National Library of Energy BETA

Sample records for lets remote users

  1. V-202: Cisco Video Surveillance Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive...

  2. V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks...

  3. U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code September 18, 2012 -...

  4. U-047: Siemens Automation License Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or...

  5. T-574: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 10, 2011 - 3:05pm Addthis...

  6. V-127: Samba Bug Lets Remote Authenticated Users Modify Files...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was...

  7. V-218: HP Service Manager Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-029: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain Unauthorized Access...

  8. U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access October 13, 2011 - 8:15am...

  9. T-704: RSA enVision Lets Remote Users View Files and Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain...

  10. T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

    Broader source: Energy.gov [DOE]

    Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

  11. U-277: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were...

  12. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload...

    Energy Savers [EERE]

    Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users ...

  13. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic...

    Office of Environmental Management (EM)

    59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSLTLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL...

  14. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code ...

  15. V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive Resolvers V-172: ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive...

  16. U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain...

  17. U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers U-005: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers October 6,...

  18. U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain...

  19. U-046: Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers U-046: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers November 28, 2011 -...

  20. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information

  1. T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE)

    Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service.

  2. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information

    Broader source: Energy.gov [DOE]

    Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information.

  3. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Remote Users Conduct Cross-Site Scripting Attacks | Department of Energy 51: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks May 8, 2013 - 12:06am Addthis PROBLEM: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks

  4. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN ...

  5. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent...

  6. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am ...

  7. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls ...

  8. V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari...

  9. V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am...

  10. V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks June 24, 2013 -...

  11. V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Samba smbd CPU Processing Loop Lets Remote Users Deny Service V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny Service August 6, 2013 - 6:00am Addthis PROBLEM: A...

  12. V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote...

  13. U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis...

  14. V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code...

  15. V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM:...

  16. V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle...

  17. V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am...

  18. V-144: HP Printers Let Remote Users Access Files on the Printer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: HP Printers Let Remote Users Access Files on the Printer V-144: HP Printers Let Remote Users Access Files on the Printer April 29, 2013 - 12:27am Addthis PROBLEM: HP Printers...

  19. V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis...

  20. U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-699: EMC AutoStart Buffer Overflows Let Remote Users Execute Arbitrary Code U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System...

  1. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or ...

  2. V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote...

  3. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code | Department of Energy 6: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code January 24, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in

  4. T-695: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code.

  5. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

  6. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Buffer Overflow Lets Remote Users Execute Arbitrary Code | Department of Energy 59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute

  7. T-636: Wireshark Multiple Flaws Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  8. U-203: HP Photosmart Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions.

  9. U-176: Wireshark Multiple Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  10. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A ...

  11. U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands PLATFORM: Struts 2.0.0 - Struts 2.3.1.1 ABSTRACT: A remote user can execute arbitrary code...

  12. V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected

  13. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sensitive Information | Department of Energy 53: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information December 7, 2011 - 7:30am Addthis PROBLEM: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat

  14. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Arbitrary Code and Deny Service | Department of Energy 79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service October 11, 2012 - 6:00am Addthis PROBLEM: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: Version(s): prior to 4.1(9) ABSTRACT: Several vulnerabilities were reported in Cisco Firewall

  15. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Controls | Department of Energy 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  16. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially...

    Office of Environmental Management (EM)

    Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) ...

  17. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addresses | Department of Energy 39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20, 2012 - 7:00am Addthis PROBLEM: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses PLATFORM: Version(s): 6 beta 4 and prior versions ABSTRACT: A remote user can spoof SMS source addresses. Reference LINKS: SecurityTracker Alert ID: 1027410 Apple.com PCMag.com

  18. T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 5: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code January 28, 2011 - 7:21am Addthis PROBLEM: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code. PLATFORM: RealPlayer 14.0.1 and prior versions ABSTRACT: A vulnerability was reported in RealPlayer. A remote user can

  19. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Password | Department of Energy 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker

  20. V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Login Anonymously | Department of Energy 5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously September 5, 2013 - 12:33am Addthis PROBLEM: A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously. PLATFORM: Cisco Mobility Services Engine ABSTRACT: A vulnerability in Cisco Mobility Services Engine could allow an

