National Library of Energy BETA

Sample records for lets remote authenticated

  1. V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated...

  2. V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks...

  3. V-127: Samba Bug Lets Remote Authenticated Users Modify Files...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was...

  4. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information

    Broader source: Energy.gov [DOE]

    Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information.

  5. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload...

    Energy Savers [EERE]

    Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users ...

  6. T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

    Broader source: Energy.gov [DOE]

    Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

  7. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Remote Users Conduct Cross-Site Scripting Attacks | Department of Energy 51: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks May 8, 2013 - 12:06am Addthis PROBLEM: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks

  8. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A ...

  9. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Password | Department of Energy 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker

  10. U-084: Cisco Digital Media Manager Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges....

  11. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

  12. V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    issued a fix (7.1.2). Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  13. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system.

  14. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication...

  15. V-220: Juniper Security Threat Response Manager Lets Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute...

  16. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  17. U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

  18. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates

    Broader source: Energy.gov [DOE]

    A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases.

  19. T-704: RSA enVision Lets Remote Users View Files and Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain...

  20. U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

  1. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration.

  2. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  3. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444 Bugtraq ID: 55184 CVE-2012-4595, CVE-2012-4596, CVE-2012-4597 IMPACT ASSESSMENT: Medium Discussion A remote...

  4. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN ...

  5. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent...

  6. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code | Department of Energy 6: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code January 24, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in

  7. V-195: RSA Authentication Manager Lets Local Users View the Administra...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password...

  8. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access

    Broader source: Energy.gov [DOE]

    Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.

  9. V-202: Cisco Video Surveillance Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive...

  10. V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June...

  11. V-149: Microsoft Internet Explorer Object Access Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary...

  12. U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code September 18, 2012 -...

  13. U-047: Siemens Automation License Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or...

  14. T-574: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 10, 2011 - 3:05pm Addthis...

  15. V-218: HP Service Manager Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-029: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain Unauthorized Access...

  16. U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access October 13, 2011 - 8:15am...

  17. U-267: RSA® Authentication Agent 7.1 for Microsoft Windows®...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662 CVE-2012-2287...

  18. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

  19. U-277: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were...

  20. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic...

    Office of Environmental Management (EM)

    59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSLTLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL...

  1. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code ...

  2. V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive Resolvers V-172: ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive...

  3. U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain...

  4. U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers U-005: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers October 6,...

  5. U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain...

  6. U-046: Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers U-046: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers November 28, 2011 -...

  7. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information

  8. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  9. T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE)

    Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service.

  10. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am ...

  11. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls ...

  12. V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari...

  13. V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am...

  14. V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks June 24, 2013 -...

  15. V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service August 23, 2013 - 1:26am...

  16. V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Samba smbd CPU Processing Loop Lets Remote Users Deny Service V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny Service August 6, 2013 - 6:00am Addthis PROBLEM: A...

  17. V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote...

  18. U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis...

  19. V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code...

  20. V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM:...

  1. V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote...

  2. V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle...

  3. V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am...

  4. V-144: HP Printers Let Remote Users Access Files on the Printer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: HP Printers Let Remote Users Access Files on the Printer V-144: HP Printers Let Remote Users Access Files on the Printer April 29, 2013 - 12:27am Addthis PROBLEM: HP Printers...

  5. V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis...

  6. U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-699: EMC AutoStart Buffer Overflows Let Remote Users Execute Arbitrary Code U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System...

  7. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or ...

  8. T-695: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code.

  9. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

  10. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Buffer Overflow Lets Remote Users Execute Arbitrary Code | Department of Energy 59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute

  11. U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands

    Broader source: Energy.gov [DOE]

    A remote user can create a URL that, when loaded by the target authenticated administrative user, will execute arbitrary commands on the target system.

  12. T-692: VMware vFabric tc Server Lets Remote Users Login Using...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A remote user can login using an obfuscated version of their password. PLATFORM: ... user can use the password in obfuscated form (or in plain text form) to authenticate. ...

  13. V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected

  14. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sensitive Information | Department of Energy 53: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information December 7, 2011 - 7:30am Addthis PROBLEM: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat

  15. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Arbitrary Code and Deny Service | Department of Energy 79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service October 11, 2012 - 6:00am Addthis PROBLEM: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: Version(s): prior to 4.1(9) ABSTRACT: Several vulnerabilities were reported in Cisco Firewall

  16. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Controls | Department of Energy 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  17. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially...

    Office of Environmental Management (EM)

    Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) ...

  18. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Articles U-083:Oracle Critical Patch Update Advisory - January 2012 V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code T-576: Oracle Solaris Adobe Flash Player...

  19. U-082: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Lets Remote Users Execute Arbitrary Code January 17, 2012 - 1:00pm Addthis PROBLEM: PHP Null Pointer Dereference in zendstrndup() Lets Local Users Deny Service PLATFORM: PHP...

  20. U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands PLATFORM: Struts 2.0.0 - Struts 2.3.1.1 ABSTRACT: A remote user can execute arbitrary code...

