simple Ocean Data Assimilation (SODA), this study assesses the mixed layer heat budget to identify the mechanisms that control the interannual variation of sea surface temperature (SST) off Java and Sumatra. The analysis ...

Yan Du; Tangdong Qu; Gary Meyers

2008-06-01T23:59:59.000Z

347

Code for Java Libraries for Accessing the Princeton Wordnet: Comparison and Evaluation  

E-Print Network (OSTI)

This archive contains the code and data for running the evaluations described in: Finlayson, Mark Alan (2014) "Java Libraries for Accessing the Princeton Wordnet: comparison and Evaluation" in Proceedings of the 7th Global ...

Finlayson, Mark Alan

2013-11-01T23:59:59.000Z

348

Comparison between CPBPV, ESC/Java, CBMC, Blast, EUREKA and Why for Bounded Program Verification  

E-Print Network (OSTI)

This report describes experimental results for a set of benchmarks on program verification. It compares the capabilities of CPBVP "Constraint Programming framework for Bounded Program Verification" [4] with the following frameworks: ESC/Java, CBMC, Blast, EUREKA and Why.

Collavizza, Hélčne; Van Hentenryck, Pascal

2008-01-01T23:59:59.000Z

349

JConstHide: A Framework for Java Source Code Constant Hiding  

E-Print Network (OSTI)

Software obfuscation or obscuring a software is an approach to defeat the practice of reverse engineering a software for using its functionality illegally in the development of another software. Java applications are more amenable to reverse engineering and re-engineering attacks through methods such as decompilation because Java class files store the program in a semi complied form called byte codes. The existing obfuscation systems obfuscate the Java class files. Obfuscated source code produce obfuscated byte codes and hence two level obfuscation (source code and byte code level) of the program makes it more resilient to reverse engineering attacks . But source code obfuscation is much more difficult due to richer set of programming constructs and the scope of the different variables used in the program and only very little progress has been made on this front. We in this paper are proposing a framework named JConstHide for hiding constants, especially integers in the java source codes, to defeat reverse en...

Sivadasan, Praveen

2009-01-01T23:59:59.000Z

350

Nues ardentes of 22 November 1994 at Merapi volcano, Java, Indonesia E.K Abdurachmanab  

E-Print Network (OSTI)

Nuées ardentes of 22 November 1994 at Merapi volcano, Java, Indonesia E.K Abdurachmanab J Volcanological Survey of Indonesia, Jl. Diponegoro 57, Bandung 40122, Indonesia c Centre de Recherches

Paris-Sud XI, Université de

351

6.092 Introduction to Software Engineering in Java, January (IAP) 2008  

E-Print Network (OSTI)

This course is an introduction to software engineering, using the Java™ programming language; it covers concepts useful to 6.005. The focus is on developing high quality, working software that solves real problems. Students ...

Akeju, Usman O.

352

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

31, 2013 31, 2013 V-081: Wireshark Multiple Vulnerabilities Multiple vulnerabilities have been reported in Wireshark January 30, 2013 V-080: Apple iOS Multiple Vulnerabilities Apple iOS Multiple Vulnerabilities January 25, 2013 V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication A remote user can gain administrative access to the target system. January 18, 2013 V-072: Red Hat update for java-1.7.0-openjdk Red Hat has issued an update for java-1.7.0-openjdk. January 15, 2013 V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities Multiple vulnerabilities have been reported in BlackBerry Tablet OS January 11, 2013 V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code Oracle Java Flaw Lets Remote Users Execute Arbitrary Code

353

U-004:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

ASSESSMENT: High Discussion: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. The code...

354

A practical experience in workspace separation for developing multiple storefronts on customized commerce engines  

Science Conference Proceedings (OSTI)

In this paper, we describe our experience in separating workspaces, using the IBM VisualAge for Java development tool, for multiple web storefronts development for several major IBM public and private commerce sites. There was a need to create multiple ... Keywords: commerce engines, dependency analysis, eCommerce, integrated development environment, software development, web storefronts, workspace separation

Shyh-Kwei Chen; Trieu C. Chieu; Shiwa S. Fu; Yew-Huey Liu; Florian Pinel; Jih-Shyr Yih

2004-11-01T23:59:59.000Z

355

Searching for the biofuel energy crisis in rural Java  

SciTech Connect

Biofuel shortage in peasant economies is often reported to reach crisis proportions in conditions of high population density. As a group, peasants are portrayed as engaging in irrational biofuel resource abuse. At times this abuse is treated as the inevitable outcome of excess biofuel demand. Otherwise, an explanation is often given in terms of resource-use problems inherent in common property. An alternative explanation is proposed in this dissertation. Rather than the effect of common property (a structure), such crises are more likely the result of capitalist expansion (a process). Systems of common foraging are prone to ownership conflict during transitions to private property. This conflict provides a more cogent explanation for biofuel shortage than any structural flaw in common-use systems. Contemporary rural Java contradicts mechanistic applications of supply/demand models of biofuel shortage. Despite high population pressure, biofuel is not inordinately scarce. There is little basis for the crisis predictions. While assessments of biofuel demand and supply can provide scarcity indicators, they ought not be used to predict overuse. The traditional crisis predictions of supply/demand balancing and common property analysis must be replaced by a more skeptical multi-disciplinary approach.

McGranahan, G.

1986-01-01T23:59:59.000Z

356

CDKN-Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Cartagena Vulnerability Assessment Cartagena Vulnerability Assessment Jump to: navigation, search Name CDKN-Colombia-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] CDKN-Colombia-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=CDKN-Colombia-Cartagena_Vulnerability_Assessment&oldid=407543

357

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow  

NLE Websites -- All DOE Office Websites (Extended Search)

65: Vulnerability in Microsoft Malware Protection Engine Could 65: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability February 25, 2011 - 7:40am Addthis PROBLEM: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability. PLATFORM: Microsoft Malware Protection Engine Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0 This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0 If the version of the Microsoft Malware Protection Engine is equal to or

358

A framework for modeling rail transport vulnerability  

Science Conference Proceedings (OSTI)

Railroads represent one of the most efficient methods of long-haul transport for bulk commodities, from coal to agricultural products. Over the past fifty years, the rail network has contracted while tonnage has increased. Service, geographically, has been abandoned along short haul routes and increased along major long haul routes, resulting in a network that is more streamlined. The current rail network may be very vulnerable to disruptions, like the failure of a trestle. This paper proposes a framework to model rail network vulnerability and gives an application of this modeling framework in analyzing rail network vulnerability for the State of Washington. It concludes with a number of policy related issues that need to be addressed in order to identify, plan, and mitigate the risks associated with the sudden loss of a bridge or trestle.

Peterson, Steven K [ORNL; Church, Richard L. [University of California, Santa Barbara

2008-01-01T23:59:59.000Z

359

High-performance file I/O in Java : existing approaches and bulk I/O extensions.  

Science Conference Proceedings (OSTI)

There is a growing interest in using Java as the language for developing high-performance computing applications. To be successful in the high-performance computing domain, however, Java must not only be able to provide high computational performance, but also high-performance I/O. In this paper, we first examine several approaches that attempt to provide high-performance I/O in Java - many of which are not obvious at first glance - and evaluate their performance on two parallel machines, the IBM SP and the SGI Origin2000. We then propose extensions to the Java I/O library that address the deficiencies in the Java I/O API and improve performance dramatically. The extensions add bulk (array) I/O operations to Java, thereby removing much of the overhead currently associated with array I/O in Java. We have implemented the extensions in two ways: in a standard JVM using the Java Native Interface (JNI) and in a high-performance parallel dialect of Java called Titanium. We describe the two implementations and present performance results that demonstrate the benefits of the proposed extensions.