  1. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Commands on the Target System | Department of Energy 49: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System December 1, 2011 - 9:00am Addthis PROBLEM: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System. PLATFORM: IBM Tivoli Netcool Reporter prior to 2.2.0.8 ABSTRACT: A vulnerability was reported in IBM Tivoli Netcool

  2. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE

  3. V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Spoof the Server | Department of Energy 65: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server May 28, 2013 - 12:46am Addthis PROBLEM: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server PLATFORM: Cisco WebEx for iOS 4.1, Other versions may also be affected. ABSTRACT: A vulnerability was reported in Cisco WebEx for iOS. REFERENCE LINKS:

  4. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sessions | Department of Energy 7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions September 27, 2011 - 8:00am Addthis PROBLEM: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions. PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows

  5. U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 91: cURL Lets Remote Users Decrypt SSL/TLS Traffic U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic January 30, 2012 - 6:45am Addthis PROBLEM: A vulnerability was reported in cURL. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) : Version(s): 7.10.6 through 7.23.1 ABSTRACT: A remote user can decrypt SSL/TLS sessions in certain cases. reference LINKS: CVE-2011-3389 SecurityTracker Alert ID: 1026587 Vendor Advisory IMPACT ASSESSMENT: Moderate Discussion: A remote user with the

  6. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. PLATFORM: Nexus 1000v, 5000, and 7000 Series Switches ABSTRACT: A remote user can send a specially crafted IP packet to cause the target device to reload. reference LINKS: Cisco

  7. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-033: Microsoft Security Bulletin Summary for November 2011 T-706: Microsoft Fraudulent Digital Certificate Issued by DigiNotar U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt ...

  8. U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    aixefixessecurityicmpfix.tar Addthis Related Articles U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service V-031: IBM WebSphere DataPower...

  9. T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Passwords | Department of Energy 92: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords August 12, 2011 - 3:47pm Addthis PROBLEM: A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password. PLATFORM: Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01 ABSTRACT: VMware vFabric tc

  10. T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Windows Remote Desktop Client. A remote user can cause arbitrary code to be executed on the target user's system.

  11. U-074: Microsoft.NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary commands on the target system. A remote user can access a target user's account. A remote user can redirect users to arbitrary sites.

  12. U-137: HP Performance Manager Unspecified Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute...

  13. U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information.

  14. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication...

  15. V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated...

  16. V-220: Juniper Security Threat Response Manager Lets Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute...

  17. V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June...

  18. V-149: Microsoft Internet Explorer Object Access Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary...

  19. V-093: Symantec PGP Desktop Buffer Overflows Let Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users...

  20. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  1. V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

  2. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

    Energy Savers [EERE]

    iOS. A remote user can cause arbitrary code to be executed on the target user's system. ... A remote user can create a specially crafted file that, when loaded by the target user, ...

  3. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system.

  4. T-718:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  5. U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  6. U-036: Apple iOS Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create content that, when loaded by the target user, will execute arbitrary code on or obtain potentially sensitive information from the target user's system.

  7. U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  8. U-004:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  9. T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases.

  10. U-118: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially information.

  11. V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

  12. U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands

    Broader source: Energy.gov [DOE]

    A remote user can create a URL that, when loaded by the target authenticated administrative user, will execute arbitrary commands on the target system.

  13. U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.

  14. U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.

  15. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.

  16. U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system.

  17. U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  18. U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  19. T-692: VMware vFabric tc Server Lets Remote Users Login Using...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A remote user can login using an obfuscated version of their password. PLATFORM: ... user can use the password in obfuscated form (or in plain text form) to authenticate. ...

  20. U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system

  1. U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service.

  2. U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system

  3. U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system.

  4. U-153: EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions.

  5. U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions.

  6. U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system.

  7. T-719:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can cause the backend server to remain in an error state until the retry timeout expires.

  8. U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Execution of arbitrary code via network A remote user can cause arbitrary code to be executed on the target

  9. U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

  10. U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CTA 7.3.1 and later with Hotfix ESA-2012-034 Addthis Related Articles V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-036: EMC Smarts Network...