  1. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addresses | Department of Energy 39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20, 2012 - 7:00am Addthis PROBLEM: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses PLATFORM: Version(s): 6 beta 4 and prior versions ABSTRACT: A remote user can spoof SMS source addresses. Reference LINKS: SecurityTracker Alert ID: 1027410 Apple.com PCMag.com

  2. T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 5: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code January 28, 2011 - 7:21am Addthis PROBLEM: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code. PLATFORM: RealPlayer 14.0.1 and prior versions ABSTRACT: A vulnerability was reported in RealPlayer. A remote user can

  3. U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate.

  4. V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Login Anonymously | Department of Energy 5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously September 5, 2013 - 12:33am Addthis PROBLEM: A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously. PLATFORM: Cisco Mobility Services Engine ABSTRACT: A vulnerability in Cisco Mobility Services Engine could allow an

  5. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Commands on the Target System | Department of Energy 49: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System December 1, 2011 - 9:00am Addthis PROBLEM: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System. PLATFORM: IBM Tivoli Netcool Reporter prior to 2.2.0.8 ABSTRACT: A vulnerability was reported in IBM Tivoli Netcool

  6. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE

  7. V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Deny Service | Department of Energy 1: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service January 17, 2013 - 12:00am Addthis PROBLEM: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service PLATFORM: The vulnerability is reported in versions 8.7.1 and 8.7.1.1. ABSTRACT: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall

  8. V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Spoof the Server | Department of Energy 65: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server May 28, 2013 - 12:46am Addthis PROBLEM: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server PLATFORM: Cisco WebEx for iOS 4.1, Other versions may also be affected. ABSTRACT: A vulnerability was reported in Cisco WebEx for iOS. REFERENCE LINKS:

  9. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sessions | Department of Energy 7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions September 27, 2011 - 8:00am Addthis PROBLEM: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions. PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows

  10. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-033: Microsoft Security Bulletin Summary for November 2011 T-706: Microsoft Fraudulent Digital Certificate Issued by DigiNotar U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt ...

  11. U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    aixefixessecurityicmpfix.tar Addthis Related Articles U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service V-031: IBM WebSphere DataPower...

  12. V-109: Google Chrome WebKit Type Confusion Error Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 25.0.1364.160 ABSTRACT: A vulnerability was reported in...

  13. U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 91: cURL Lets Remote Users Decrypt SSL/TLS Traffic U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic January 30, 2012 - 6:45am Addthis PROBLEM: A vulnerability was reported in cURL. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) : Version(s): 7.10.6 through 7.23.1 ABSTRACT: A remote user can decrypt SSL/TLS sessions in certain cases. reference LINKS: CVE-2011-3389 SecurityTracker Alert ID: 1026587 Vendor Advisory IMPACT ASSESSMENT: Moderate Discussion: A remote user with the

  14. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. PLATFORM: Nexus 1000v, 5000, and 7000 Series Switches ABSTRACT: A remote user can send a specially crafted IP packet to cause the target device to reload. reference LINKS: Cisco

  15. T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw

    Broader source: Energy.gov [DOE]

    An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.

  16. T-636: Wireshark Multiple Flaws Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  17. U-203: HP Photosmart Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions.

  18. U-176: Wireshark Multiple Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  19. V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Execute Arbitrary Code | Department of Energy 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS:

  20. T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Access or Modify SSL/TLS Sessions | Department of Energy 76: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions July 26, 2011 - 1:06am Addthis PROBLEM: A vulnerability was reported in Apple iOS. A remote user with the ability to conduct a man-in-the-middle attack can access or modify SSL/TLS sessions. PLATFORM: iOS 4.2.5

  1. T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Passwords | Department of Energy 92: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords August 12, 2011 - 3:47pm Addthis PROBLEM: A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password. PLATFORM: Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01 ABSTRACT: VMware vFabric tc

  2. U-015: CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands

    Broader source: Energy.gov [DOE]

    Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  3. U-137: HP Performance Manager Unspecified Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute...

  4. T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Windows Remote Desktop Client. A remote user can cause arbitrary code to be executed on the target user's system.

  5. V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

  6. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    in certain cases. reference LINKS: Vendor Advisory Security Tracker ID 1026744 CVE-2012-0866 IMPACT ASSESSMENT: Medium Discussion: For trigger functions marked SECURITY...

  7. V-223: RSA Authentication Agent for PAM Allows Remote Users to...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    has issued a fix Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  8. U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information.

  9. V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

  10. U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CTA 7.3.1 and later with Hotfix ESA-2012-034 Addthis Related Articles V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-036: EMC Smarts Network...

  11. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  12. U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service.

  13. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

    Energy Savers [EERE]

    iOS. A remote user can cause arbitrary code to be executed on the target user's system. ... A remote user can create a specially crafted file that, when loaded by the target user, ...

  14. T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases.

  15. U-118: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially information.

  16. U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system

  17. U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system.

  18. U-153: EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions.

  19. U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions.

  20. U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system.

  1. T-719:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can cause the backend server to remain in an error state until the retry timeout expires.

  2. U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Execution of arbitrary code via network A remote user can cause arbitrary code to be executed on the target

  3. U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.

  4. T-718:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  5. U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  6. U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.

  7. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.

  8. U-036: Apple iOS Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create content that, when loaded by the target user, will execute arbitrary code on or obtain potentially sensitive information from the target user's system.

  9. U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can send a series of specially crafted TCP packets to trigger a kernel panic on the target system.