Bonachea, D.; Dickens, P.; Thakur, R.; Mathematics and Computer Science; Univ. of California at Berkeley; Illinois Institute of Technology

2001-07-01T23:59:59.000Z

360

V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple 9: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities January 15, 2013 - 4:00am Addthis PROBLEM: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities PLATFORM: BlackBerry Tablet Software versions 2.1.0.1032 and prior. ABSTRACT: Multiple vulnerabilities have been reported in BlackBerry Tablet OS REFERENCE LINKS: BlackBerry Knowledge Base Article ID: KB32019 BlackBerry Knowledge Base Article ID: KB32189 Secunia Advisory SA51830 CVE-2012-1182 CVE-2012-1535 CVE-2012-2034 CVE-2012-2037 CVE-2012-4163 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

Critical infrastructure protection: The vulnerability conundrum  

Science Conference Proceedings (OSTI)

Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats ... Keywords: Critical infrastructure, Fortification, Interdiction, Policy, Protection, Strategies, Vulnerability

Alan T. Murray; Tony H. Grubesic

2012-02-01T23:59:59.000Z

362

Chemical Safety Vulnerability Working Group Report  

SciTech Connect

This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

1994-09-01T23:59:59.000Z

363

Gain Time Reclaiming in High Performance Real-Time Java Systems  

E-Print Network (OSTI)

The run-time characteristics of Java, such as high frequency of method invocation, dynamic dispatching and dynamic loading, make Java more difficult than other object-oriented programming languages, such as C++, for conducting Worst-Case Execution Time (WCET) analysis. To offer a more flexible way to develop object-oriented real-time applications in the realtime Java environment without loss of predicability and performance, we propose a novel gain time reclaiming framework integrated with WCET analysis. This paper demonstrates how to improve the utilisation and performance of the whole system by reclaiming gain time at run-time. Our approach shows that integrating WCET with gain time reclaiming can not only provide a more flexible environment, but it also does not necessarily result in unsafe or unpredictable timing behaviour.

Erik Yu-Shing Hu; Andy Wellings; Guillem Bernat

2003-01-01T23:59:59.000Z

364

JDATATRANS for Array Obfuscation in Java Source Code to Defeat Reverse Engineering from Decompiled Codes  

E-Print Network (OSTI)

Software obfuscation or obscuring a software is an approach to defeat the practice of reverse engineering a software for using its functionality illegally in the development of another software. Java applications are more amenable to reverse engineering and re-engineering attacks through methods such as decompilation because Java class files store the program in a semi complied form called 'byte' codes. The existing obfuscation systems obfuscate the Java class files. Obfuscated source code produce obfuscated byte codes and hence two level obfuscation (source code and byte code level) of the program makes it more resilient to reverse engineering attacks. But source code obfuscation is much more difficult due to richer set of programming constructs and the scope of the different variables used in the program and only very little progress has been made on this front. Hence programmers resort to adhoc manual ways of obscuring their program which makes it difficult for its maintenance and usability. To address thi...

Sivadasan, Praveen; Sivadasan, Naveen

2008-01-01T23:59:59.000Z

365

Object-Oriented Intensional Programming: Intensional Classes Using Java and Lucid  

E-Print Network (OSTI)

This article introduces Object-Oriented Intensional Programming (OO-IP), a new hybrid language between Object-Oriented and Intensional Programming Languages in the sense of the latest evolutions of Lucid. This new hybrid language combines the essential characteristics of Lucid and Java, and introduces the notion of object streams which makes it is possible that each element in a Lucid stream to be an object with embedded intensional properties. Interestingly, this hybrid language also brings to Java objects the power to explicitly express and manipulate the notion of context, creating the novel concept of intensional object, i.e. objects whose evaluation is context-dependent, which are here demonstrated to be translatable into standard objects. By this new approach, we extend the use and meaning of the notion of intensional objects and enrich the meaning of object streams in Lucid and semantics of intensional objects in Java.

Wu, Aihua; Mokhov, Serguei A

2009-01-01T23:59:59.000Z

366

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

367

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

368

Measuring Sulphur Dioxide (SO2) Emissions in October, 2010 Catastrophic Eruption from Merapi Volcano in Java, Indonesia  

E-Print Network (OSTI)

Volcano in Java, Indonesia with Ozone Monitoring Instrument (OMI) José A. Morales-Collazo Geology This paper discusses sulfur dioxide (SO2) cloud emissions from Merapi Volcano in Java, Indonesia during, Indonesia. In October 26th , 2010, a catastrophic eruption was reported from Merapi causing nearly 386

Gilbes, Fernando

369

Array Based Java Source Code Obfuscation Using Classes with Restructured Arrays  

E-Print Network (OSTI)

Array restructuring operations obscure arrays. Our work aims on java source code obfuscation containing arrays. Our main proposal is Classes with restructured array members and obscured member methods for setting, getting array elements and to get the length of arrays. The class method definition codes are obscured through index transformation and constant hiding. The instantiated objects of these classes are used for source code writing. A tool named JDATATRANS is developed for generating classes and to the best of our knowledge this is the first tool available for array restructuring, on java source codes.

Sivadasan, Praveen

2008-01-01T23:59:59.000Z

370

V-038: Google Chrome Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Two Vulnerabilities 8: Google Chrome Two Vulnerabilities V-038: Google Chrome Two Vulnerabilities December 3, 2012 - 1:00am Addthis PROBLEM: Google Chrome Two Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 23.0.1271.95. ABSTRACT: Two vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA51447 CVE-2012-5137 CVE-2012-5138 IMPACT ASSESSMENT: High DISCUSSION: Two vulnerabilities have been reported in Google Chrome, where one has an unknown impact and the other can be exploited by malicious people to compromise a user's system. 1) An error exists when handling file paths. 2) A use-after-free error exists when handling media sources. The vulnerabilities are reported in versions prior to 23.0.1271.95. IMPACT:

371

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Secure Gateway Unspecified Vulnerability 6: Citrix Secure Gateway Unspecified Vulnerability T-566: Citrix Secure Gateway Unspecified Vulnerability February 28, 2011 - 11:22pm Addthis PROBLEM: Citrix Secure Gateway Unspecified Vulnerability. PLATFORM: Citrix Secure Gateway version 3.1.4 ABSTRACT: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia Advisory SA43497 Citrix Support IMPACT ASSESSMENT: High Discussion: This vulnerability only affects Secure Gateway version 3.1.4. Secure Gateway version 3.2.0 is not affected by this vulnerability, but Citrix recommends that customers currently using this version upgrade their deployments to version 3.2.1 in line with the guidance provided in

372

Empirical Estimates and Observations of 0Day Vulnerabilities  

Science Conference Proceedings (OSTI)

We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day.

Miles A. McQueen; Trevor A. McQueen; Wayne F. Boyer; May R. Chaffin

2009-01-01T23:59:59.000Z

373

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE  

E-Print Network (OSTI)

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE A Quantitative Approach R. H. Moss A. L. Brenkert E@ntis.fedworld.gov Online ordering: http://www.ntis.gov/ordering.htm #12;iii EXECUTIVE SUMMARY The PNNL Vulnerability

Hultman, Nathan E.

374

T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: OpenSC Smart Card Serial Number Multiple Buffer Overflow 7: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities January 4, 2011 - 5:52pm Addthis PROBLEM: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities PLATFORM: Vulnerable Platform: OpenSC 0.11.13 ABSTRACT: OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. reference LINKS: SecurityFocus - OpenSC Smart Card Serial CVE-2010-4523 OpenSC: Three stack-based buffer overflows CVE-2010-4523 - Three stack-based buffer overflows

375

V-099: Honeywell Multiple Products ActiveX Control Remote Code Execution  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

099: Honeywell Multiple Products ActiveX Control Remote Code 099: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability V-099: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability February 26, 2013 - 12:26am Addthis PROBLEM: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability PLATFORM: Honeywell ComfortPoint Open Manager (CPO-M) Honeywell Enterprise Buildings Integrator (EBI) Honeywell SymmetrE ABSTRACT: A vulnerability has been reported in multiple Honeywell products REFERENCE LINKS: Secunia Advisory SA52389 ICSA-13-053-02 CVE-2013-0108 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an unspecified error in the HscRemoteDeploy.dll module. No further information is currently available. Successful exploitation may allow execution of arbitrary code.