  11. T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  12. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  13. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration.

  14. U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can send a series of specially crafted TCP packets to trigger a kernel panic on the target system.

  15. T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system.

  16. T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory

    Broader source: Energy.gov [DOE]

    The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software.

  17. U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system.

  18. U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    Several vulnerabilities were reported in Apple OS X. A remote user can execute arbitrary code on the target system. A remote user can obtain a password hash in certain cases. A local user can obtain elevated privileges on the target system. A local user can obtain password keystrokes.

  19. T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Red Hat Directory Server. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A local user can cause denial of service conditions.

  20. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates

    Broader source: Energy.gov [DOE]

    A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases.

  1. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    overflow CVE-2012-0670. A specially crafted '.pict' file can trigger a memory corruption error CVE-2012-0671. Impact: A remote user can create a file that, when loaded by...

  2. U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate.

  3. U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system.

  4. U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause the target application to execute arbitrary code on the target user's system.

  5. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system

  6. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL.

  7. U-007: IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in IBM Rational AppScan. A remote user can cause arbitrary code to be executed on the target user's system.

  8. V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

  9. U-177: Lotus Quickr for Domino ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Lotus Quickr for Domino. A remote user can cause arbitrary code to be executed on the target user's system.

  10. U-012: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in BlackBerry Enterprise Server. A remote user can impersonate another messaging user within the same organization.

  11. U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.

  12. U-201: HP System Management Homepage Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

  13. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  14. V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data.

  15. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444 Bugtraq ID: 55184 CVE-2012-4595, CVE-2012-4596, CVE-2012-4597 IMPACT ASSESSMENT: Medium Discussion A remote...

  16. V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2013-1009,...

  17. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system - CVE-2010-1823,...

  18. U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system.

  19. U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

  20. U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when processed by the target filter, will cause partial denial of service conditions.

  1. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  2. U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2011-3016, CVE-2011-3021,...

  3. T-662: ISC BIND Packet Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers.

  4. T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.

  5. V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service August 23, 2013 - 1:26am...

  6. U-082: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Lets Remote Users Execute Arbitrary Code January 17, 2012 - 1:00pm Addthis PROBLEM: PHP Null Pointer Dereference in zendstrndup() Lets Local Users Deny Service PLATFORM: PHP...

  7. T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote DNS server can supply very large RRSIG RRsets in a negative response to trigger an off-by-one error in a buffer size check and cause the target requesting named process to crash. A remote user can cause named to crash.

  8. U-081: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  9. T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists due to improper validation of program executables downloaded by the Cisco AnyConnect Secure Mobility Client. An unauthenticated, remote attacker could exploit the vulnerability by convincing the targeted user to view a malicious website. If successful, the attacker could execute arbitrary code on the system with the privileges of the user. Cisco confirmed the vulnerability in a security advisory and released software updates.

  10. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access

    Broader source: Energy.gov [DOE]

    Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.

  11. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Articles U-083:Oracle Critical Patch Update Advisory - January 2012 V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code T-576: Oracle Solaris Adobe Flash Player...

  12. U-015: CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands

    Broader source: Energy.gov [DOE]

    Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  13. V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Deny Service | Department of Energy 1: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service January 17, 2013 - 12:00am Addthis PROBLEM: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service PLATFORM: The vulnerability is reported in versions 8.7.1 and 8.7.1.1. ABSTRACT: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall

  14. V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Execute Arbitrary Code | Department of Energy 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS:

  15. V-109: Google Chrome WebKit Type Confusion Error Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 25.0.1364.160 ABSTRACT: A vulnerability was reported in...

  16. T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Access or Modify SSL/TLS Sessions | Department of Energy 76: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions July 26, 2011 - 1:06am Addthis PROBLEM: A vulnerability was reported in Apple iOS. A remote user with the ability to conduct a man-in-the-middle attack can access or modify SSL/TLS sessions. PLATFORM: iOS 4.2.5

  17. T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service July...

  18. V-235: Cisco Mobility Services Engine Configuration Error Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login ...