  10. U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system.

  11. T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system.

  12. U-201: HP System Management Homepage Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

  13. U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  14. U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  15. U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  16. U-004:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  17. U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system

  18. V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data.

  19. U-192: VMware Workstation/Player VM Remote Device Bug Lets Local...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    aBSTRACT: A local or remote user can cause denial of service conditions on the target virtual system. reference LINKS: Vendor Advisory Security Tracker ID 1027173 CVE-2012-3289...

  20. T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory

    Broader source: Energy.gov [DOE]

    The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software.

  1. T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  2. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    overflow CVE-2012-0670. A specially crafted '.pict' file can trigger a memory corruption error CVE-2012-0671. Impact: A remote user can create a file that, when loaded by...

  3. U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system.

  4. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7.1, and BlackBerry PlayBook tablet software ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's...

  5. T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service July...

  6. V-235: Cisco Mobility Services Engine Configuration Error Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login ...

  7. T-662: ISC BIND Packet Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers.

  8. U-074: Microsoft.NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary commands on the target system. A remote user can access a target user's account. A remote user can redirect users to arbitrary sites.

  9. U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system.

  10. V-093: Symantec PGP Desktop Buffer Overflows Let Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users...

  11. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL.

  12. U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause the target application to execute arbitrary code on the target user's system.

  13. Instructions for using HSPD-12 Authenticated Outlook Web Access...

    Energy Savers [EERE]

    Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Provides instructions for remote Outlook...

  14. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system

  15. U-007: IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in IBM Rational AppScan. A remote user can cause arbitrary code to be executed on the target user's system.

  16. V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

  17. U-177: Lotus Quickr for Domino ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Lotus Quickr for Domino. A remote user can cause arbitrary code to be executed on the target user's system.

  18. U-012: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in BlackBerry Enterprise Server. A remote user can impersonate another messaging user within the same organization.

  19. U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system.

  20. U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when processed by the target filter, will cause partial denial of service conditions.

  1. T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote DNS server can supply very large RRSIG RRsets in a negative response to trigger an off-by-one error in a buffer size check and cause the target requesting named process to crash. A remote user can cause named to crash.

  2. U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    Several vulnerabilities were reported in Apple OS X. A remote user can execute arbitrary code on the target system. A remote user can obtain a password hash in certain cases. A local user can obtain elevated privileges on the target system. A local user can obtain password keystrokes.

  3. T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain...

    Broader source: Energy.gov (indexed) [DOE]

    T-727:Microsoft Windows SSLTLS Protocol Flaw Lets Remote Users Decryption Sessions U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSLTLS Traffic and SSL Buffer Overflow Lets ...

  4. T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Red Hat Directory Server. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A local user can cause denial of service conditions.

  5. U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.

  6. T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.

  7. U-029: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain Unauthorized Access U-029: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain...

  8. V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service ...

  9. Secure authenticated video equipment

    SciTech Connect (OSTI)

    Doren, N.E.

    1993-07-01

    In the verification technology arena, there is a pressing need for surveillance and monitoring equipment that produces authentic, verifiable records of observed activities. Such a record provides the inspecting party with confidence that observed activities occurred as recorded, without undetected tampering or spoofing having taken place. The secure authenticated video equipment (SAVE) system provides an authenticated series of video images of an observed activity. Being self-contained and portable, it can be installed as a stand-alone surveillance system or used in conjunction with existing monitoring equipment in a non-invasive manner. Security is provided by a tamper-proof camera enclosure containing a private, electronic authentication key. Video data is transferred communication link consisting of a coaxial cable, fiber-optic link or other similar media. A video review station, located remotely from the camera, receives, validates, displays and stores the incoming data. Video data is validated within the review station using a public key, a copy of which is held by authorized panics. This scheme allows the holder of the public key to verify the authenticity of the recorded video data but precludes undetectable modification of the data generated by the tamper-protected private authentication key.

  10. V-231: Cisco Identity Services Engine Discloses Authentication Credentials

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to Remote Users | Department of Energy 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services

  11. T-703: Cisco Unified Communications Manager Open Query Interface Lets

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Obtain Database Contents | Department of Energy 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5

  12. U-081: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  13. Obfuscated authentication systems, devices, and methods

    DOE Patents [OSTI]

    Armstrong, Robert C; Hutchinson, Robert L

    2013-10-22

    Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

  14. Low-bandwidth authentication.

    SciTech Connect (OSTI)

    Donnelly, Patrick Joseph; McIver, Lauren; Gaines, Brian R.; Anderson, Erik; Collins, Michael Joseph; Thomas,Kurt Adam; McDaniel, Austin

    2007-09-01

    Remotely-fielded unattended sensor networks generally must operate at very low power--in the milliwatt or microwatt range--and thus have extremely limited communications bandwidth. Such sensors might be asleep most of the time to conserve power, waking only occasionally to transmit a few bits. RFID tags for tracking or material control have similarly tight bandwidth constraints, and emerging nanotechnology devices will be even more limited. Since transmitted data is subject to spoofing, and since sensors might be located in uncontrolled environments vulnerable to physical tampering, the high-consequence data generated by such systems must be protected by cryptographically sound authentication mechanisms; but such mechanisms are often lacking in current sensor networks. One reason for this undesirable situation is that standard authentication methods become impractical or impossible when bandwidth is severely constrained; if messages are small, a standard digital signature or HMAC will be many times larger than the message itself, yet it might be possible to spare only a few extra bits per message for security. Furthermore, the authentication tags themselves are only one part of cryptographic overhead, as key management functions (distributing, changing, and revoking keys) consume still more bandwidth. To address this problem, we have developed algorithms that provide secure authentication while adding very little communication overhead. Such techniques will make it possible to add strong cryptographic guarantees of data integrity to a much wider range of systems.