376

V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM TRIRIGA Application Platform Multiple Cross-Site 0: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities August 29, 2013 - 4:10am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM TRIRIGA Application Platform, which can be exploited by malicious people to conduct cross-site scripting attacks. PLATFORM: IBM TRIRIGA Application Platform 2.x ABSTRACT: The vulnerabilities are reported in versions 2.1, 2.5, 2.6, and 2.7. REFERENCE LINKS: Secunia Advisory SA54641 CVE-2013-4003 IBM Security Bulletin IMPACT ASSESSMENT: Low DISCUSSION: Multiple vulnerabilities have been reported in IBM TRIRIGA Application Platform, which can be exploited by malicious people to conduct cross-site scripting attacks.

377

V-099: Honeywell Multiple Products ActiveX Control Remote Code Execution  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Honeywell Multiple Products ActiveX Control Remote Code 9: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability V-099: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability February 26, 2013 - 12:26am Addthis PROBLEM: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability PLATFORM: Honeywell ComfortPoint Open Manager (CPO-M) Honeywell Enterprise Buildings Integrator (EBI) Honeywell SymmetrE ABSTRACT: A vulnerability has been reported in multiple Honeywell products REFERENCE LINKS: Secunia Advisory SA52389 ICSA-13-053-02 CVE-2013-0108 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an unspecified error in the HscRemoteDeploy.dll module. No further information is currently available. Successful exploitation may allow execution of arbitrary code.

378

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

High Impact High Impact Assessment Bulletins JC3 High Impact Assessment Bulletins RSS June 28, 2013 V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability The vulnerability addresses the possibility of a heap overflow condition June 27, 2013 V-187: Mozilla Firefox Multiple Vulnerabilities These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. June 19, 2013 V-181: Oracle Java SE Critical Patch Update Advisory - June 2013 Multiple vulnerabilities were reported in Oracle Java. June 14, 2013 V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and

379

V-043: Perl Locale::Maketext Module '_compile()' Multiple Code Injection  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Perl Locale::Maketext Module '_compile()' Multiple Code 3: Perl Locale::Maketext Module '_compile()' Multiple Code Injection Vulnerabilities V-043: Perl Locale::Maketext Module '_compile()' Multiple Code Injection Vulnerabilities December 10, 2012 - 1:00am Addthis PROBLEM: Perl Locale::Maketext Module Two Code Injection Vulnerabilities PLATFORM: Locale::Maketext 1.23 is affected; other versions also may be affected. ABSTRACT: Two vulnerabilities have been reported in Locale::Maketext module for Perl REFERENCE LINKS: Secunia Advisory SA51498 Debian Bug report logs - #695224 Bugtraq ID: 56852 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities have been reported in Locale::Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module. The vulnerabilities are caused due to the "_compile()" function not

380

V-043: Perl Locale::Maketext Module '_compile()' Multiple Code Injection  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Perl Locale::Maketext Module '_compile()' Multiple Code 3: Perl Locale::Maketext Module '_compile()' Multiple Code Injection Vulnerabilities V-043: Perl Locale::Maketext Module '_compile()' Multiple Code Injection Vulnerabilities December 10, 2012 - 1:00am Addthis PROBLEM: Perl Locale::Maketext Module Two Code Injection Vulnerabilities PLATFORM: Locale::Maketext 1.23 is affected; other versions also may be affected. ABSTRACT: Two vulnerabilities have been reported in Locale::Maketext module for Perl REFERENCE LINKS: Secunia Advisory SA51498 Debian Bug report logs - #695224 Bugtraq ID: 56852 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities have been reported in Locale::Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module. The vulnerabilities are caused due to the "_compile()" function not

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

Functional Java Bytecode Christopher LEAGUE Valery TRIFONOV Zhong SHAO  

E-Print Network (OSTI)

be removed from the TCB. The FLINT project at Yale aims to build a type- preserving compiler infrastructure to generate low-level typed object code for multiple source languages [26]. The first generation of our FLINT compiler [27, 28]. We have recently extended FLINT to support a sophisticated type-preserving front end

382

jContractor: Introducing Design-by-Contract to Java Using Reflective Bytecode Instrumentation  

Science Conference Proceedings (OSTI)

Design by Contract is a software engineering practice that allows semantic information to be added to a class or interface to precisely specify the conditions that are required for its correct operation. The basic constructs of Design by Contract are ... Keywords: Design by Contract, Java, bytecode instrumentation, jContractor

Murat Karaorman; Parker Abercrombie

2005-11-01T23:59:59.000Z

383

DESIGN REAL-TIME JAVA REMOTE METHOD INVOCATION: A SERVER-CENTRIC APPROACH  

E-Print Network (OSTI)

for incoming calls to the exported remote object. The others are worker threads for handling each accepted-time worker threads for handling incoming calls to exported remote objects. We have modified the run() methodDESIGN REAL-TIME JAVA REMOTE METHOD INVOCATION: A SERVER-CENTRIC APPROACH Sangig Rho Samsung

Choi, Byung K.

384

Hard Real-Time Garbage Collection for a Java Chip Multi-Processor  

E-Print Network (OSTI)

or hard copies of all or part of this work for personal or classroom use is granted without fee provided, these approaches implement substantial parts or all of the garbage collector in hard- ware. In contrast, ourHard Real-Time Garbage Collection for a Java Chip Multi-Processor Wolfgang Puffitsch Institute

385

CSY3019 -Graphics Programming Assignment 2: Development of 3D graphics software: Java 2D (50%)  

E-Print Network (OSTI)

CSY3019 - Graphics Programming Assignment 2: Development of 3D graphics software: Java 2D (50 and/or strip lights). · User defined or loaded geometry (i.e. not primitive shapes). · The room & Title Page · Table of contents · Introduction · Analysis · Design · Implementation · Testing

Hill, Gary

386

Java Application that Outputs Quantum Circuit for Some NAND Formula Evaluators  

E-Print Network (OSTI)

This paper introduces QuanFruit v1.1, a Java application available for free. (Source code included in the distribution.) Recently, Farhi-Goldstone-Gutmann (FGG) wrote a paper arXiv:quant-ph/0702144 that proposes a quantum algorithm for evaluating NAND formulas. QuanFruit outputs a quantum circuit for the FFG algorithm.

Tucci, Robert R

2008-01-01T23:59:59.000Z

387

Java Application that Outputs Quantum Circuit for Some NAND Formula Evaluators  

E-Print Network (OSTI)

This paper introduces QuanFruit v1.1, a Java application available for free. (Source code included in the distribution.) Recently, Farhi-Goldstone-Gutmann (FGG) wrote a paper arXiv:quant-ph/0702144 that proposes a quantum algorithm for evaluating NAND formulas. QuanFruit outputs a quantum circuit for the FFG algorithm.

Robert R. Tucci

2008-02-17T23:59:59.000Z

388

A High Integrity Profile for Memory Safe Programming in Real-time Java  

E-Print Network (OSTI)

the structure of Real-time Java programs. By giving an additional mean- ing to the package construct, we, de be allocated within any package ­ but will be prevented from abstract class ScopeGate { protected Scope, we moved classes amongst packages so that Scoped Zen's package structure matched the scope structure

Zhao, Tian

389

Real-time remote control of a robot manipulator using Java and client-server architecture  

Science Conference Proceedings (OSTI)

The control of complex systems through PC networks is becoming increasingly important nowadays, both in the industries and in R&D centers. In this paper, a novel architecture is described which provides 24-h-a-day access to a remote system for remote ... Keywords: RS232, client, communication protocol, internet, java, planar manipulator, real-time, remote control, server

F. M. Raimondi; L. S. Ciancimino; M. Melluso

2005-03-01T23:59:59.000Z

390

Proceedings of the 3rd international symposium on Principles and practice of programming in Java  

Science Conference Proceedings (OSTI)

It gives me great pleasure to welcome you to Las Vegas, Nevada for the 3rd International Conference on Principles and Practice of Programming in Java.Forty one papers were submitted and a total of twenty four (58%) have been selected for presentation ...