  19. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

  20. T-660: OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances.

  1. V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges May...

  2. V-195: RSA Authentication Manager Lets Local Users View the Administra...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password...

  3. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

  4. U-084: Cisco Digital Media Manager Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges....

  5. T-621: Citrix XenServer Lets Local Administrative Users on the...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service May 12, 2011 -...

  6. U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges December 9, 2011 - 8:00am...

  7. V-189: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host V-189: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target...

  8. V-115: Apple iOS Bugs Let Local Users Gain Elevated Privileges...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apple iOS Bugs Let Local Users Gain Elevated Privileges V-115: Apple iOS Bugs Let Local Users Gain Elevated Privileges March 20, 2013 - 12:08am Addthis PROBLEM: Apple iOS Bugs...

  9. V-141: HP ElitePad 900 Secure Boot Bug Lets Local Users Boot...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: HP ElitePad 900 Secure Boot Bug Lets Local Users Boot to Other Operating Systems V-141: HP ElitePad 900 Secure Boot Bug Lets Local Users Boot to Other Operating Systems April...

  10. V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions December 12, 2012 - 2:00am Addthis PROBLEM:...

  11. V-179: Blackberry Z10 Flaw Lets Physically Local Users Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Blackberry Z10 Flaw Lets Physically Local Users Access the Device V-179: Blackberry Z10 Flaw Lets Physically Local Users Access the Device June 17, 2013 - 1:09am Addthis...

  12. T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain...

    Broader source: Energy.gov (indexed) [DOE]

    T-727:Microsoft Windows SSLTLS Protocol Flaw Lets Remote Users Decryption Sessions U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSLTLS Traffic and SSL Buffer Overflow Lets ...

  13. U-029: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain Unauthorized Access U-029: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain...

  14. V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service ...

  15. U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  16. U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Linux Kernel SGIO ioctl Bug Lets Local Users Gain Elevated Privileges PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat...

  17. T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated...

    Broader source: Energy.gov (indexed) [DOE]

    server and command line utilities for server administration. Addthis Related Articles T-671: Red Hat system-config-firewall Lets Local Users Gain Root Privileges V-041: Red Hat...

  18. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7.1, and BlackBerry PlayBook tablet software ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's...

  19. T-703: Cisco Unified Communications Manager Open Query Interface Lets

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Obtain Database Contents | Department of Energy 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5

  20. V-160: Wireshark Multiple Bugs Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    can be exploited to cause a crash via specially crafted packets. 6) An error in the MPEG DSM-CC dissector (dissectorspacket-mpeg-dsmcc.c) can be exploited to cause a crash via...

  1. V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    issued a fix (7.1.2). Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  2. U-192: VMware Workstation/Player VM Remote Device Bug Lets Local...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    aBSTRACT: A local or remote user can cause denial of service conditions on the target virtual system. reference LINKS: Vendor Advisory Security Tracker ID 1027173 CVE-2012-3289...

  3. User Guide for Remote Access to VDI/Workplace Using PIV | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy User Guide for Remote Access to VDI/Workplace Using PIV User Guide for Remote Access to VDI/Workplace Using PIV User guide for remote access to VDI/Workplace using a PIV card . VDI_WP_PIV_Remote_Guide_Final.pdf (1.39 MB) More Documents & Publications User guide for remote access to VDI and Workplace using RSA token Remote Access Options Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA)

  4. U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP WBEM. A remote or local user can gain access to diagnostic data.

  5. User guide for remote access to VDI and Workplace using RSA token |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy User guide for remote access to VDI and Workplace using RSA token User guide for remote access to VDI and Workplace using RSA token User guide for remote access to VDI and Workplace using RSA token VDI_WP_RSA_Remote_Guide_Final.pdf (1.22 MB) More Documents & Publications User Guide for Remote Access to VDI/Workplace Using PIV Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc Citrix_2FA_Authentication_09.09

  6. T-583: Linux Kernel OSF Partition Table Buffer Overflow Lets Local Users Obtain Information

    Broader source: Energy.gov [DOE]

    A local user can create a storage device with specially crafted OSF partition tables. When the kernel automatically evaluates the partition tables, a buffer overflow may occur and data from kernel heap space may leak to user-space.