  15. T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists due to improper validation of program executables downloaded by the Cisco AnyConnect Secure Mobility Client. An unauthenticated, remote attacker could exploit the vulnerability by convincing the targeted user to view a malicious website. If successful, the attacker could execute arbitrary code on the system with the privileges of the user. Cisco confirmed the vulnerability in a security advisory and released software updates.

  16. System and method for authentication

    SciTech Connect (OSTI)

    Duerksen, Gary L.; Miller, Seth A.

    2015-12-29

    Described are methods and systems for determining authenticity. For example, the method may include providing an object of authentication, capturing characteristic data from the object of authentication, deriving authentication data from the characteristic data of the object of authentication, and comparing the authentication data with an electronic database comprising reference authentication data to provide an authenticity score for the object of authentication. The reference authentication data may correspond to one or more reference objects of authentication other than the object of authentication.

  17. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  18. V-166: HP-UX Directory Server Discloses Passwords to Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users May...

  19. Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Citrix_2FA_Authentication_12_3_2009.doc Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc (453.3 KB) More Documents & Publications Citrix_2FA_Authentication_09.09 Using Two-Factor RSA Token with WebVPN User guide for remote access to VDI and Workplace using RSA token

  20. Multi-factor authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-10-21

    Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

  1. Authentication of byte sequences

    SciTech Connect (OSTI)

    Stearns, S.D.

    1991-06-01

    Algorithms for the authentication of byte sequences are described. The algorithms are designed to authenticate data in the Storage, Retrieval, Analysis, and Display (SRAD) Test Data Archive of the Radiation Effects and Testing Directorate (9100) at Sandia National Laboratories, and may be used in similar situations where authentication of stored data is required. The algorithms use a well-known error detection method called the Cyclic Redundancy Check (CRC). When a byte sequence is authenticated and stored, CRC bytes are generated and attached to the end of the sequence. When the authenticated data is retrieved, the authentication check consists of processing the entire sequence, including the CRC bytes, and checking for a remainder of zero. The error detection properties of the CRC are extensive and result in a reliable authentication of SRAD data.

  2. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute ... The vendor has issued a fix (16.0.0.282). Addthis Related Articles V-228: RealPlayer ...

  3. Authentication of quantum messages.

    SciTech Connect (OSTI)

    Barnum, Howard; Crépeau, Jean-Claude; Gottesman, D.; Smith, A.; Tapp, Alan

    2001-01-01

    Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.

  4. Authentication Without Secrets

    SciTech Connect (OSTI)

    Pierson, Lyndon G.; Robertson, Perry J.

    2015-11-01

    This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integrity of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.

  5. Two-Factor Authentication

    Broader source: Energy.gov [DOE]

    Two-Factor Authentication (2FA) (also known as 2-Step Verification) is a system that employs two methods to identify an individual. More secure than reusable passwords, when a token's random number...

  6. International safeguards data authentication

    SciTech Connect (OSTI)

    Melton, R.B.; Smith, C.E.; DeLand, S.M.; Manatt, D.R.

    1996-07-01

    The International Safeguards community is becoming increasingly reliant on information stored in electronic form. In international monitoring and related activities it must be possible to verify and maintain the integrity of this electronic information. This paper discusses the use of data authentication technology to assist in accomplishing this task. The paper provides background information, identifies the relevance to international safeguards, discusses issues related to export controls, algorithm patents, key management and the use of commercial vs. custom software.

  7. Anonymous authenticated communications

    DOE Patents [OSTI]

    Beaver, Cheryl L.; Schroeppel, Richard C.; Snyder, Lillian A.

    2007-06-19

    A method of performing electronic communications between members of a group wherein the communications are authenticated as being from a member of the group and have not been altered, comprising: generating a plurality of random numbers; distributing in a digital medium the plurality of random numbers to the members of the group; publishing a hash value of contents of the digital medium; distributing to the members of the group public-key-encrypted messages each containing a same token comprising a random number; and encrypting a message with a key generated from the token and the plurality of random numbers.

  8. CERTIFICATE OF AUTHENTICITY

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. ~ i c h a e l G. Mueller, Chair National Coal Council I NATIONAL COAL COUNCIL 1 FULL COUNCIL MEETING FRIDAY NOVEMBER 14, 2 0 0 8 The Full Council meeting convened at 9 : 0 0 a.m. in the Washington Ballroom of the Westin Grand Hotel, 2 3 5 0 M Street, NW, Washington, DC, Chair

  9. AVNG authentication features

    SciTech Connect (OSTI)

    Thron, Jonathan Louis; Mac Arthur, Duncan W; White, Greg; Razinkov, Sergey; Livke, Alexander

    2010-01-01

    Any verification measurement performed on potentially classified nuclear material must satisfy two seemingly contradictory constraints. First and foremost, no classified information can be released. At the same time, the monitoring party must have confidence in the veracity of the measurement (called authentication). An information barrier (IB) is included in the measurement system to protect the potentially classified information. To achieve both goals, the IB allows only very limited, previously agreed-on information to be displayed to the monitoring party. In addition to this limited information from the potentially classified measurement, other measurements are performed and procedures are put in place for the monitoring party to gain confidence that the material being measured is consistent with the host's declarations concerning that material. In this presentation, we will discuss the techniques used in the AVNG attribute measuring system to facilitate authentication of the verification measurements by the monitors. These techniques include measuring unclassified items while allowing more information to be displayed; having the monitor understand the system function, design, and implementation; and randomly selecting the order of measurements.

  10. V-160: Wireshark Multiple Bugs Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    can be exploited to cause a crash via specially crafted packets. 6) An error in the MPEG DSM-CC dissector (dissectorspacket-mpeg-dsmcc.c) can be exploited to cause a crash via...

  11. User Guide for Remote Access to VDI/Workplace Using PIV | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy User Guide for Remote Access to VDI/Workplace Using PIV User Guide for Remote Access to VDI/Workplace Using PIV User guide for remote access to VDI/Workplace using a PIV card . VDI_WP_PIV_Remote_Guide_Final.pdf (1.39 MB) More Documents & Publications User guide for remote access to VDI and Workplace using RSA token Remote Access Options Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA)

  12. Authentication techniques for smart cards

    SciTech Connect (OSTI)

    Nelson, R.A.

    1994-02-01

    Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thorough understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.

  13. Spotlight on Austin, Texas: Let Your Contractor Be Your Guide...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Your Contractor Be Your Guide for Big Rewards Spotlight on Austin, Texas: Let Your Contractor Be Your Guide for Big Rewards Spotlight on Austin, Texas: Let Your Contractor Be ...

  14. User guide for remote access to VDI and Workplace using RSA token |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy User guide for remote access to VDI and Workplace using RSA token User guide for remote access to VDI and Workplace using RSA token User guide for remote access to VDI and Workplace using RSA token VDI_WP_RSA_Remote_Guide_Final.pdf (1.22 MB) More Documents & Publications User Guide for Remote Access to VDI/Workplace Using PIV Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc Citrix_2FA_Authentication_09.09

  15. E-Labs - Learning with Authentic Data

    SciTech Connect (OSTI)

    Bardeen, Marjorie G.; Wayne, Mitchell

    2016-01-01

    the success teachers have had providing an opportunity for students to: • Organize and conduct authentic research. • Experience the environment of scientific collaborations. • Possibly make real contributions to a burgeoning scientific field. We've created projects that are problem-based, student driven and technology dependent. Students reach beyond classroom walls to explore data with other students and experts and share results, publishing original work to a worldwide audience. Students can discover and extend the research of other students, modeling the processes of modern, large-scale research projects. From start to finish e-Labs are student-led, teacher-guided projects. Students need only a Web browser to access computing techniques employed by professional researchers. A Project Map with milestones allows students to set the research plan rather than follow a step-by-step process common in other online projects. Most importantly, e-Labs build the learning experience around the students' own questions and let them use the very tools that scientists use. Students contribute to and access shared data, most derived from professional research databases. They use common analysis tools, store their work and use metadata to discover, replicate and confirm the research of others. This is where real scientific collaboration begins. Using online tools, students correspond with other research groups, post comments and questions, prepare summary reports, and in general participate in the part of scientific research that is often left out of classroom experiments. Teaching tools such as student and teacher logbooks, pre- and post-tests and an assessment rubric aligned with learner outcomes help teachers guide student work. Constraints on interface designs and administrative tools such as registration databases give teachers the "one-stop-shopping" they seek for multiple e-Labs. Teaching and administrative tools also allow us to track usage and assess the impact on

  16. AUTHENTICATED SENSOR INTERFACE DEVICE FOR JOINT USE SAFEGUARDS APPLICATIONS - CONCEPTS AND CHALLENGES

    SciTech Connect (OSTI)

    Poland, R.; Drayer, R.; Wilson, J.

    2013-08-12

    This paper will discuss the key features of the Authenticated Sensor Interface Device that collectively provide the ability to share data among a number of parties while ensuring the authentication of data and protecting both the operator’s and the IAEA’s interests. The paper will also discuss the development of the prototype, the initial testing with an accountancy scale, and future plans and challenges to implementation into the joint use and remote monitoring applications. As nuclear fuel cycle technology becomes more prevalent throughout the world and the capacity of plants increases, limited resources of the IAEA are being stretched near a breaking point. A strategy is to increase efficiency in safeguards monitoring using “joint use” equipment that will provide the facility operator process data while also providing the IAEA key safeguards data. The data, however, must be authenticated and validated to ensure the data have not been tampered with. The Authenticated Sensor Interface Device provides the capability to share data and can be a valuable component in the IAEA’s ability to collect accountancy data from scales in Uranium conversion and enrichment plants, as well as nuclear fuel fabrication plants. Likewise, the Authenticated Sensor Interface Device can be configured to accept a diverse array of input signals, ranging from analog voltage, to current, to digital interfaces and more. These modular capabilities provide the ability to collect authenticated, joint-use, data streams from various process monitoring sensors.

  17. A proposed generic authentication information element

    SciTech Connect (OSTI)

    Tarman, T.D.

    1995-08-01

    This contribution describes a proposed information element that can convey authentication information within an ATM signaling message. The design of this information element provides a large amount of flexibility to the user because it does not specify a particular signature algorithm, and it does not specify which information elements must accompany the Authentication IE in a signaling message. This allows the user to implement authenticated signaling based on her site`s security policies and performance requirements.

  18. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. Tran_001.pdf CERTIFICATE OF AUTHENTICITY (4.5 MB) More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for Offshore Wind Demonstrations Office of Information Resources Office of

  19. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Energy Savers [EERE]

    D.C. Tran001.pdf PDF icon CERTIFICATE OF AUTHENTICITY More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for...

  20. Defining a Possible Low LET Bystander Effect

    SciTech Connect (OSTI)

    Charles R. Geard

    2009-05-04

    Current radiation protection guidelines assume a linear response to ionizing radiations down through doses where epidemiological studies provide very limited to no information as to the propriety of such assumptions. The bystander response is a non-targeted effect which might impact such guidelines. These studies while clearly affirming a bystander response for high LET radiations, do not provide such affirmation for environmentally relevant low dose, low LET radiations. Caution and further study are necessary before making judgements that could impact on current standards.

  1. V-231: Cisco Identity Services Engine Discloses Authentication...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    system stores the username and password of an authenticated user within hidden ... or clickjacking attack to access the username and password of an authenticated session. ...

  2. INFOGRAPHIC: Let's Get to Work on Solar Soft Costs | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let's Get to Work on Solar Soft Costs INFOGRAPHIC: Let's Get to Work on Solar Soft Costs December 2, 2013 - 1:00pm Addthis Learn how soft costs are contributing to the price of ...

  3. Solar Decathlon 2015: Let the Competition Begin | Department...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Let the Competition Begin Solar Decathlon 2015: Let the Competition Begin February 13, 2014 - 1:00pm Addthis The Solar Decathlon competition has provided more than 17,000 college ...

  4. AUTHENTICATED

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    1 Contract No. 11PB-12330 AMENDMENT executed by the BONNEVILLE POWER ADMINISTRATION and PORT TOWNSEND PAPER CORPORATION This AMENDMENT to the Firm Power Sales Agreement (Agreement)...

  5. Data Authentication Demonstration for Radionuclide Stations

    SciTech Connect (OSTI)

    Harris, Mark; Herrington, Pres; Miley, Harry; Ellis, J. Edward; McKinnon, David; St. Pierre, Devon

    1999-08-03

    Data authentication is required for certification of sensor stations in the International Monitoring System (IMS). Authentication capability has been previously demonstrated for continuous waveform stations (seismic and infrasound). This paper addresses data surety for the radionuclide stations in the IMS, in particular the Radionuclide Aerosol Sampler/Analyzer (RASA) system developed by Pacific Northwest National Laboratory (PNNL). Radionuclide stations communicate data by electronic mail using formats defined in IMS 1.0, Formats and Protocols for Messages. An open message authentication standard exists, called S/MIME (Secure/Multipurpose Internet Mail Extensions), which has been proposed for use with all IMS radionuclide station message communications. This standard specifies adding a digital signature and public key certificate as a MIME attachment to the e-mail message. It is advantageous because it allows authentication to be added to all IMS 1.0 messages in a standard format and is commercially supported in e-mail software. For command and control, the RASA system uses a networked Graphical User Interface (GUI) based upon Common Object Request Broker Architecture (CORBA) communications, which requires special authentication procedures. The authors have modified the RASA system to meet CTBTO authentication guidelines, using a FORTEZZA card for authentication functions. They demonstrated signing radionuclide data messages at the RASA, then sending, receiving, and verifying the messages at a data center. They demonstrated authenticating command messages and responses from the data center GUI to the RASA. Also, the particular authentication system command to change the private/public key pair and retrieve the new public key was demonstrated. This work shows that data surety meeting IMS guidelines may be immediately applied to IMS radionuclide systems.

  6. Sandia National Laboratories: Let it rain

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Let it rain By Karli Massey Thursday, September 01, 2016 Sandia's clean water stewards focus on stormwater runoff Sandia experts, students explore mechanical challenges at summer institute Environmental technical professional John Kay (4141) inspects a construction site at Sandia before a storm to ensure proper protection measures are in place near stormwater drains. Monsoon season is well underway in New Mexico and other areas across the Southwest. The flash floods caused by monsoon storms

  7. Final report for the network authentication investigation and pilot.

    SciTech Connect (OSTI)

    Eldridge, John M.; Dautenhahn, Nathan; Miller, Marc M.; Wiener, Dallas J; Witzke, Edward L.

    2006-11-01

    New network based authentication mechanisms are beginning to be implemented in industry. This project investigated different authentication technologies to see if and how Sandia might benefit from them. It also investigated how these mechanisms can integrate with the Sandia Two-Factor Authentication Project. The results of these investigations and a network authentication path forward strategy are documented in this report.

  8. Remote Access

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Remote Access Remote Access Laboratory employees can access Research Library databases and products from offsite using our EZproxy service. This service is limited to LANL employees with active Z numbers and cryptocards. Access Electronic Collections with EZproxy Remote Access Journals - Books - Standards - Databases (WOK, etc) How to use EZproxy: From this page: Click on the icon above. From external site: Select "OFFSITE LANL Employee". Enter your Z number and Cryptocard passcode.

  9. Hardware device binding and mutual authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-03-04

    Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

  10. Authentication Protocol using Quantum Superposition States

    SciTech Connect (OSTI)

    Kanamori, Yoshito; Yoo, Seong-Moo; Gregory, Don A.; Sheldon, Frederick T

    2009-01-01

    When it became known that quantum computers could break the RSA (named for its creators - Rivest, Shamir, and Adleman) encryption algorithm within a polynomial-time, quantum cryptography began to be actively studied. Other classical cryptographic algorithms are only secure when malicious users do not have sufficient computational power to break security within a practical amount of time. Recently, many quantum authentication protocols sharing quantum entangled particles between communicators have been proposed, providing unconditional security. An issue caused by sharing quantum entangled particles is that it may not be simple to apply these protocols to authenticate a specific user in a group of many users. An authentication protocol using quantum superposition states instead of quantum entangled particles is proposed. The random number shared between a sender and a receiver can be used for classical encryption after the authentication has succeeded. The proposed protocol can be implemented with the current technologies we introduce in this paper.

  11. Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

    DOE Patents [OSTI]

    Kent, Alexander Dale

    2008-09-02

    Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

  12. Cooperative Remote Monitoring, Arms control and nonproliferation technologies: Fourth quarter 1995

    SciTech Connect (OSTI)

    Alonzo, G M

    1995-01-01

    The DOE`s Cooperative Remote Monitoring programs integrate elements from research and development and implementation to achieve DOE`s objectives in arms control and nonproliferation. The contents of this issue are: cooperative remote monitoring--trends in arms control and nonproliferation; Modular Integrated Monitoring System (MIMS); Authenticated Tracking and Monitoring Systems (ATMS); Tracking and Nuclear Materials by Wide-Area Nuclear Detection (WAND); Cooperative Monitoring Center; the International Remote Monitoring Project; international US and IAEA remote monitoring field trials; Project Dustcloud: monitoring the test stands in Iraq; bilateral remote monitoring: Kurchatov-Argonne-West Demonstration; INSENS Sensor System Project.

  13. V-174: RSA Authentication Manager Writes Operating System, SNMP...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System,...

  14. Kerberos authentication: The security answer for unsecured networks

    SciTech Connect (OSTI)

    Engert, D.E.

    1995-06-01

    Traditional authentication schemes do not properly address the problems encountered with today`s unsecured networks. Kerbmm developed by MIT, on the other hand is designed to operate in an open unsecured network, yet provide good authentication and security including encrypted session traffic. Basic Kerberos principles as well as experiences of the ESnet Authentication Pilot Project with Cross Realm. Authentication between four National Laboratories will also be described.

  15. U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Linux Kernel Netlink SCMCREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges U-242: Linux Kernel Netlink SCMCREDENTIALS Processing Flaw Lets Local Users Gain...

  16. V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges May...

  17. Authentication of data for monitoring a comprehensive test ban treaty

    SciTech Connect (OSTI)

    Craft, R.L.; Draelos, T.J.

    1996-05-01

    The important issue of data integrity in the CTBT International Monitoring System (IMS) is discussed and a brief tutorial on data authentication techniques is offered. The utilization of data authentication as a solution to the data integrity problem is evaluated. Public key data authentication is recommended for multilateral monitoring regimes such as the CTBT. The ramifications and system considerations of applying data authentication at various locations in the IMS, or not at all, are reviewed in a data surety context. The paper concludes with a recommendation of authenticating data at all critical monitoring stations.

  18. System and method for authentication of goods

    DOE Patents [OSTI]

    Kaish, Norman; Fraser, Jay; Durst, David I.

    1999-01-01

    An authentication system comprising a medium having a plurality of elements, the elements being distinctive, detectable and disposed in an irregular pattern or having an intrinsic irregularity. Each element is characterized by a determinable attribute distinct from a two-dimensional coordinate representation of simple optical absorption or simple optical reflection intensity. An attribute and position of the plurality of elements, with respect to a positional reference is detected. A processor generates an encrypted message including at least a portion of the attribute and position of the plurality of elements. The encrypted message is recorded in physical association with the medium. The elements are preferably dichroic fibers, and the attribute is preferably a polarization or dichroic axis, which may vary over the length of a fiber. An authentication of the medium based on the encrypted message may be authenticated with a statistical tolerance, based on a vector mapping of the elements of the medium, without requiring a complete image of the medium and elements to be recorded.

  19. V-036: EMC Smarts Network Configuration Manager Database Authentication

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Vulnerability | Department of Energy 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts

  20. T-646: Debian fex authentication bypass | Department of Energy

    Energy Savers [EERE]

    PLATFORM: Debian fex ABSTRACT: Debian security discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the ...

  1. Authenticating concealed private data while maintaining concealment

    DOE Patents [OSTI]

    Thomas, Edward V.; Draelos, Timothy J.

    2007-06-26

    A method of and system for authenticating concealed and statistically varying multi-dimensional data comprising: acquiring an initial measurement of an item, wherein the initial measurement is subject to measurement error; applying a transformation to the initial measurement to generate reference template data; acquiring a subsequent measurement of an item, wherein the subsequent measurement is subject to measurement error; applying the transformation to the subsequent measurement; and calculating a Euclidean distance metric between the transformed measurements; wherein the calculated Euclidean distance metric is identical to a Euclidean distance metric between the measurement prior to transformation.

  2. T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    The Cisco Content Services Gateway: Second Generation provides intelligent network capabilities such as flexible policy management and billing based on deep-packet inspection, as well as subscriber and application awareness capabilities that enable mobile operators to quickly and easily offer value-added, differentiated services over their mobile data networks. A DoS vulnerability exists in the Cisco Content Services Gateway: Second Generation could allow an unauthenticated attacker to cause a device reload by sending crafted ICMP messages to the affected device. Note: The Cisco Gateway GPRS Support Node (GGSN), the Cisco Mobile Wireless Home Agent (HA), the Cisco Wireless Security Gateway (WSG), the Cisco Broadband Wireless Gateway and Cisco IP Transfer Point (ITP), and the Cisco Long Term Evolution (LTE) Gateway are not affected. This vulnerability is documented in Cisco bug ID CSCtl79577 ( registered customers only) and has been assigned CVE ID CVE-2011-2064.

  3. U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems.

  4. U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ID: 1026774 Apple Security Updates About the security content of iOS 5.1 Software Update CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585,...

  5. U-110: Samba Bug Lets Remote Users Execute Arbitrary Code | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    code on the target system. reference LINKS: Vendor Advisory Security Tracker ID 1026739 CVE-2012-0870 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Samba....

  6. T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker.

  7. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  8. T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server. This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6.

  9. U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead were reported in Adobe Flash Player.

  10. V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2013-1009,...

  11. V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1) An unspecified error when handling TeXML files can be exploited to cause memory corruption. 2) A boundary error when handling H.263 encoded movie files can be exploited to...

  12. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system - CVE-2010-1823,...

  13. U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2011-3016, CVE-2011-3021,...

  14. V-199: Solaris Bugs Let Local Users Gain Root Privileges, Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    recommends applying July Critical Patch Update Addthis Related Articles V-181: Oracle Java SE Critical Patch Update Advisory - June 2013 V-051: Oracle Solaris Java Multiple...

  15. T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash.

  16. V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers

    Broader source: Energy.gov [DOE]

    A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c

  17. U-227: bind-dyndb-ldap DN Escaping Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in bind-dyndb-ldap, which can be exploited by malicious people to cause a DoS (Denial of Service).

  18. V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) ...

  19. T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System

    Office of Energy Efficiency and Renewable Energy (EERE)

    PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions may also be affected.

  20. T-579: BlackBerry Device Software Bug in WebKit Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    or instant messages. BlackBerry has described a workaround (disabling the use of JavaScript in the BlackBerry Browser) in their advisory. BlackBerry Device storage space...

  1. T-568: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    execute arbitrary code. 4) An error within the internal memory mapping of non-local JavaScript variables can be exploited to cause a buffer overflow and potentially execute...

  2. T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users...

    Energy Savers [EERE]

    ... An attacker could create a malicious web page that looks like the normal VPN web login ... This arbitrary executable would be executed with the same operating system privileges ...

  3. V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access

    Broader source: Energy.gov [DOE]

    This security update resolves a vulnerability in the HP Service Manager which allows people to have access to unauthorized information

  4. T-659: Update support for RSA Authentication Manager

    Broader source: Energy.gov [DOE]

    RSA posted SP4 Patch 4 of their Authentication Manager product 06/30/2011. There are a few pages of fixes in the README, but the most significant is that Authentication Manager can now be installed on Windows Server 2008 (both 32 and 64bit).

  5. Multi-factor Authentication Update | The Ames Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Multi-factor Authentication Update There is a delay in the purchase of the multi-factor authentication software solution that will cause a lag in the planned implementation. The Laboratory is currently in negotiations to complete the purchase. Once complete, the implementation can begin.

  6. Multiple node remote messaging

    DOE Patents [OSTI]

    Blumrich, Matthias A.; Chen, Dong; Gara, Alan G.; Giampapa, Mark E.; Heidelberger, Philip; Ohmacht, Martin; Salapura, Valentina; Steinmacher-Burow, Burkhard; Vranas, Pavlos

    2010-08-31

    A method for passing remote messages in a parallel computer system formed as a network of interconnected compute nodes includes that a first compute node (A) sends a single remote message to a remote second compute node (B) in order to control the remote second compute node (B) to send at least one remote message. The method includes various steps including controlling a DMA engine at first compute node (A) to prepare the single remote message to include a first message descriptor and at least one remote message descriptor for controlling the remote second compute node (B) to send at least one remote message, including putting the first message descriptor into an injection FIFO at the first compute node (A) and sending the single remote message and the at least one remote message descriptor to the second compute node (B).

  7. Public-key data authentication for treaty verification

    SciTech Connect (OSTI)

    Draelos, T.J.; Goldsmith, S.Y.

    1992-08-01

    A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication is important for support of both bilateral and multi-lateral treaties. 8 refs.

  8. Public-key data authentication for treaty verification

    SciTech Connect (OSTI)

    Draelos, T.J.; Goldsmith, S.Y.

    1992-01-01

    A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication is important for support of both bilateral and multi-lateral treaties. 8 refs.

  9. T-621: Citrix XenServer Lets Local Administrative Users on the...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service May 12, 2011 -...

  10. U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges December 9, 2011 - 8:00am...