John Waldron

2004-06-01T23:59:59.000Z

391

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

392

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

393

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

394

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

395

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Colombia-Cartagena Vulnerability Assessment Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] Colombia-CDKN-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=Colombia-Cartagena_Vulnerability_Assessment&oldid=699760"

396

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

397

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Informix Genero libpng Integer Overflow Vulnerability 4: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT ASSESSMENT: Medium DISCUSSION: The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix

398

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google Picasa BMP and TIFF Images Processing Vulnerabilities 6: Google Picasa BMP and TIFF Images Processing Vulnerabilities V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities March 21, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been discovered in Google Picasa PLATFORM: Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac ABSTRACT: Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA51652 Picasa Release Notes IMPACT ASSESSMENT: High DISCUSSION: 1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field. 2) The application bundles a vulnerable version of LibTIFF.

399

T-550: Apache Denial of Service Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

550: Apache Denial of Service Vulnerability 550: Apache Denial of Service Vulnerability T-550: Apache Denial of Service Vulnerability February 4, 2011 - 3:03am Addthis PROBLEM: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. PLATFORM: Versions prior to 'APR-util' 1.3.10 are vulnerable. ABSTRACT: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption). reference LINKS: Securityfocus

400

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

402

U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Bugzilla LDAP Injection and Information Disclosure 1: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities September 5, 2012 - 6:00am Addthis PROBLEM: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: Bugzilla is prone to an LDAP-injection vulnerability and an information-disclosure vulnerability reference LINKS: Bugzilla Homepage Bugzilla Security Advisory Bugtraq ID: 55349 Secunia Advisory SA50433 CVE-2012-3981 CVE-2012-4747 IMPACT ASSESSMENT: Medium Discussion: A vulnerability and a security issue have been reported, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used

403

V-062: Asterisk Two Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Asterisk Two Denial of Service Vulnerabilities 2: Asterisk Two Denial of Service Vulnerabilities V-062: Asterisk Two Denial of Service Vulnerabilities January 4, 2013 - 6:00am Addthis PROBLEM: Asterisk Two Denial of Service Vulnerabilities PLATFORM: The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x. ABSTRACT: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA51689 Asterisk Project Security Advisories CVE-2012-5976 CVE-2012-5977 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via

404

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

405

U-246: Tigase XMPP Dialback Protection Bypass Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Tigase XMPP Dialback Protection Bypass Vulnerability 6: Tigase XMPP Dialback Protection Bypass Vulnerability U-246: Tigase XMPP Dialback Protection Bypass Vulnerability August 28, 2012 - 7:00am Addthis PROBLEM: Tigase XMPP Dialback Protection Bypass Vulnerability PLATFORM: Tigase 5.x ABSTRACT: A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. reference LINKS: XMPP Standards Foundation Secunia Advisory SA50362 tigase.org CVE-2012-4670 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.

406

T-730: Vulnerability in Citrix Provisioning Services could result in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

730: Vulnerability in Citrix Provisioning Services could result 730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution September 29, 2011 - 8:30am Addthis PROBLEM: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution. PLATFORM: This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6 Service Pack 1. ABSTRACT: Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. reference LINKS: Citrix Document ID: CTX130846 Security Focus: Bugtraq ID 49803 IMPACT ASSESSMENT:

407

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Access Gateway Unspecified Security Bypass 6: Citrix Access Gateway Unspecified Security Bypass Vulnerability V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway PLATFORM: Standard Edition 5.0.x prior to 5.0.4.223524. Versions 4.5.x and 4.6.x are not affected by this vulnerability ABSTRACT: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA52479 Security Tracker Alert ID 1028255 com/id/1028255 CVE-2013-2263 Citrix Knowledge Center IMPACT ASSESSMENT: High DISCUSSION: The vulnerability could allow an unauthenticated user to gain access to network resources. IMPACT:

408

V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability 3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability April 1, 2013 - 1:26am Addthis PROBLEM: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability PLATFORM: VMware ESX Server 4.x VMware ESXi 4.x VMware ESXi 5.x ABSTRACT: A vulnerability has been reported in VMware ESX and ESXi REFERENCE LINKS: VMware ESXi security update Secunia Advisory SA52844 CVE-2012-5134 IMPACT ASSESSMENT: High DISCUSSION: The ESXi userworld libxml2 library has been updated to resolve a security issue IMPACT: VMware ESX and ESXi can be exploited by malicious people to compromise a vulnerable system SOLUTION: The vendor has issued a fix, VMware ESXi 5.0, Patch Release ESXi500-201303001 (2044373) Addthis Related Articles U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets

409

A Time-Lagged Ensemble Simulation on the Modulation of Precipitation over West Java in January–February 2007  

Science Conference Proceedings (OSTI)

A numerical experiment using a regional nonhydrostatic model is performed to investigate the synoptic condition related to the heavy precipitation event that occurred at Jakarta in West Java, Indonesia, in January–February 2007. A time-lagged ...

Nurjanna J. Trilaksono; Shigenori Otsuka; Shigeo Yoden

2012-02-01T23:59:59.000Z

410

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

NLE Websites -- All DOE Office Websites (Extended Search)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

411

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

National Nuclear Security Administration (NNSA)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

412

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS Introduction SCADA Security for Managers and Operators Intermediate SCADA Security Training Course Slides...

413

Mapping Climate Change Vulnerability and Impact Scenarios - A...  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change...

414

Locating Climate Insecurity: Where Are the Most Vulnerable Places...  

Open Energy Info (EERE)

Twitter icon Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Name Locating Climate Insecurity: Where Are the Most...

415

The (In)Security of Drug Testing - Vulnerability Assessment Team...  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Papers > The (In)Security of Drug Testing VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security...

416

A Java Library for the Generation and Scheduling of PTX Assembly  

SciTech Connect

This paper discusses an ongoing progress regarding the development of a Java-based library for rapid kernel prototyping in NVIDIA PTX and PTX instruction scheduling. It is aimed at developers seeking total control of emitted PTX, highly parametric emission of, and tunable instruction reordering. It is primarily used for code development at ICHEC but is also hoped that NVIDIA GPU community will also find it beneficial.

Kartsaklis, Christos [ORNL; Civario, G [Irish Centre for High-End Computing

2010-01-01T23:59:59.000Z

417

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

May 22, 2013 May 22, 2013 V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. May 17, 2013 V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. May 16, 2013 V-157: Adobe Reader / Acrobat Multiple Vulnerabilities These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system May 14, 2013 V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session

418

SoapRMI C++/Java 1.1: Design and Implementation  

E-Print Network (OSTI)

Java RMI provides a simple and elegant paradigm for communication with objects in remote address spaces. RMI is a de facto standard for communication in distributed systems that are written in different languages and optimized to run in disparate environments. XML [10] has emerged as a promising standard for language-independent data representation, and HTTP as a widely-used firewall-friendly network protocol. It is now possible to design and develop a communication system that combines the elegance and strength of Java RMI with the ubiquity of HTTP and platform and language independence of XML. SOAP [12] defines XML based communication and SOAP RPC precisely states the protocol for using XML as the data format and HTTP as the network protocol. This paper presents the design issues in layering a C++ and Java based RMI system on top of SOAP RPC along with an efficient XML Pull Parser that we designed to parse SOAP calls. We explain the various features of the resulting SoapRMI system: dynamic proxies, stub-skeleton generation from XML specification, interoperability, exception handling and different "Naming" services. Key Words: RMI, Distributed Systems, XML, SOAP, Naming 1

Aleksander Slominski; Madhusudhan Govindaraju; Dennis Gannon; Randall Bramley

2001-01-01T23:59:59.000Z

419

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0-18381 0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the U.S. Government. Neither the U.S. Government nor any agency thereof, nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness, of any information, apparatus, product, or

420

U-201: HP System Management Homepage Bugs Let Remote Users Deny...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service V-051: Oracle Solaris Java Multiple Vulnerabilities...