  7. U-210: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions.

  8. T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service

    Broader source: Energy.gov [DOE]

    A local administrative user on a guest operating system can interrupt the normal operation of the target hypervisor.

  9. U-017: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP MFP Digital Sending Software. A local user can obtain potentially sensitive information.

  10. T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions.

  11. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute ... The vendor has issued a fix (16.0.0.282). Addthis Related Articles V-228: RealPlayer ...

  12. U-092: Sudo Format String Bug Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A local user can supply a specially crafted command line argument to trigger a format string flaw and execute arbitrary commands on the target system with root privileges.

  13. U-094: EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an unauthorized user to obtain highest administrative privileges on the system.

  14. T-653: Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed Signals

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A local user can send spoofed signals to other processes in certain cases.

  15. T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users

    Broader source: Energy.gov [DOE]

    When using HTTP pipelining, the system may return information from a different request to a remote user. The vulnerability resides in the HTTP BIO connector.

  16. T-601: Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in the Windows Kernel. A local user can obtain elevated privileges on the target system. A local user can trigger a use-after free or null pointer dereference to execute arbitrary commands on the target system with kernel level privileges.

  17. U-045: Windows Win32k.sys Keyboard Layout Bug Lets Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ID: SA46919 IMPACT ASSESSMENT: Low Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial...

  18. User Guide Remote Access to VDI/Workplace Using PIV

    Broader source: Energy.gov (indexed) [DOE]

    ......... 3 1.1 Web Browsers ......with remote PIV with VDI. 1.1 Web Browsers Browser Version Functions with ...

  19. T-663: Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    The Cisco Content Services Gateway: Second Generation provides intelligent network capabilities such as flexible policy management and billing based on deep-packet inspection, as well as subscriber and application awareness capabilities that enable mobile operators to quickly and easily offer value-added, differentiated services over their mobile data networks. A DoS vulnerability exists in the Cisco Content Services Gateway: Second Generation could allow an unauthenticated attacker to cause a device reload by sending crafted ICMP messages to the affected device. Note: The Cisco Gateway GPRS Support Node (GGSN), the Cisco Mobile Wireless Home Agent (HA), the Cisco Wireless Security Gateway (WSG), the Cisco Broadband Wireless Gateway and Cisco IP Transfer Point (ITP), and the Cisco Long Term Evolution (LTE) Gateway are not affected. This vulnerability is documented in Cisco bug ID CSCtl79577 ( registered customers only) and has been assigned CVE ID CVE-2011-2064.

  20. U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems.

  1. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    in certain cases. reference LINKS: Vendor Advisory Security Tracker ID 1026744 CVE-2012-0866 IMPACT ASSESSMENT: Medium Discussion: For trigger functions marked SECURITY...

  2. U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ID: 1026774 Apple Security Updates About the security content of iOS 5.1 Software Update CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585,...

  3. U-110: Samba Bug Lets Remote Users Execute Arbitrary Code | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    code on the target system. reference LINKS: Vendor Advisory Security Tracker ID 1026739 CVE-2012-0870 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Samba....

  4. T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker.

  5. T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server. This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6.

  6. U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead were reported in Adobe Flash Player.

  7. V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1) An unspecified error when handling TeXML files can be exploited to cause memory corruption. 2) A boundary error when handling H.263 encoded movie files can be exploited to...

  8. V-199: Solaris Bugs Let Local Users Gain Root Privileges, Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    recommends applying July Critical Patch Update Addthis Related Articles V-181: Oracle Java SE Critical Patch Update Advisory - June 2013 V-051: Oracle Solaris Java Multiple...

  9. T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash.

  10. V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers

    Broader source: Energy.gov [DOE]

    A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c

  11. U-227: bind-dyndb-ldap DN Escaping Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in bind-dyndb-ldap, which can be exploited by malicious people to cause a DoS (Denial of Service).

  12. T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System

    Office of Energy Efficiency and Renewable Energy (EERE)

    PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions may also be affected.