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

Using hardware vulnerability factors to enhance AVF analysis  

Science Conference Proceedings (OSTI)

Fault tolerance is now a primary design constraint for all major microprocessors. One step in determining a processor's compliance to its failure rate target is measuring the Architectural Vulnerability Factor (AVF) of each on-chip structure. The AVF ... Keywords: architectural vulnerability factor, fault tolerance, reliability

Vilas Sridharan; David R. Kaeli

2010-06-01T23:59:59.000Z

422

An OVAL-based active vulnerability assessment system for enterprise computer networks  

Science Conference Proceedings (OSTI)

Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter ... Keywords: Attack path, Network security, Open vulnerability assessment language, Predicate logic, Relational database management system, Security vulnerability

Xiuzhen Chen; Qinghua Zheng; Xiaohong Guan

2008-11-01T23:59:59.000Z

423

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

424

T-625: Opera Frameset Handling Memory Corruption Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Opera Frameset Handling Memory Corruption Vulnerability 5: Opera Frameset Handling Memory Corruption Vulnerability T-625: Opera Frameset Handling Memory Corruption Vulnerability May 18, 2011 - 3:05pm Addthis PROBLEM: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. PLATFORM: Opera versions prior to 11.11 ABSTRACT: The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page. reference LINKS: Secunia Advisory: SA44611 Opera Knowledge Base Opera 11.11 for Windows Opera Download Opera Mobile IMPACT ASSESSMENT: High Discussion: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a

425

India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Agency/Company /Organization Swiss Agency for Development and Cooperation Sector Energy, Land, Water Focus Area Agriculture Topics Co-benefits assessment, Background analysis Resource Type Lessons learned/best practices Website http://www.intercooperation.or Country India Southern Asia References India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change[1] India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Screenshot Contents 1 Introduction [1] 2 Community-based Institutions [2] 3 Pasture Land Development [3]

426

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

427

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

428

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Agency/Company /Organization: United Nations Development Programme (UNDP) Resource Type: Guide/manual Website: www.beta.undp.org/content/dam/aplaws/publication/en/publications/envir Language: English Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Screenshot This guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate policies and intervention can

429

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

430

T-731:Symantec IM Manager Code Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code Injection Vulnerability. PLATFORM: IM Manager versions prior to 8.4.18 are affected. ABSTRACT: Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. referecnce LINKS: Symantec Security Advisory SYM11-012 Symantec Security Updates Bugtraq ID: 49742 IMPACT ASSESSMENT: High Discussion: Symantec was notified of Cross-Site Scripting and Code injection/execution issues present in the Symantec IM Manager management console. The management console fails to properly filter/validate external inputs. Successful exploitation of SQL Injection or Remote Code execution might

431

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

432

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

433

Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of  

Open Energy Info (EERE)

Impacts, Vulnerability and Adaptation: The Case of Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Agency/Company /Organization World Agroforestry Centre Sector Land Focus Area Forestry Topics Adaptation, Background analysis, Co-benefits assessment Resource Type Publications Website http://www.worldagroforestry.o Country Philippines UN Region South-Eastern Asia References Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed[1] Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Screenshot This article is a stub. You can help OpenEI by expanding it.

434

Analyses Of Two End-User Software Vulnerability Exposure Metrics  

SciTech Connect

The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

Jason L. Wright; Miles McQueen; Lawrence Wellman

2012-08-01T23:59:59.000Z

435

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). The coordinating lead author and a principal author was Craig Zamuda of DOE-PI; other principal authors included Bryan Mignone of DOE-PI, and Dan Bilello, KC Hallett, Courtney Lee, Jordan Macknick, Robin Newmark, and Daniel Steinberg of NREL. Vince Tidwell of Sandia National Laboratories, Tom Wilbanks of

436

Reducing US vulnerability to oil supply shocks  

Science Conference Proceedings (OSTI)

The 1990 crisis in the Middle East has raised concern about the United States`s vulnerability to oil supply disruptions. In addition, a number of trends point to increased US dependence on imported oil. Oil imports have increased and production has declined in the United States for the last eight years. Imports now comprise 42 percent of total oil consumption and US dependence on oil imports is projected to increase over the next 20 years. The Energy Modeling Forum forecasts imports to be more than twice domestic production by the year 2010. There are many studies examining the effects of various policies to protect US energy security. Not many consider the Strategic Petroleum Reserve (SPR), which can be a powerful tool in combating energy supply shocks. The SPR can dramatically increase the domestic short run supply elasticity, which has been found to be a key element in the welfare cost of protectionist policies. Upon examining 5 policies the author finds that the SPR together with a protectionist policy works best against a supply disruption. 27 refs., 3 tabs.

Yuecel, M.K. [Federal Reserve Bank of Dallas, TX (United States)

1994-10-01T23:59:59.000Z

437

U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix XenServer Multiple Flaws in Web Self Service Have 6: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact February 17, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities were reported in Citrix XenServer Web Self Service. PLATFORM: Version(s): 5.5, 5.6 SP2, 6.0; Web Self Service prior to 1.1.1 ABSTRACT: A number of security vulnerabilities have been identified in the management web interface of Citrix XenServer Web Self Service. reference LINKS: Citrix Support Center SecurityTracker Alert ID:1026695 IMPACT ASSESSMENT: Medium Discussion: Customers who have installed XenServer but have not additionally downloaded and installed the optional Web Self Service component are not affected by these vulnerabilities. These vulnerabilities affect all currently supported

438

T-697: Google Chrome Prior to 13.0.782.107 Multiple Security  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

97: Google Chrome Prior to 13.0.782.107 Multiple Security 97: Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities T-697: Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities August 19, 2011 - 3:02pm Addthis PROBLEM: Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. PLATFORM: Cross Platform: Google Chrome Prior to 13.0.782.107: Versions and Vulnerabilities (Details) ABSTRACT: Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. The Chromium Projects Security Overview. reference LINKS: SecurityFocus: Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities

439

A Java Math.BigDecimal Implementation of Core Mathematical Functions  

E-Print Network (OSTI)

The mathematical functions log(x), exp(x), root[n]x, sin(x), cos(x), tan(x), arcsin(x), arctan(x), x^y, sinh(x), cosh(x), tanh(x) and Gamma(x) have been implemented for arguments x in the real domain in a native Java library on top of the multi-precision BigDecimal representation of floating point numbers. This supports scientific applications where more than the double precision accuracy of the library of the Standard Edition is desired. The full source code is made available.

Mathar, Richard J

2009-01-01T23:59:59.000Z

440

Rapid Sampling from Sealed Containers - Vulnerability Assessment Team -  

NLE Websites -- All DOE Office Websites (Extended Search)

Nonproliferation and Nonproliferation and National Security > VAT > Current Projects > Rapid Sampling Tools > ... from Sealed Containers VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Tamper & Intrusion Detection Rapid Sampling from Sealed Containers Demo video Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

Common Myths about Tamper Indicating Seals - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Common Myths about Tamper Common Myths about Tamper Indicating Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

442

New Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

More Information More Information VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

443

Insanely Fast Microprocessor Shop - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Insanely Fast Microprocessor Shop Insanely Fast Microprocessor Shop VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

444

About Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Seals Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

445

Findings and Lessons, Seals - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Findings and Lessons Learned Findings and Lessons Learned VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

446

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

447

Automated Vulnerability Detection for Compiled Smart Grid Software  

Science Conference Proceedings (OSTI)

While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

Prowell, Stacy J [ORNL; Pleszkoch, Mark G [ORNL; Sayre, Kirk D [ORNL; Linger, Richard C [ORNL

2012-01-01T23:59:59.000Z

448

NIST SP 800-24, PBX Vulnerability Analysis : Finding Holes In ...  

Science Conference Proceedings (OSTI)

... 35 Silent Monitoring 35 Conferencing 36 ... Dial-back modem vulnerabilities. Unattended remote access to a switch clearly represents a vulnerability. ...

2012-05-09T23:59:59.000Z

449

V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

20: Apple QuickTime Multiple Flaws Let Remote Users Execute 20: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista and XP. ABSTRACT: Multiple vulnerabilities were reported in Apple QuickTime. REFERENCE LINKS: Apple Security Article: HT5581 SecurityTracker Alert ID: 1027737 Bugtraq ID: 56438 Secunia Advisory SA51226 CVE-2011-1374 CVE-2012-3751 CVE-2012-3752 CVE-2012-3753 CVE-2012-3754 CVE-2012-3755 CVE-2012-3756 CVE-2012-3757 CVE-2012-3758 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Apple QuickTime, which can

450

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

613: Microsoft Excel Axis Properties Remote Code Execution 613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability May 2, 2011 - 7:42am Addthis PROBLEM: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fail to sufficiently validate user-supplied input. PLATFORM: Microsoft Excel (2002-2010) ABSTRACT: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service

451

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

452

U.S. Energy Sector Vulnerability Report | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process -- and to advance the Energy Department's goal of promoting energy security -- the Department released the U.S. Energy Sector Vulnerability to Climate Change and Extreme Weather report. The report examines current and potential future impacts of climate change trends on the U.S. energy sector, including: Coastal energy infrastructure is at risk from sea level rise, increasing storm intensity and higher storm surge and flooding. Oil and gas production -- including refining, hydraulic fracturing

453

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

97: Cisco Adaptive Security Appliances Denial of Service 97: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device. reference LINKS: Vendor Advisory Secunia ID 49647 CVE-2012-3058 IMPACT ASSESSMENT: High Discussion: Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco

454

T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

22: Adobe Acrobat and Reader Unspecified Memory Corruption 22: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability May 13, 2011 - 3:25am Addthis PROBLEM: Adobe Acrobat and Reader contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. PLATFORM: Adobe Reader versions 9.4.1 and prior, versions 8.2.5 and prior, and version 10.0 Acrobat Standard and Professional versions 9.4.1 and prior and version 10.0 Acrobat Standard and Professional versions 8.2.5 and prior Acrobat Professional Extended versions 9.4.1 and prior Acrobat 3D versions 8.2.5 and prior Adobe Flash Player versions 10.2.159.1 and prior for Windows, Macintosh, Linux, and Solaris ABSTRACT: The vulnerability is due to an unspecified error in the affected software

455

T-547: Microsoft Windows Human Interface Device (HID) Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

547: Microsoft Windows Human Interface Device (HID) Vulnerability 547: Microsoft Windows Human Interface Device (HID) Vulnerability T-547: Microsoft Windows Human Interface Device (HID) Vulnerability February 1, 2011 - 3:20am Addthis PROBLEM Microsoft Windows Human Interface Device (HID) Vulnerability. PLATFORM: Microsoft 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a Smartphone that the user connected to the computer. reference LINKS: Security Lab: Reference CVE-2011-0638 CVE Details: Reference CVE-2011-0638 Mitre Reference: CVE-2011-0638

456

OLADE-Central America Climate Change Vulnerability Program | Open Energy  

Open Energy Info (EERE)

OLADE-Central America Climate Change Vulnerability Program OLADE-Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program Agency/Company /Organization Latin America Energy Organization Partner Ministries of Energy and Energy Enterprises Sector Energy, Land Topics Background analysis Website http://www.olade.org/proyecto_ Program Start 2010 Program End 2011 Country Belize, Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, Panama Central America, Central America, Central America, Central America, Central America, Central America, Central America References OLADE Energy and Climate Change Projects[1] OLADE is a Latin American organization working with Central American countries on climate change vulnerability for hydroelectric systems and

457

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

458

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot. 2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check

459

Systematic Techniques for Finding and Preventing Script Injection Vulnerabilities  

E-Print Network (OSTI)

2010). http://code. google.com/p/browsersec/wiki/Part1. [101] SecuriTeam. “Google.com UTF-7 XSS Vulnerabilities”.sensitive data of the google.com domain. In the past, Barth

Saxena, Prateek

2012-01-01T23:59:59.000Z

460

Vulnerability beyond Stereotypes: Context and Agency in Hurricane Risk Communication  

Science Conference Proceedings (OSTI)

Risk communication may accentuate or alleviate the vulnerability of people who have particular difficulties responding to the threat of hazards such as hurricanes. The process of risk communication involves how hazard information is received, ...

Heather Lazrus; Betty H. Morrow; Rebecca E. Morss; Jeffrey K. Lazo

2012-04-01T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

V-061: IBM SPSS Modeler XML Document Parsing Vulnerability |...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

and cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain XML documents and can be exploited via a specially crafted document....

462

Equally Unprepared: Assessing the Hurricane Vulnerability of Undergraduate Students  

Science Conference Proceedings (OSTI)

Students have been described as being both particularly vulnerable to natural disasters and highly resilient in recovery. In addition, they often have been treated as a distinct, homogeneous group sharing similar characteristics. This research ...

Jason L. Simms; Margarethe Kusenbach; Graham A. Tobin

2013-07-01T23:59:59.000Z

463

T-614: Cisco Unified Communications Manager Database Security Vulnerability  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerability is due to unspecified errors in the affected software that may allow the attacker to perform SQL injections. An authenticated, remote attacker could inject arbitrary SQL code on the system, allowing the attacker to take unauthorized actions.

464

U-183: ISC BIND DNS Resource Records Handling Vulnerability ...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability U-038: BIND 9 Resolver crashes after logging an error in query.c T-617: BIND RPZ Processing Flaw Lets Remote Users...

465

Vulnerability and social risk management in India and Mexico  

E-Print Network (OSTI)

The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

Flores Ballesteros, Luis

2008-01-01T23:59:59.000Z

466

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

March 8, 2013 March 8, 2013 V-107: Wireshark Multiple Denial of Service Vulnerabilities Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). March 7, 2013 V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. March 6, 2013 V-105: Google Chrome Multiple Vulnerabilities Multiple vulnerabilities have been reported in Google Chrome March 5, 2013 V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code A vulnerability was reported in Oracle Java March 4, 2013 V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication

467

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability IBM and Oracle Java products contain a vulnerability that could allow an...

468

In Proceedings of the Internet Society Symp. on Network and Distributed System Security, San Diego, CA, March 1988 Implementing Protection Domains in the Java TM Development Kit 1.2  

E-Print Network (OSTI)

­ pals. The new class java.security.ProtectionDomain is package­private, and is transparent to most Java.security package. #12; From within Java code, the protection domain of a given class is obtained by invoking the static method getProtectionDomain(CodeSource), again a private method within the package. For each class

Krintz, Chandra

469

Design of an XML based Interoperable RMI System: SoapRMI C++/Java 1.1  

E-Print Network (OSTI)

and remote exception handling between the C++ and Java implementations of SoapRMI. The paper explores JVM as the remote object and handles communication with the stub. The registry is used to manage for communication with objects in remote address spaces. RMI is a de facto standard for communication in distributed

470

CSY3019 -Graphics Programming Assignment 2: Development of 2D/3D graphics software: Java 3D (50%)  

E-Print Network (OSTI)

CSY3019 - Graphics Programming Assignment 2: Development of 2D/3D graphics software: Java 3D (50, directional, point and spot lighting (to model windows and/or strip lights). · User defined or loaded geometry. Front Sheet & Title Page · Table of contents · Introduction · Analysis · Design · Implementation

Hill, Gary

471

Jiazzi: New-Age Components for Old-Fashioned Java Sean McDirmid, Matthew Flatt, Wilson C. Hsieh  

E-Print Network (OSTI)

, the structure of classes in a unit's imported and exported packages can be described using package signatures structure of classes in a Java package. In Figure 2, the package signature ui s describes a UI library Program. In the package signature the structure of a class is described using a class signature. The class

Hsieh, Wilson

472

NEUStore (version 1.4): A Simple Java Package for the Construction of Disk-based, Paginated, and Buffered Indices  

E-Print Network (OSTI)

NEUStore (version 1.4): A Simple Java Package for the Construction of Disk-based, Paginated structures. This could happen if you want the students in your database class to implement some basic index structures such as the B+-tree and the linear hashing. Alternatively, you may want your Ph.D. students

Zhang, Donghui

473

Jiazzi: New-Age Components for Old-Fashioned Java Sean McDirmid, Matthew Flatt, Wilson C. Hsieh  

E-Print Network (OSTI)

this language, the structure of classes in a unit's imported and exported packages can be described using that are used to describe the visi- ble structure of classes in a Java package. In Figure 2, the package applet s describes an application with class Program. In the package signature the structure of a class

Flatt, Matthew

474

Jiazzi: NewAge Components for OldFashioned Java Sean McDirmid, Matthew Flatt, Wilson C. Hsieh  

E-Print Network (OSTI)

this language, the structure of classes in a unit's imported and exported packages can be described using that are used to describe the visi­ ble structure of classes in a Java package. In Figure 2, the package applet s describes an application with class Program. In the package signature the structure of a class

Utah, University of

475

A severe drought during the last millennium in East Java, Indonesia Jessica R. Rodysill a, *, James M. Russell a  

E-Print Network (OSTI)

A severe drought during the last millennium in East Java, Indonesia Jessica R. Rodysill a, *, James of Mining and Petroleum Engineering, Institut Teknologi Bandung, Bandung 40132, Indonesia d Department Available online Keywords: Drought Indonesia Indo-Pacific Warm Pool El Niño-Southern Oscillation Little Ice

Vuille, Mathias

476

Fluid transport properties and estimation of overpressure at the Lusi mud volcano, East Java Basin (Tanikawa et al., 2010)  

E-Print Network (OSTI)

Java Basin (Tanikawa et al., 2010) Richard Daviesa, , Michael Mangab , Mark Tingayc , Richard was caused by drilling of the Banjar Panji 1 gas exploration well (Davies et al., 2007; Manga, 2007; Davies et al., 2008; Tingay et al., 2008) or due to the Yogyakarta earthquake that occurred at 05:54 am

Manga, Michael

477

V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco ASA Multiple Bugs Let Remote Users Deny Service 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected versions of Cisco ASA Software will vary depending on the specific vulnerability. ABSTRACT: Several vulnerabilities were reported in Cisco ASA. REFERENCE LINKS: Cisco Security Advisory Secunia Advisory SA52989 SecurityTracker Alert ID: 1028415 CVE-2013-1149 CVE-2013-1150 CVE-2013-1151 CVE-2013-1152

478

Soft Error Vulnerability of Iterative Linear Algebra Methods  

Science Conference Proceedings (OSTI)

Devices become increasingly vulnerable to soft errors as their feature sizes shrink. Previously, soft errors primarily caused problems for space and high-atmospheric computing applications. Modern architectures now use features so small at sufficiently low voltages that soft errors are becoming significant even at terrestrial altitudes. The soft error vulnerability of iterative linear algebra methods, which many scientific applications use, is a critical aspect of the overall application vulnerability. These methods are often considered invulnerable to many soft errors because they converge from an imprecise solution to a precise one. However, we show that iterative methods can be vulnerable to soft errors, with a high rate of silent data corruptions. We quantify this vulnerability, with algorithms generating up to 8.5% erroneous results when subjected to a single bit-flip. Further, we show that detecting soft errors in an iterative method depends on its detailed convergence properties and requires more complex mechanisms than simply checking the residual. Finally, we explore inexpensive techniques to tolerate soft errors in these methods.

Bronevetsky, G; de Supinski, B

2007-12-15T23:59:59.000Z

479

LinguisticBelief: a java application for linguistic evaluation using belief, fuzzy sets, and approximate reasoning.  

Science Conference Proceedings (OSTI)

LinguisticBelief is a Java computer code that evaluates combinations of linguistic variables using an approximate reasoning rule base. Each variable is comprised of fuzzy sets, and a rule base describes the reasoning on combinations of variables fuzzy sets. Uncertainty is considered and propagated through the rule base using the belief/plausibility measure. The mathematics of fuzzy sets, approximate reasoning, and belief/ plausibility are complex. Without an automated tool, this complexity precludes their application to all but the simplest of problems. LinguisticBelief automates the use of these techniques, allowing complex problems to be evaluated easily. LinguisticBelief can be used free of charge on any Windows XP machine. This report documents the use and structure of the LinguisticBelief code, and the deployment package for installation client machines.

Darby, John L.

2007-03-01T23:59:59.000Z

480

Java Tool Framework for Automation of Hardware Commissioning and Maintenance Procedures  

Science Conference Proceedings (OSTI)

The National Ignition Facility (NIF) is a 192-beam laser system designed to study high energy density physics. Each beam line contains a variety of line replaceable units (LRUs) that contain optics, stepping motors, sensors and other devices to control and diagnose the laser. During commissioning and subsequent maintenance of the laser, LRUs undergo a qualification process using the Integrated Computer Control System (ICCS) to verify and calibrate the equipment. The commissioning processes are both repetitive and tedious when we use remote manual computer controls, making them ideal candidates for software automation. Maintenance and Commissioning Tool (MCT) software was developed to improve the efficiency of the qualification process. The tools are implemented in Java, leveraging ICCS services and CORBA to communicate with the control devices. The framework provides easy-to-use mechanisms for handling configuration data, task execution, task progress reporting, and generation of commissioning test reports. The tool framework design and application examples will be discussed.

Ho, J C; Fisher, J M; Gordon, J B; Lagin, L J; West, S L

2007-10-02T23:59:59.000Z

Note: This page contains sample records for the topic "java multiple vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


481

A distributed hard real-time Java system for high mobility components  

E-Print Network (OSTI)

In this work we propose a methodology for providing real-time capabilities to component-based, on-the-fly recon?gurable, distributed systems. In such systems, software components migrate across computational resources at run-time to allow applications to adapt to changes in user requirements or to external events. We describe how we achieve run-time recon?guration in distributed Java applications by appropriately migrating servers. Guaranteed-rate schedulers at the servers provide the necessary temporal protection and so simplify remote method invocation management. We describe how we manage overhead and resource utilization by controlling the parameters of the server schedulers. According to our measurements, this methodology provides real-time capability to component-based recon?gurable distributed systems in an effcient and effective way. In addition, we propose a new resource discovery protocol, REALTOR, which is based on a combination of pull-based and push-based resource information dissemination. REALTOR has been designed for real-time component-based distributed applications in very dynamic or adverse environments. REALTOR supports survivability and information assurance by allowing the migration of components to safe locations under emergencies suchas externalattack, malfunction, or lackofresources. Simulation studies show that under normal and heavy load conditions REALTOR remains very effective in finding available resources, and does so with a reasonably low communication overhead.REALTOR 1)effectively locates resources under highly dynamic conditions, 2) has an overhead that is system-size independent, and 3) works well in highlyadverse environments.We evaluate the effectiveness of a REALTOR implementation as part of Agile Objects, an infrastructure for real-time capable, highly mobile Java components.

Rho, Sangig

2004-12-01T23:59:59.000Z

482

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

31, 2013 31, 2013 V-207: Wireshark Multiple Denial of Service Vulnerabilities Successful exploitation of this vulnerability may allow execution of arbitrary code. July 30, 2013 V-206: Apache HTTP Server mod_rewrite and "httpOnly" Cookie Disclosure Vulnerabilities Two vulnerabilities have been reported in Apache HTTP Server July 29, 2013 V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities The weakness and the vulnerabilities are caused due to a bundled vulnerable version of Java. July 27, 2013 V-204: A specially crafted query can cause BIND to terminate abnormally A specially crafted query sent to a BIND nameserver can cause it to crash (terminate abnormally). July 26, 2013 V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and

483

Vulnerability Analysis of Energy Delivery Control Systems - 2011 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The goal of the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE) National Supervisory Control and Data Acquisition (SCADA) Test Bed (NSTB) program is to enhance the reliability and resiliency of the Nation's energy infrastructure by reducing the risk

484

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

vulnerability vulnerability identification, dEfense and Restoration (Smart Grid Project) (United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom Coordinates 55.378052°, -3.435973° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":55.378052,"lon":-3.435973,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

485

Locating Climate Insecurity: Where Are the Most Vulnerable Places in  

Open Energy Info (EERE)

Locating Climate Insecurity: Where Are the Most Vulnerable Places in Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Agency/Company /Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.org/system/research_items/pdfs/19/original.pdf?128 UN Region: "Sub-Saharan Africa" is not in the list of possible values (Eastern Africa, Middle Africa, Northern Africa, Southern Africa, Western Africa, Caribbean, Central America, South America, Northern America, Central Asia, Eastern Asia, Southern Asia, South-Eastern Asia, Western Asia, Eastern Europe, Northern Europe, Southern Europe, Western Europe, Australia and New Zealand, Melanesia, Micronesia, Polynesia, Latin America and the Caribbean) for this property.

486

The Journal of Physical Security - Vulnerability Assessment Team - Argonne  

NLE Websites -- All DOE Office Websites (Extended Search)

Current Projects > The Journal of Physical Current Projects > The Journal of Physical Security VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

487

Chemical Safety Vulnerability Working Group report. Volume 1  

Science Conference Proceedings (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

Not Available

1994-09-01T23:59:59.000Z

488

Texas Water Resources: Vulnerability from Contaminants  

E-Print Network (OSTI)

Numerical models of flow and transport are commonly applied for the sustainable management of water resources and for the selection of appropriate remediation techniques. However, these numerical models are not always accurate due to uncertain parameters and the disparity of scales across which observations are made, hydrological processes occur, and modeling is conducted. The modeling framework becomes further complex because hydrologic processes are coupled with chemical and biological processes. This dissertation focuses on the most widespread contaminants of surface and ground water, which are E. coli and nitrate, respectively. Therefore, this research investigates the linkages between bio-chemical and hydrologic processes for E. coli transport, explores the spatio-temporal variability of nitrate, quantifies uncertainty, and develops models for both E. coli and nitrate transport that better characterize these biogeochemical linkages. A probabilistic framework in the form of Bayesian Neural Networks (BNN) was used to estimate E. coli loads in surface streams and was compared with a conventional model LOADEST. This probabilistic framework is crucial when water quality data are scarce, and most models require a large number of mechanistic parameters to estimate E. coli concentrations. Results indicate that BNN provides better characterization of E. coli at higher loadings. Results also provide the physical, chemical, and biological factors that are critical in the estimation of E. coli concentrations in Plum Creek, Texas. To explore model parameters that control the transport of E. coli in the groundwater (GW) and surface water systems, research was conducted in Lake Granbury, Texas. Results highlight the importance of flow regimes and seasonal variability on E. coli transport. To explore the spatio-temporal variability of nitrate across the Trinity and Ogallala aquifers in Texas, an entropy-based method and a numerical study were employed. Results indicate that the overall mean nitrate-N has declined from 1940 to 2008 in the Trinity Aquifer as opposed to an increase in the Ogallala Aquifer. The numerical study results demonstrate the effect of different factors like GW pumping, flow parameters, hydrogeology of the site at multiple spatial scales. To quantify the uncertainty of nitrate transport in GW, an ensemble Kalman filter was used in combination with the MODFLOW-MT3DMS models. Results indicate that the EnKF notably improves the estimation of nitrate-N concentrations in GW. A conceptual modeling framework with deterministic physical processes and stochastic bio-chemical processes was devised to independently model E. coli and nitrate transport in the subsurface. Results indicate that model structural uncertainty provides useful insights to modeling E. coli and nitrate transport.

Dwivedi, Dipankar

2012-12-01T23:59:59.000Z

489

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS  

E-Print Network (OSTI)

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS S A Bhattil environment of an Electricity transmission substation environment is modelled as a Symmetric Alpha Stable of an electricity transmission substation. I. INTRODUCTION In industrial environments, Supervisor Control and Data

Atkinson, Robert C

490

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot- tleneck in mobile devices (the battery power

California at Davis, University of

491

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot­ tleneck in mobile devices (the battery power

Chen, Hao

492

Steganographic information hiding that exploits a novel file system vulnerability  

Science Conference Proceedings (OSTI)

In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. ...

Avinash Srinivasan; Satish Kolli; Jie Wu

2013-08-01T23:59:59.000Z

493

An adaptive architecture of applying vulnerability analysis to IDS alerts  

Science Conference Proceedings (OSTI)

With increasing intrusions and attacks on the Internet, there is an urgent need to develop techniques for network security. Current standalone network security products, such as the firewall systems, the Intrusion Detection System (IDS), the anti-virus ... Keywords: alert, intrusion detection, network security, predicate-based evaluation, vulnerability analysis

Xuejiao Liu; Xin Zhuang; Debao Xiao

2008-07-01T23:59:59.000Z

494

Vulnerabilities Analyzing Model for Alert Correlation in Distributed Environment  

Science Conference Proceedings (OSTI)

With the growing deployment of host and network intrusion detection systems, managing alerts from these systems becomes critically important. A promising approach is to develop a cooperation module between several IDS to achieve alerts correlation and ... Keywords: alert correlation, prerequisites and consequences, hyper-alert type, vulnerability tuple

Wen Long; Yang Xin; Yixian Yang

2009-07-01T23:59:59.000Z

495

V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP LoadRunner Multiple Bugs Let Remote Users Deny Service 3: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code July 26, 2013 - 3:31am Addthis PROBLEM: A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. PLATFORM: HP LoadRunner prior to 11.52 ABSTRACT: Multiple vulnerabilities were reported in HP LoadRunner. REFERENCE LINKS: Security Tracker Alert ID: 1028833 CVE-2013-2368 CVE-2013-2369 CVE-2013-2370 CVE-2013-4797 CVE-2013-4798 CVE-2013-4799 CVE-2013-4800 CVE-2013-4801 IMPACT ASSESSMENT: Medium DISCUSSION: Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code

496

An assessment of fire vulnerability for aged electrical relays  

SciTech Connect

There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

1995-03-01T23:59:59.000Z

497

One dimensional P wave velocity structure of the crust beneath west Java and accurate hypocentre locations from local earthquake inversion  

SciTech Connect

A one-dimensional (1-D) velocity model and station corrections for the West Java zone were computed by inverting P-wave arrival times recorded on a local seismic network of 14 stations. A total of 61 local events with a minimum of 6 P-phases, rms 0.56 s and a maximum gap of 299 Degree-Sign were selected. Comparison with previous earthquake locations shows an improvement for the relocated earthquakes. Tests were carried out to verify the robustness of inversion results in order to corroborate the conclusions drawn out from our reasearch. The obtained minimum 1-D velocity model can be used to improve routine earthquake locations and represents a further step toward more detailed seismotectonic studies in this area of West Java.

Supardiyono; Santosa, Bagus Jaya [Physics Department, Faculty of Mathematics and Natural Sciences, State University of Surabaya, Surabaya (Indonesia) and Physics Department, Faculty of Mathematics and Natural Sciences, Sepuluh Nopember Institute of Technology, Surabaya (Indonesia); Physics Department, Faculty of Mathematics and Natural Sciences, Sepuluh Nopember Institute of Technology, Surabaya (Indonesia)

2012-06-20T23:59:59.000Z