  13. T-579: BlackBerry Device Software Bug in WebKit Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    or instant messages. BlackBerry has described a workaround (disabling the use of JavaScript in the BlackBerry Browser) in their advisory. BlackBerry Device storage space...

  14. T-568: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    execute arbitrary code. 4) An error within the internal memory mapping of non-local JavaScript variables can be exploited to cause a buffer overflow and potentially execute...

  15. T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users...

    Energy Savers [EERE]

    ... An attacker could create a malicious web page that looks like the normal VPN web login ... This arbitrary executable would be executed with the same operating system privileges ...

  16. V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access

    Broader source: Energy.gov [DOE]

    This security update resolves a vulnerability in the HP Service Manager which allows people to have access to unauthorized information

  17. U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system.

  18. U-232: Xen p2m_teardown() Bug Lets Local Guest OS Users Deny Service on the Host OS

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Xen. A local user on a guest operating system can cause denial of service conditions on the host.

  19. T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A local user may be able to obtain elevated privileges on the target system. A physically local user can connect a storage device with a specially crafted LDM partition table to trigger a buffer overflow in the ldm_frag_add() function in 'fs/partitions/ldm.c' and potentially execute arbitrary code with elevated privileges.

  20. U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Linux Kernel Netlink SCMCREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges U-242: Linux Kernel Netlink SCMCREDENTIALS Processing Flaw Lets Local Users Gain...

  1. T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    There is a high risk security vulnerability with the ActiveBar ActiveX controls used by IBM Rational System Architect.

  2. T-568: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and Mozilla presume that with enough effort at least some of these could be exploited to run arbitrary code.

  3. U-006:Cisco Network Admission Control Manager Directory Traversal Flaw Lets Remote Users Obtain Potentially Sensitive Information

    Office of Energy Efficiency and Renewable Energy (EERE)

    An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.

  4. U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.

  5. Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... offered at CAMD's annual user meeting) or by retaking the online CAMD Radiation Safety Test. If your training has expired your access card will not allow access to the ...

  6. V-194: Citrix XenServer Memory Management Error Lets Local Administrat...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host V-194: Citrix XenServer Memory Management Error Lets Local Administrative...

  7. V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Gain Elevated Privileges | Department of Energy 4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges April 15, 2013 - 1:30am Addthis PROBLEM: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges PLATFORM: Cisco AnyConnect Secure Mobility Client Cisco Secure Desktop ABSTRACT: Some vulnerabilities

  8. T-723:Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    An attacker can exploit this issue by enticing an unsuspecting victim into visiting a malicious website.

  9. U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    SDK and JRE 1.4.233 and prior ABSTRACT: A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or...

  10. LANSCE | Users | User Office

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Office LANSCE User Office and Visitor Center The LANSCE User Office is responsible for coordinating the users with LANSCE instrument scientist and the facility. Users contact the User Office weeks before they arrive at the LANSCE Visitor Center at Technical Area 53. Among their many responsibilities, the team issues the call for proposals, coordinates proposal experiment schedules, directs users to the training center, issues badges and dosimeters, helps to arrange tours of the facilities,

  11. V-177: VMware vCenter Chargeback Manager File Upload Handling...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code...

  12. User Information

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Information User Information Print ALSHub User Portal User Guide A step-by-step guide for users about how to apply and prepare for beam time at the ALS. Experiment Safety Upon receiving beam time, complete an Experiment Safety Sheet Prospective Users Users from Industry Contacts for Users User Policy Data Management Users' Executive Committee (UEC) User Meeting

  13. LANSCE | Users | User Program

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    LANSCE User Program LANSCE's User Program ensures the research it oversees represents the cutting edge of nuclear and materials science and technology. The User Program plays a key role in training the next generation of top scientists, attracting the best graduate students, postdoctoral researchers, and early-career scientists (defined as those less than 40-years old). The User Program typically begins with the first call for proposals and run until the end of the run-cycle. The User-Program

  14. T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Security Tracker Alert CVE-2010-4393 IMPACT ASSESSMENT: Medium Discussion: A ...

  15. Training Courses for Argonne User Facilities | Advanced Photon...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Training Courses for Argonne User Facilities All core courses can be taken via the Remote Training web site. See the user training requirements summary for general information....

  16. User Training | Argonne National Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Training Before performing work at the CNM, you must take certain orientation and safety training courses. We encourage you to take these courses remotely before you arrive at ...

  17. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Home Contact User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment...

  18. Spotlight on Austin, Texas: Let Your Contractor Be Your Guide...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Your Contractor Be Your Guide for Big Rewards Spotlight on Austin, Texas: Let Your Contractor Be Your Guide for Big Rewards Spotlight on Austin, Texas: Let Your Contractor Be ...

  19. User Facilities

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Facilities User Facilities User facility agreements allow Los Alamos partners and other entities to conduct research at our unique facilities. In 2011, LANL hosted more than 1,200 users at CINT, LANSCE, and NHMFL. Users came from across the DOE complex, from international academia, and from industrial companies from 45 states across the U.S. Unique world-class user facilities foster rich research opportunities Through its technology transfer efforts, LANL can implement user facility

  20. Remote switch actuator

    DOE Patents [OSTI]

    Haas, Edwin Gerard; Beauman, Ronald; Palo, Jr., Stefan

    2013-01-29

    The invention provides a device and method for actuating electrical switches remotely. The device is removably attached to the switch and is actuated through the transfer of a user's force. The user is able to remain physically removed from the switch site obviating need for protective equipment. The device and method allow rapid, safe actuation of high-voltage or high-current carrying electrical switches or circuit breakers.

  1. LANSCE | Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Rosen Scholar Rosen Prize Users dotline User Information Planning for Arrival: Contact the User Office several weeks before arriving at LANSCE. The LANSCE User Office will assist you in preparing for your visit to LANSCE. Plan to arrive one day prior to your scheduled beam time. User Office Contacts Division Office Ph: 505.667.5051 Lujan Center User Office lujan-uo@lanl.gov WNR User Program Administrator Tanya Herrera Ph: 505.667.6797 User Office Main Desk Email: lansce-user-office@lanl.gov Ph:

  2. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users...

  3. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Proposals for beam time User publications database Guest logistics and parking Loan of laptop, stealth phone and projector Logisitics for the annual users' meeting ALS Experiment...

  4. User Facilities

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Facilities User Facilities A new research frontier awaits! Our door is open, and we thrive on mutually beneficial partnerships and collaborations that drive innovations and new technologies. Unique world-class user facilities foster rich research opportunities Through its technology transfer efforts, Los Alamos National Laboratory can implement user facility agreements that allow its partners and other entities to conduct research at many of its unique facilities. While our largest user

  5. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Contacts for Users User Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address

  6. Defining a Possible Low LET Bystander Effect

    SciTech Connect (OSTI)

    Charles R. Geard

    2009-05-04

    Current radiation protection guidelines assume a linear response to ionizing radiations down through doses where epidemiological studies provide very limited to no information as to the propriety of such assumptions. The bystander response is a non-targeted effect which might impact such guidelines. These studies while clearly affirming a bystander response for high LET radiations, do not provide such affirmation for environmentally relevant low dose, low LET radiations. Caution and further study are necessary before making judgements that could impact on current standards.

  7. User Guide

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Guide Print 1. Register with the ALS Create an account on ALSHub-the ALS user portal. 2. Apply for Beam Time 3. Establish a User Agreement 4. Comply with Experiment Safety Requirements Upon receiving beam time, complete an Experiment Safety Sheet. 5. Get Access to Work Onsite 6. Complete Online Safety Training 7. Utilize Available Resources 8. Complete the User Satisfaction Survey 9. Report Publications, Awards, Talks, Acknowledging Work at ALS

  8. User Policy

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs

  9. User Guide

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Guide Print 1. Register with the ALS Create an account on ALSHub-the ALS user portal. 2. Apply for Beam Time 3. Establish a User Agreement 4. Comply with Experiment Safety Requirements Upon receiving beam time, complete an Experiment Safety Sheet. 5. Get Access to Work Onsite 6. Complete Online Safety Training 7. Utilize Available Resources 8. Complete the User Satisfaction Survey 9. Report Publications, Awards, Talks, Acknowledging Work at ALS

  10. User Policy

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs