Powered by Deep Web Technologies
Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

Alerts  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

for Biosis, Inspec, and Web of Science databases HOW TO: Saved Search alert: Select a database (see above) Execute a search Click Search History Click Save History Create...

2

Science Open Access Journals - Alerts Help  

Office of Scientific and Technical Information (OSTI)

SOAJ Alerts Fast Facts SOAJ Alerts Fast Facts You can easily create an alert right from the results page. Alerts run automatically, based on the schedule you choose. New relevantly ranked results are automatically sent to you through email or an individual or shared RSS/ATOM feed. There is no limit to the number of alerts you can create. Up to 6 previous sets of alert results may be accessed, with permanent links to the sources where possible. Selected results can be emailed, printed, or downloaded into a citation manager such as EndNote, RefWorks or Bib Tex. Alerts Help Alerts will make your recurring searches even easier by automating your search and sending you the results on a regular basis. To receive alerts on your topic(s) of interest, simply create an Alerts account, specify your

3

Energy Citations Database (ECD) - Alerts Help  

Office of Scientific and Technical Information (OSTI)

Help Help Alerts Registration - Receiving Alerts - Renewing your registration Alerts Log On Changing E-mail Address ECD Alerts Contact Us Managing your Alerts - Requesting an Alert or revising an Alert request - Canceling all Alerts and your registration - Summary of your Alerts - Weekly Alert notification - Not receiving an Alert? - Excessive Alerts ECD Alerts FAQ Passwords - Password requirements - Changing your password - Forgot your password? ECD Help ECD FAQs OSTI FAQs Alerts Registration Receiving Alerts In order to receive Alerts, you must register. Enter your e-mail address, a password, and repeat the password. Passwords must meet requirements. After submitting an Alerts Registration, you will receive an e-mail indicating that your Alerts Registration has been successfully submitted

4

Safety Alerts | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Alerts Safety Alerts Documents downloaded from the password-protected areas of this web site may be made available to the DOE Federal and contractor community and to the...

5

HEALTH ALERT Meningococcal Meningitis  

E-Print Network [OSTI]

HEALTH ALERT Prevention Meningococcal Meningitis What is Meningococcal Meningitis? Meningococcal with someone confirmed to have this disease, immediately contact the Student Health Center or go to the nearest. Students: Check past medical records and contact Student Health Center if you did not receive your last

Stanford, Kyle

6

TIMELY WARNING CAMPUS ALERT  

E-Print Network [OSTI]

TIMELY WARNING CAMPUS ALERT 13 September 2007 This communication is prepared as part of the Timely of 1990. This federal law requires a general communication to the campus community of all crimes reported. Consider carefully whether your presence at or near the Lancaster Green Apartments while unaccompanied

Hardy, Christopher R.

7

Energy Citations Database (ECD) - Alerts FAQ  

Office of Scientific and Technical Information (OSTI)

Frequently Asked Questions (FAQs) Frequently Asked Questions (FAQs) What is an ECD Alert? Is there a charge for receiving Alerts? How do I register to receive an Alert? and how do I renew my registration? How do I request, revise, or cancel an Alert? How often will I receive an Alert? Where can I find a summary of my Alerts? And how long is my summary available? What do I do if I do not receive an Alert that I am expecting? What are the password requirements to receive Alerts? What do I do if I have forgotten my Alerts password? How do I change my Alerts password? How do I change my Alerts e-mail address? How do I cancel my registration for Alerts? How do I get help with ECD Alerts? How do I get help with ECD? What other databases/products/services are available from DOE's Office of Scientific and Technical Information (OSTI)?

8

Energy Citations Database (ECD) - Alerts Log On  

Office of Scientific and Technical Information (OSTI)

Log On You must Log On to use the ECD Alerts. Alerts provide users with e-mail notification of updates to the ECD in specific areas of interest. If you wish to receive an Alert and...

9

Energy Citations Database (ECD) - Alerts Log On  

Office of Scientific and Technical Information (OSTI)

ECD Alerts Log On Alerts provide users with e-mail notification of updates to the ECD in specific areas of interest. If you wish to receive an Alert and are not registered, please...

10

Email Alerts - DOE Directives, Delegations, and Requirements  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Email Alerts by Diane Johnson Use this form to subscribeunsubscribe to email alerts. Please select the type of email alert that you would like to receive. Your Name Please enter...

11

Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links Links Dedicated links pages are available for the following topics: Diesel Vehicles and Fuels Electric Vehicles Fuel Cell Vehicles Hybrids Plug-in Hybrids Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Auto Manufacturers Acura Aston Martin Audi Bentley BMW Bugatti Buick Cadillac Chevrolet Chrysler Dodge Ferrari Fiat Ford GMC Honda Hyundai Infiniti Jaguar Jeep Kia Lamborghini Land Rover Lexus Lincoln Lotus Maserati Maybach Mazda McLaren Automotive Mercedes-Benz MINI Mitsubishi Nissan Porsche Ram Rolls Royce Roush Performance Scion smart Spyker Subaru Suzuki Toyota Volkswagen Volvo VPG Buying Guides ACEEE's Green Book Aol Autos

12

Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links Links Public Outreach Clint Sprott's Wonders of Physics from University of Wisconsin, Madison Clint Sprott's Physics Demo Manual Phun Physics shows from University of Virginia Physics Van from Universitiy of Illinois, Urbana-Champaign How Does A Thing Like That Work from University of Pittsburgh Physics on the Road from Purdue University The Mad Science Group University Catalogues of Demonstrations Boston Univeristy's physics demonstrations University of Victoria physics demonstrations Wesleyan University physics demonstrations University of Minnesota, The Origin of the DCS Physics Demonstrations at the University of Texas at Austin University of Maryland University of Wisconsin University of Guelph University of Oregon Brown Physics Lecture Demonstrations University of California, Berkeley

13

Telecommunications Emergency Alert System Speakers  

E-Print Network [OSTI]

Telecommunications Emergency Alert System Speakers 1. Fax completed form to 979.847.1111. 2. If you apply.) Desired Completion Date Departmental Approval Signature Date Telecommunications Office Use Only

14

V-098: Linux Kernel Extended Verification Module Bug Lets Local...  

Broader source: Energy.gov (indexed) [DOE]

reported in the Linux Kernel. REFERENCE LINKS: The Linux Kernel Archives Linux Kernel Red Hat Bugzilla - Bug 913266 SecurityTracker Alert ID: 1028196 CVE-2013-0313 IMPACT...

15

U-155: WebCalendar Access Control and File Inclusion Bugs Let...  

Broader source: Energy.gov (indexed) [DOE]

were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system. reference links: SecurityTracker Alert ID: 1026966...

16

V-199: Solaris Bugs Let Local Users Gain Root Privileges, Remote...  

Broader source: Energy.gov (indexed) [DOE]

reported in Solaris REFERENCE LINKS: SecurityTracker Alert ID: 1028802 Oracle Critical Patch Update Advisory - July 2013 CVE-2013-3745 CVE-2013-3746 CVE-2013-3748 CVE-2013-3750...

17

T-606: Sun Java System Access Manager Lets Remote Users Partially...  

Broader source: Energy.gov (indexed) [DOE]

LINKS: SecurityTracker Alert ID: 1025408 CVE-2011-0844 CVE-2011-0847 Oracle Critical Patch Update Advisory IMPACT ASSESSMENT: Medium Discussion: A remote authenticated user can...

18

Information Bridge: DOE Scientific and Technical Information - Alerts  

Office of Scientific and Technical Information (OSTI)

Help Help Alerts Registration - Receiving Alerts - Renewing your registration Alerts Log On Changing E-mail Address IB Alerts Comments Managing your Alerts - Requesting an Alert or revising an Alert request - Canceling all Alerts and your registration - Summary of your Alerts - Weekly Alert notification - Not receiving an Alert? - Excessive Alerts IB Alerts FAQ Passwords - Password requirements - Changing your password - Forgot your password? IB Help IB FAQs OSTI FAQs Alerts Registration Receiving Alerts In order to receive Alerts, you must register. Enter your e-mail address, a password, and repeat the password. Passwords must meet requirements. After submitting an Alerts Registration, you will receive an e-mail indicating that your Alerts Registration has been successfully submitted

19

Energy Citations Database (ECD) - Alerts Comments  

Office of Scientific and Technical Information (OSTI)

Alerts Comments If you have a question about Energy Citations Database Alerts, we recommend you check frequently asked questions. If your question still has not been answered or if...

20

E-print Network Alerts -- Energy, science, and technology for the research  

Office of Scientific and Technical Information (OSTI)

E-print Alerts E-print Alerts Login User Name: Enter User Name Password: Forgot username or password? Login The E-print Alerts feature is a service that will automatically notify you when new e-print information is available in your specific areas of interest. Simply register for the service and then create a search strategy, which will be matched automatically against each new weekly update. Patrons will receive the results of the alert via e-mail. If you are a NEW PATRON, learn how to set up E-print Alerts to meet your needs. If you are an existing patron, enter your user name and password in the box on the right, then press the login button. You may review or modify your search, add a new search, and see search results. Some links on this page may take you to non-federal websites. Their

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

Web Links to Commonly Used Sites Can't find the page you are looking for? Please review the Statler College Favorite Links  

E-Print Network [OSTI]

Web Links to Commonly Used Sites Can't find the page you are looking for? Please review the Statler College Favorite Links list (below in alphabetical order) to jump to all other web sites. Have a site you Emeritus o Leaving o New · Emergency Alert o WVU Alert Web site o WVU Phone/Email Alert o Monongalia County

Mohaghegh, Shahab

22

Energy Citations Database (ECD) - Alerts Registration  

Office of Scientific and Technical Information (OSTI)

Registration Registration To be able to receive alerts from the ECD, please fill in and submit an Alerts Registration. Please note that passwords expire 6 months after registration. At this time you will be required to change your password in order to continue to receive Alert notification(s). After submitting an Alerts Registration, you will receive an e-mail indicating that the Alerts Registration has been successfully submitted and received. This e-mail will also provide instructions for confirming your e-mail address. After you have confirmed your e-mail address, you will be able to make an Alert Request. If you have previously registered, you may Log On. Please remember your E-mail Address and Password for future use. E-mail Address Password** Repeat Password** Submit Registration Clear Registration

23

Information Bridge: DOE Scientific and Technical Information - Alerts FAQ  

Office of Scientific and Technical Information (OSTI)

Frequently Asked Questions (FAQs) Frequently Asked Questions (FAQs) What is an Information Bridge (IB) Alert? Is there a charge for receiving Alerts? How do I register to receive an Alert? and how do I renew my registration? How do I request, revise, or cancel an Alert? How often will I receive an Alert? Where can I find a summary of my Alerts? And how long is my summary available? What do I do if I do not receive an Alert that I am expecting? What are the password requirements to receive Alerts? What do I do if I have forgotten my Alerts password? How do I change my Alerts password? How do I change my Alerts e-mail address? How do I cancel my registration for Alerts? How do I get help with IB Alerts? How do I get help with IB? What other databases/products are available from DOE's Office of

24

E-print Network Alerts Help -- Energy, science, and technology for the  

Office of Scientific and Technical Information (OSTI)

Alerts Help Alerts Help Alerts will make your recurring searches even easier by automating your search and sending you the results on a regular basis. To receive alerts on your topic(s) of interest, simply create an Alerts account, specify your alert parameters and check your email. For additional information, please choose from one of the below help topics. Alerts Help Topics: Creating an Alerts account Alerts Homepage Create an alert Creating an alert from your search Receiving alerts Viewing alerts Selecting printing, emailing, and exporting alerts Storing alerts Modifying alerts Deleting an alert Alerts Search Tips E-print Network Alerts Fast Facts You can easily create an alert right from the results page. Alerts run automatically, based on the schedule you choose. New relevantly ranked results are automatically sent to you through

25

E-print Network Alert Service  

Office of Scientific and Technical Information (OSTI)

E-print Web Log E-print Web Log alert image About Search Browse by Discipline Find Scientific Societies Receive E-print Alerts Contact Us Help Home Site Map OSTI DOE Welcome to E-print Alerts! This feature can be used to automatically keep abreast of the latest e-prints posted on ArXiv databases as well as a number of other science and engineering databases and Web sites, based on a search profile you submit to us. You can even receive new postings from a number of sites by submitting a single profile based on your specific area of interest. The Service is free, and you can create as many profiles as you wish. Simply register for the Service and create your search strategies for your profiles. This will be run against all selected databases and Web sites, and you will receive a weekly Alert via e-mail with the results of your automatic profile search.

26

PNNL: EDO - SBIR Alerting Service Archive  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

SBIR Alerting Service Back Issues SBIR Alerting Service Back Issues NOTICE - This service has been discontinued, effective October 1, 2013. Federal R&D funding is available through the Small Business Innovative Research and Small Business Technology Research (SBIR/STTR) Programs. The SBIR/STTR Alerting Service was a free service that provided bi-weekly notification of SBIR and STTR solicitation announcements, news and information, and Internet resources relevant to the SBIR/STTR programs. This service was provided by the Economic Development Office of Pacific Northwest National Laboratory (PNNL). To receive tips on SBIR/STTR proposals and project execution from the Greenwood Consulting Group, send an email to: gail-jim@g-jgreenwood.com with "subscribe" in the subject line.

27

E-Print Network 3.0 - alert augmented learning Sample Search...  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Meeting MINUTES JAN. 12, 2006 8:15 AM Summary: . Academic Alert System Update A. Gillman provided the following update on the Academic Alert System... : Academic Alert...

28

Information Bridge: DOE Scientific and Technical Information - Alerts  

Office of Scientific and Technical Information (OSTI)

Alerts Registration Alerts Registration To be able to receive alerts from the Information Bridge:DOE Scientific and Technical Information, please fill in and submit an Alerts Registration. Please note that passwords expire 6 months after registration. At this time you will be required to change your password in order to continue to receive Alert notification(s). After submitting an Alerts Registration, you will receive an e-mail indicating that the Alerts Registration has been successfully submitted and received. This e-mail will also provide instructions for confirming your e-mail address. After you have confirmed your e-mail address, you will be able to make an Alert Request. If you have previously registered, you may Log On. Please remember your E-mail Address and Password for future use.

29

Telecommunications Emergency Alert System (EAS) Radio  

E-Print Network [OSTI]

Telecommunications Emergency Alert System (EAS) Radio 1. Send completed form to Mail Stop will be charged for a replacement. If the radio malfunctions, please contact Telecommunications. Texas A Departmental Approval Signature Date Service Date Desired Telecommunications Office Use Only Service Due Date

30

Classification of intrusion detection alerts using abstaining classifiers  

Science Journals Connector (OSTI)

Intrusion Detection Systems have been observed to trigger an abundance of false positives, that is alerts not reporting security problems. Assuming that in real installations most of the alerts are reviewed by human security analysts in a timely manner, ... Keywords: Intrusion detection, abstaining classifiers, alert classification, false positives

Tadeusz Pietraszek

2007-08-01T23:59:59.000Z

31

V-001: Mozilla Security vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

32

Find Us Links | OSTI, US Dept of Energy, Office of Scientific...  

Office of Scientific and Technical Information (OSTI)

Find Us Links Subscribe to RSS Mobile Gallery OSTI Blog Get Alert Services Go to Videos OSTI Facebook OSTI Twitter OSTI Google+ (Link will open in a new window) Bookmark and Share...

33

MANAGEMENT ALERT Remediation of Selected Transuranic Waste Drums...  

Office of Environmental Management (EM)

MANAGEMENT ALERT Remediation of Selected Transuranic Waste Drums at Los Alamos National Laboratory - Potential Impact on the Shutdown of the Department's Waste Isolation Plant DOE...

34

Application of Security Ontology to Context-Aware Alert Analysis  

Science Journals Connector (OSTI)

With rapid development of computer networks, users need a new solution for network security management, aiming at integration. This paper focuses on context-aware alert analysis, which is one of its key functionalities. A practical and efficient approach ... Keywords: network security management, context-aware alert analysis, security ontology

Hui Xu; Debao Xiao; Zheng Wu

2009-06-01T23:59:59.000Z

35

Alert Service Sends International Research to Public Desktops | OSTI, US  

Office of Scientific and Technical Information (OSTI)

Alert Service Sends International Research to Public Desktops Alert Service Sends International Research to Public Desktops NEWS MEDIA CONTACT: Cathey Daniels, (865) 576-9539 FOR IMMEDIATE RELEASE April 4, 2006 Alert Service Sends International Research to Public Desktops Oak Ridge, TN - Citizens can set up a free e-mail alert account and receive information on a wide variety of energy-related research through a new U.S. Department of Energy (DOE) developed service. Users can target information of interest, and then choose whether to receive updates on a weekly, biweekly, monthly, quarterly or annual basis. Registration is required. The alert service can be accessed through ETDEWEB or Energy Technology Data Exchange World Energy Base. Information is available from 16 ETDE member countries plus other international partners, including research on energy

36

Management Alert: IG-0864 | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

IG-0864 IG-0864 Management Alert: IG-0864 May 17, 2012 Extended Assignments at Princeton Plasma Physics Laboratory Princeton University operates the Princeton Plasma Physics Laboratory (Princeton) under a contract with the Department of Energy's Office of Science. Princeton works with partners around the world to develop fusion as an energy source. The Laboratory's annual operating costs are about $80 million, all of which is reimbursed by the Department. On May 8, 2012, we issued a separate contract audit report on Audit Coverage of Cost Allowability for Princeton Plasma Physics Laboratory during Fiscal Years 2009-2010 under Department of Energy Contract Numbers DE-AC02-76CH03073 and DE-AC02-09CH11466 (OAS-V-12-06, May 2012). One of the objectives of that audit was to determine whether questioned costs and

37

Management Alert: IG-0864 | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

IG-0864 IG-0864 Management Alert: IG-0864 May 17, 2012 Extended Assignments at Princeton Plasma Physics Laboratory Princeton University operates the Princeton Plasma Physics Laboratory (Princeton) under a contract with the Department of Energy's Office of Science. Princeton works with partners around the world to develop fusion as an energy source. The Laboratory's annual operating costs are about $80 million, all of which is reimbursed by the Department. On May 8, 2012, we issued a separate contract audit report on Audit Coverage of Cost Allowability for Princeton Plasma Physics Laboratory during Fiscal Years 2009-2010 under Department of Energy Contract Numbers DE-AC02-76CH03073 and DE-AC02-09CH11466 (OAS-V-12-06, May 2012). One of the objectives of that audit was to determine whether questioned costs and

38

Management Alert: IG-0871 | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

IG-0871 IG-0871 Management Alert: IG-0871 October 3, 2012 The 2020 Vision One System Proposal for Commissioning and Startup of the Waste Treatment and Immobilization Plant The Department of Energy (Department) is considering a proposal known as the 2020 Vision One System (2020 Vision) that would implement a phased approach to commissioning the $12.2 billion Waste Treatment and Immobilization Plant (WTP) including making the Low-Activity Waste (LAW) facility operational approximately 15 months before commissioning the remainder of the project. Although the implementation of the phased approach offers potential benefits, early operation of the LAW facility presents significant cost, technological and permitting risks that could adversely affect the overall success of the Office of the River Protection

39

Commercial Mobile Alerting System (CMAS) CMAS is the system interface to the Wireless Emergency Alerts (WEA) service that wireless carriers  

E-Print Network [OSTI]

Commercial Mobile Alerting System (CMAS) CMAS is the system interface to the Wireless Emergency Presidential, AMBER, and Imminent Threat alerts to mobile phones using cell broadcast technology mobile devices with CMAS/WEA capability included. While not all handsets now on the market are capable

Meyers, Steven D.

40

Alert! Industry and Academia - The Energy Department Seeks Your Novel  

Broader source: Energy.gov (indexed) [DOE]

Alert! Industry and Academia - The Energy Department Seeks Your Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems January 7, 2014 - 12:37pm Addthis Alert! Industry and Academia — The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Do you care about power and our environment? Are you buzzing with innovative ideas? If so, the Energy Department wants to hear your new and creative concepts for improving the cost and performance of power or industrial systems that depend on fossil energy. Please note that this is a request for information (RFI) only; it is NOT a request for proposals. Your response may be used to guide the planned funding opportunity announcement (FOA) that will be issued at a later date

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

Alert! Industry and Academia - The Energy Department Seeks Your Novel  

Broader source: Energy.gov (indexed) [DOE]

Alert! Industry and Academia - The Energy Department Seeks Your Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems January 7, 2014 - 12:37pm Addthis Alert! Industry and Academia — The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Do you care about power and our environment? Are you buzzing with innovative ideas? If so, the Energy Department wants to hear your new and creative concepts for improving the cost and performance of power or industrial systems that depend on fossil energy. Please note that this is a request for information (RFI) only; it is NOT a request for proposals. Your response may be used to guide the planned funding opportunity announcement (FOA) that will be issued at a later date

42

Earthquake Alerting in California Prof. of Engineering Seismology  

E-Print Network [OSTI]

Alerting ... a different kind of prediction · What if earthquakes were really slow, like the weather? · We plan · Develop standards and performance metrics · Add staff for support and operation · Build computer

Greer, Julia R.

43

Register for Fossil Energy NewsAlerts | Department of Energy  

Office of Environmental Management (EM)

of the U.S. Department of Energy's Office of Fossil Energy. Each time we update our web site in your area of interest, we will send you a brief e-mail alerting you to the new...

44

EVALUATION RESULT OF THE ALERT-2 RURAL INTERSECTION  

E-Print Network [OSTI]

.8Wh Battery Capacity 67Wh 1248Wh Days of Storage Without Charge 7 days 45 days Solar Panel 14W 20W energy source (solar and/or wind) · Utilize LED blinker signs #12;Lismore/Lakewood Rd Intersection #12;Battery Power ALERT-1 ALERT-2 Average Daily Power Demand 26Wh 36Wh Battery Capacity 106Wh 2,688Wh Days

Minnesota, University of

45

EERE News: EERE Progress Alerts http://www1.eere.energy.gov/news/progress_alerts/progress_alert.asp... 1 of 1 4/3/07 12:29 PM  

E-Print Network [OSTI]

EERE News: EERE Progress Alerts http://www1.eere.energy.gov/news/progress_alerts/progress_alert.asp... 1 of 1 4/3/07 12:29 PM Search Help More Search Options EERE Information Center Printable Version New Industrial Technologies Program within EERE, are run by 26 universities and provide no-cost energy

Hochberg, Michael

46

health reform mattersTM alert ATTORNEY ADVERTISINGropesgray.com  

E-Print Network [OSTI]

health reform mattersTM alert ATTORNEY ADVERTISINGropesgray.com On March 23, President Obama signed is tracking the myriad other developments of the new health reform law. You can find a wide range of related material, including enacting language, implementing documents, and analysis through the Health Reform

Chapman, Michael S.

47

Technical Implementation Plan for the ShakeAlert Production System--An Earthquake Early Warning  

E-Print Network [OSTI]

Technical Implementation Plan for the ShakeAlert Production System--An Earthquake Early Warning.scec.org/terashake). #12;Technical Implementation Plan for the ShakeAlert Production System--An Earthquake Early Warning for the ShakeAlert production system--An Earthquake Early Warning system for the West Coast of the United States

Allen, Richard M.

48

Science.gov Alerts Help Track Latest Science Information | OSTI, US Dept of  

Office of Scientific and Technical Information (OSTI)

Alerts Help Track Latest Science Information Alerts Help Track Latest Science Information NEWS MEDIA CONTACT: Cathey Daniels, (865) 576-9539 FOR IMMEDIATE RELEASE March 1, 2006 Science.gov Alerts Help Track Latest Science Information Oak Ridge, TN - The Science.gov Alert Service has been updated to take advantage of the new Science.gov 3.0 query capabilities. The Alert Service tracks the latest information on your science topics of interest and delivers that information to your desktop e-mail each Monday. The Alert Service is free, and registration is available at the Science.gov home page. New Science.gov query capabilities allow you to better define your search terms by using phrases, date ranges and more. Once you have defined your search terms and set your alert, Science.gov will do your searching for you

49

ADVISORY ALERT: Dekker, Ltd. Digital Signature - PARS II Reporting  

Broader source: Energy.gov (indexed) [DOE]

ADVISORY ALERT: Dekker, Ltd. Digital Signature - PARS II Reporting ADVISORY ALERT: Dekker, Ltd. Digital Signature - PARS II Reporting As you know, to run reports in the PARS II, users must install an active X control to their workstations. The FIRST TIME a user attempts to run a report after installing the Active X control, a Security Warning will appear stating: That warning appears because, although the digital signature is valid, the digital signature is from a publisher (in this case Dekker, Ltd.) whom you have not yet chosen to trust. The following steps instruct you how to clear the security warning so that you may continue working with PARS II reports. Please note: Once you complete the process of accepting the Dekker, LTd. digital signature, this warning will not re-appear. This process must be done ONCE to "inform" your PC that Dekker, LTd. is an

50

U-250: Wireshark DRDA Dissector Flaw Lets Remote Users Deny Service...  

Broader source: Energy.gov (indexed) [DOE]

Wireshark Bug Database - Bug 7666 SecurityTracker Alert ID: 1027464 Bugtraq ID: 55284 Red Hat Bugzilla - Bug 849926 CVE-2012-3548 IMPACT ASSESSMENT: Medium Discussion: An...

51

Geothermal: Related Links  

Office of Scientific and Technical Information (OSTI)

E-print Network Sign up for weekly E-print Alerts on a topic of interest Bonneville Power Administration California Energy Commission California Energy Commission (Geothermal...

52

Management Alert - Extended Assignments at Princeton Plasma Physics Laboratory  

Broader source: Energy.gov (indexed) [DOE]

Extended Assignments at Princeton Extended Assignments at Princeton Plasma Physics Laboratory DOE/IG-0864 May 2012 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 May 17, 2012 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Management Alert on "Extended Assignments at Princeton Plasma Physics Laboratory" BACKGROUND Princeton University operates the Princeton Plasma Physics Laboratory (Princeton) under a contract with the Department of Energy's Office of Science. Princeton works with partners around the world to develop fusion as an energy source. The Laboratory's annual operating costs

53

Resources & Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Project Western Interconnection Synchrophasor Project Resources & Links Demand Response Energy Efficiency Emerging Technologies Smart grid fact sheet Department of...

54

U-210: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

10: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service 10: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service U-210: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service July 11, 2012 - 7:00am Addthis PROBLEM: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service PLATFORM: Version(s): 2.6.x ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027237 SecurityTracker Alert ID: 1027240 Red Hat advisory CVE-2012-3375 IMPACT ASSESSMENT: Medium Discussion: The Linux kernel's Event Poll (epoll) subsystem does not properly handle resource clean up when an ELOOP error code is returned. A local user can exploit this to cause the target system to crash. Impact: A local user can cause the target system to crash.

55

U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic 259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: RSA BSAFE SSL-C prior to 2.8.6 ABSTRACT: RSA BSAFE SSL-C Multiple Vulnerabilities reference LINKS: Secunia Advisory SA50601 SecurityTracker Alert ID: 1027514 SecurityTracker Alert ID: 1027513 CVE-2011-3389 CVE-2012-2110 CVE-2012-2131 IMPACT ASSESSMENT: High Discussion: EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can

56

U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

8:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated 8:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges December 23, 2011 - 8:45am Addthis PROBLEM: Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.2) Red Hat Enterprise Linux Server EUS (v. 6.2.z) Red Hat Enterprise Linux Workstation (v. 6) ABSTRACT: A local privileged user on the guest operating system can obtain elevated privileges on the target system. reference LINKS: Red Hat kernel security and bug fix update SecurityTracker Alert ID: 1026453 SecurityTracker Alert ID: 1026454

57

V-028: Splunk Multiple Cross-Site Scripting and Denial of Service  

Broader source: Energy.gov (indexed) [DOE]

8: Splunk Multiple Cross-Site Scripting and Denial of Service 8: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities V-028: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities November 20, 2012 - 2:00am Addthis PROBLEM: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities PLATFORM: Splunk versions 4.3.5 and 5.0 ABSTRACT: Splunk is prone to multiple vulnerabilities REFERENCE LINKS: SecurityTracker Alert ID: 1027785 SecurityTracker Alert ID: 1027784 Bugtraq ID: 56581 Secunia Advisory SA51337 Secunia Advisory SA51351 Splunk Vulnerability Descriptions IMPACT ASSESSMENT: Medium DISCUSSION: Splunk is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions

58

V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site 2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code October 29, 2012 - 6:00am Addthis PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code PLATFORM: Firefox, Thunderbird, SeaMonkey ABSTRACT: Three vulnerabilities were reported in Mozilla Firefox. REFERENCE LINKS: Mozilla Foundation Security Advisory 2012-90 SecurityTracker Alert ID: 1027701 SecurityTracker Alert ID: 1027702 Advisory: RHSA-2012:1407-1 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 IMPACT ASSESSMENT: High DISCUSSION: A remote user can exploit the valueOf() method of window.location to, in

59

V-125: Cisco Connected Grid Network Management System Multiple  

Broader source: Energy.gov (indexed) [DOE]

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

60

V-125: Cisco Connected Grid Network Management System Multiple  

Broader source: Energy.gov (indexed) [DOE]

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site 2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code October 29, 2012 - 6:00am Addthis PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code PLATFORM: Firefox, Thunderbird, SeaMonkey ABSTRACT: Three vulnerabilities were reported in Mozilla Firefox. REFERENCE LINKS: Mozilla Foundation Security Advisory 2012-90 SecurityTracker Alert ID: 1027701 SecurityTracker Alert ID: 1027702 Advisory: RHSA-2012:1407-1 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 IMPACT ASSESSMENT: High DISCUSSION: A remote user can exploit the valueOf() method of window.location to, in

62

Localized 1H MR Spectroscopy in the alert monkey at 7 Tesla J. Pfeuffer1  

E-Print Network [OSTI]

Localized 1H MR Spectroscopy in the alert monkey at 7 Tesla J. Pfeuffer1 , C. Juchem1 , H. Merkle2-voxel 1 H MRS in the alert monkey using a 7 T MR system with a vertical bore. Typically , N. K. Logothetis1 1 Department Physiology of Cognitive Processes, Max Planck Institute

Jegelka, Stefanie

63

Training rats to search and alert on contraband odors James Ottoa,*  

E-Print Network [OSTI]

Training rats to search and alert on contraband odors James Ottoa,* , Michael F. Brownb , William experiments that were conducted to test a new concept using rats to detect contraband odors, such as explosives, drugs, or prohibited foodstuffs. Under this concept, the trained alerting behavior of rats

Cook, Robert

64

Using Groupings of Static Analysis Alerts to Identify Files Likely to Contain Field Failures  

E-Print Network [OSTI]

. INTRODUCTION Static analysis is the process of evaluating a system or component based on its form, structure of static analysis alerts reported by the static analyzer could overwhelm the development team. CertainUsing Groupings of Static Analysis Alerts to Identify Files Likely to Contain Field Failures Mark S

Sherriff, Mark S.

65

Nanotechnology Alert. Nanofountain for Treatment of Cancer; Nanocomposites To Improve Computers' Life Span; Lithium Sulfur Batteries Using Nanocarbon  

E-Print Network [OSTI]

Nanotechnology Alert. Nanofountain for Treatment of Cancer; Nanocomposites To Improve Computers/29/2009 Nanotechnology Alert. Nanofountain f... frost.com/.../market-service-segment... 1/2 #12;Learn how we can provide/29/2009 Nanotechnology Alert. Nanofountain f... frost.com/.../market-service-segment... 2/2 #12;

Espinosa, Horacio D.

66

AFRD - Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links Links Home Organization Diversity Research Highlights Safety Links Intramural Links Accelerators are built, operated, and used by a large and diverse worldwide community. These links will take you to pages elsewhere that are related to AFRD’ work. The U.S. Department of Energy, Office of Science, is the principal supporter of our activities (and many other R&D endeavors). For information on the Joint Accelerator Conferences go to JACoW. The International Committee for Future Accelerators and the American Physical Society’ Division of Physics of Beams are among the organizations that advance, encourage, and communicate accelerator and beam science. The Laboratory's 50th Anniversary magazine gives an overview of the early and middle history of LBNL. Two of its authors later published the

67

Diesel Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links Links Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Diesel Vehicles and Manufacturers Audi A3 (TDI models) A6 (TDI models) A7 (TDI models) A8 L (TDI model) Q5 (TDI models) Q7 (TDI models) BMW 328d Sedan 328d xDrive Sedan 328d xDrive Sports Wagon 535d Sedan 535d xDrive Sedan Chevrolet Cruze Turbo Diesel Jeep Grand Cherokee EcoDiesel Mercedes-Benz E250 BlueTEC GL350 BlueTEC GLK250 BlueTEC ML350 BlueTEC Porsche Cayenne Diesel Volkswagen Beetle (TDI models) Beetle Convertible (TDI models) Golf (TDI models) Jetta (TDI models) Jetta Sportwagen (TDI models) Passat (TDI models) Touareg (TDI models) Diesel-Related Information

68

Gas chromatograph monitors for VCM, automatically alerts emergency team  

SciTech Connect (OSTI)

Delaware City, located on the Delaware River with a metropolitan population of around 100,000, has played host to numerous companies in the CPI. The community has witnessed the expansion to a current level of eleven plants and a large oil refinery. Identified by the DNREC as possibly the most serious of recent problems was the potential for release of vinyl chloride monomer (VCM) gas. VCM is a recognized carcinogen and is considered a hazardous waste and a priority pollutant by the EPA. A Citizens' Advisory Committee recommended that a permanent air monitor for detection of VCM be strategically located in Delaware City. It needed to be capable of detecting VCM at 50 ppb and utilize a suitable alarm procedure to alert the public. The committee also recommended the use of a mobile monitor equipped to track a VCM release which could by-pass the Delaware City monitor and threaten nearby residents during certain wind conditions. A gas chromatography with photoionization detector (PID) was selected based on the required specifications and on commercial availability. The Delaware City firehouse was selected as the most publicly acceptable location with sufficient security and unobstructed sampling at an adequate height. The air in Delaware City has been monitored continuously since December 9, 1985. As of April, 1986, the instrument has completed, 30,000 combined sample and calibration runs. No unusual problems have been encountered with maintenance or with anomalous data. It has required only routine service, surpassing the manufacturer's guarantees for parts and service.

Rogers, J.C.; Ormond, D.L.

1986-09-01T23:59:59.000Z

69

The Trigger Algorithm for the Burst Alert Telescope on Swift  

E-Print Network [OSTI]

The Swift Burst Alert Telescope (BAT) is a huge (5200 cm2) coded aperture imager that will detect gamma-ray bursts in real time and provide a location that the Swift satellite will use to slew the optical and x-ray telescopes. The huge size of BAT is a challenge for the on-board triggering: a change as small as 1% is equivalent to a 1 sigma statistical variation in 1 second. There will be three types of triggers, two based on rates and one based on images. The first type of trigger is for short time scales (4 msec to 64 msec). These will be traditional triggers (single background) and we check about 25,000 combinations of time-energy-focal plane subregions per second. The second type of trigger will be similar to what is used on HETE: fits to multiple background regions to remove trends for time scales between 64 msec and 64 seconds. About 500 triggers will be checked per second. For these rate triggers, false triggers and variable non-GRB sources will be rejected by requiring a new source to be present in an...

Fenimore, E; Galassi, M; Gehrels, N; Palmer, D; Parsons, A; Tavenner, T; Tller, J

2004-01-01T23:59:59.000Z

70

OSTI Announces Alert Service for arXiv Patrons | OSTI, US Dept of Energy,  

Office of Scientific and Technical Information (OSTI)

Announces Alert Service for arXiv Patrons Announces Alert Service for arXiv Patrons March 2005 Oak Ridge, TN - The Office of Scientific and Technical Information (OSTI) is pleased to announce implementation of an Alert Service that serves patrons of arXiv, a source in the fields of physics, mathematics, non-linear science, computer science, and quantitative biology. ArXiv, a service of Cornell University Library System, is one of the sources included in OSTI's E-print Network. Through this Alert Service, patrons can subscribe to be automatically notified of the latest information posted on arXiv, as well as other e-print sources in the E-print Network. A special interface is provided for arXiv patrons through the E-print Network. E-print Network is a vast, integrated network of electronic scientific and

71

Alert Services | OSTI, US Dept of Energy, Office of Scientific and  

Office of Scientific and Technical Information (OSTI)

Alert Services Alert Services Get weekly e-mail notification of new information about your specific area(s) of interest. Simply register for the service on one or all of the OSTI products described below and then sign up for topic(s) which will be matched automatically against each new weekly update. E-Print Network E-print Network Alerts Searchable gateway to over 5 million e-print documents and over 32,000 websites and databases worldwide. OSTIblog E-mail notifications OSTIblog E-mail Notifications Automatic notifications by e-mail when new OSTIblog articles are posted to the OSTI website. Science Accelerator Science Accelerator Alerts Searchable gateway to key DOE/OSTI resources that contain research and development results, project descriptions, accomplishments, and more.

72

Evaluating the utilization of Twitter messages as a source of security alerts  

Science Journals Connector (OSTI)

The fast spread of computer security alerts, like vulnerabilities notifications, applications updates and threats of attacks, is essential to the implementation of efficient reactive measures against security incidents. This paper presents an empirical ... Keywords: information retrieval, microblogs, security

Rodrigo Campiolo; Luiz Arthur F. Santos; Daniel Macdo Batista; Marco Aurlio Gerosa

2013-03-01T23:59:59.000Z

73

MIDC: Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links Links Other Data Collection Activities Baseline Surface Radiation Network (BSRN) Clear Sky Forcast for NREL/SRRL (or other locations) Colorado Dept. of Public Health & Environment: Air Quality Index (AQI) Reporting System Colorado State University: USDA UV-B Monitoring and Research Program European Skynet Radiometers network (ESR) Jefferson County, Colorado: Jeffco Weather Station NOAA: Climate Monitoring & Diagnostics Laboratory (CMDL) NREL OTF: Reference Meteorological and Irradiance System (RMIS) NREL RReDC: Cooperative Networks for Renewable Resource Measurements (CONFRRM) NREL RReDC: NASA Remote Sensing Validation Data: Saudi Arabia Rocky Mountain Arsenal (RMA): National Wildlife Refuge Sandia National Laboratories: Photovoltaic Systems Evaluation

74

Federal technology alert. Parabolic-trough solar water heating  

SciTech Connect (OSTI)

Parabolic-trough solar water heating is a well-proven renewable energy technology with considerable potential for application at Federal facilities. For the US, parabolic-trough water-heating systems are most cost effective in the Southwest where direct solar radiation is high. Jails, hospitals, barracks, and other facilities that consistently use large volumes of hot water are particularly good candidates, as are facilities with central plants for district heating. As with any renewable energy or energy efficiency technology requiring significant initial capital investment, the primary condition that will make a parabolic-trough system economically viable is if it is replacing expensive conventional water heating. In combination with absorption cooling systems, parabolic-trough collectors can also be used for air-conditioning. Industrial Solar Technology (IST) of Golden, Colorado, is the sole current manufacturer of parabolic-trough solar water heating systems. IST has an Indefinite Delivery/Indefinite Quantity (IDIQ) contract with the Federal Energy Management Program (FEMP) of the US Department of Energy (DOE) to finance and install parabolic-trough solar water heating on an Energy Savings Performance Contract (ESPC) basis for any Federal facility that requests it and for which it proves viable. For an ESPC project, the facility does not pay for design, capital equipment, or installation. Instead, it pays only for guaranteed energy savings. Preparing and implementing delivery or task orders against the IDIQ is much simpler than the standard procurement process. This Federal Technology Alert (FTA) of the New Technology Demonstration Program is one of a series of guides to renewable energy and new energy-efficient technologies.

NONE

1998-04-01T23:59:59.000Z

75

SBIR/STTR ALERTING SERVICE --October 8, 2010 The SBIR/STTR Alerting Service is a free service that provides bi-weekly notification of SBIR and STTR  

E-Print Network [OSTI]

topics will soon be added to the included in SBIR Topic Search Engine. -- DOT FY11.1 SBIR Solicitation,000 each. Phase II and Phase IIB awards will be either cost plus fixed-fee or fixed fee contracts or some Smartphone Signal Alert Status 111.1-FH2 Augmenting Inductive Loop Vehicle Sensor Data with SPAT and Gr

76

De-alerting of U.S. nuclear forces: a critical appraisal  

SciTech Connect (OSTI)

Since the end of the Cold War, there have been pressures by disarmament advocates to move more quickly to draw down, toward zero, the number of nuclear weapons in U.S. and Russian arsenals. They criticize the process of negotiating arms control agreements as being too slow, and point out that treaty implementation is hampered by the necessity of ratification by the U.S. Senate and Russian Duma. One method of moving more rapidly toward nuclear abolition suggested by some analysts is de-alerting of nuclear-weapon delivery systems. De-alerting is defined as taking steps that increase significantly the time required to launch a given delivery vehicle armed with a nuclear warhead. Although there is little inclination by the U.S. Government to de-alert its nuclear forces at present, some academic literature and press stories continue to advocate such steps. This paper offers a critique of de-alerting proposals together with an assessment of the dangers of accidental, unauthorized, or unintended use of nuclear weapons. It concludes that de-alerting nuclear forces would be extremely de-stabilizing, principally because it would increase the value to an opponent of launching a first strike.

Bailey, K C; Barish, F

1998-08-21T23:59:59.000Z

77

Management Alert on Protective Force Training Facility Utilization at the Pantex Plant, IG-0855  

Broader source: Energy.gov (indexed) [DOE]

Management Alert on Protective Management Alert on Protective Force Training Facility Utilization at the Pantex Plant DOE/IG-0855 September 2011 Department of Energy Washington, DC 20585 September 27, 2011 MEMORANDUM FOR THE ADMINISTRATOR, NATIONAL NUCLEAR SECURITY ADMINISTRATION FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Management Alert on "Protective Force Training Facility Utilization at the Pantex Plant" IMMEDIATE CONCERN As part of our ongoing audit to determine whether the Department of Energy is effectively utilizing its protective force training facilities, we determined that the National Nuclear Security Administration's (NNSA) Office of Secure Transportation (OST) plans to spend approximately $2 million for a new Physical Training/Intermediate Use of Force (PT/IUF) facility at the Pantex

78

e-Alert from Fermilab Education Office Sept 2013 - Spring 2014  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Program E-Alert - September 2013 - Spring 2014 Program E-Alert - September 2013 - Spring 2014 Calendar * What we're planning * What we're reading ed.fnal.gov Spread the word to your colleagues. Find interesting opportunities and resources in the Fermilab Education Office E-Alert newsletter. E-mail sdahl@fnal.gov to be added to or deleted from our mailing list. Calendar Watch our website for details on these future events. September 25, 2013 - STEM Family Night Planning Workshop October 24-26, 2013 - ISEC, Tinley Park, IL Mid-November 2013 - FFSE Online Scholarship application opens. Spring 2014 -- Save the date for future events. What we're planning STEM Family Night Planning Workshop September 25, 2013 - 7:00 p.m.-9:30 p.m. ed.fnal.gov/sciadv Is your organization (school, PTA, library or co-op) planning a STEM Family

79

Recovery Act Energy Home Improvement Loan Scam Alert | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Recovery Act Energy Home Improvement Loan Scam Alert Recovery Act Energy Home Improvement Loan Scam Alert Recovery Act Energy Home Improvement Loan Scam Alert May 24, 2010 - 1:05pm Addthis The U.S. Department of Energy is aware of fraudulent solicitations being received through the United States Postal Service that solicit personal information for purported "Federal Energy Home Improvement Loans" under the American Reinvestment and Recovery Act. These solicitations falsely appear to be on U.S. Department of Energy letterhead, and offer recipients the prospect of obtaining up to a $50,000 loan. A sample of the fraudulent solicitation can be found here. Should you receive such a solicitation, you should not return the enclosed application, but instead report the matter immediately in one of the following manners:

80

Design of Electric or Hybrid vehicle alert sound system for pedestrian  

E-Print Network [OSTI]

Design of Electric or Hybrid vehicle alert sound system for pedestrian J.-C. Chamard and V, France 1691 #12;The arrival of fully or hybrid electric vehicles raised safety problems respect the environment to warn of his approach. However, hybrid and electric vehicles can potentially be dangerous

Boyer, Edmond

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Securing Offshore Infrastructures Through a Global Alert and Graded Response System  

E-Print Network [OSTI]

1 « SARGOS » Securing Offshore Infrastructures Through a Global Alert and Graded Response System and graded response system to answer the recent but strong need for securing critical civilian offshore of their 2009 global safety program (CSOSG). 1. Introduction Offshore oil installations are critical energy

Paris-Sud XI, Université de

82

Alerting Humanitarians to Emergencies MOSCOW, Jan 15 (Reuters) -Russia on Thursday declined Japanese pleas to  

E-Print Network [OSTI]

Alerting Humanitarians to Emergencies MOSCOW, Jan 15 (Reuters) - Russia on Thursday declined failed to agree on the site. The plant would generate energy the same way the sun does. Russia and China. Japanese Science Minister Takeo Kawamura was in Moscow on Thursday for closed-door talks with Russia

83

SEVERE WEATHER EXPLOSION HAZARDOUS MATERIALS Alert people in the immediate area to  

E-Print Network [OSTI]

SEVERE WEATHER EXPLOSION HAZARDOUS MATERIALS EVACUATE · Alert people in the immediate area not operate any electrical devices, phones, appliances, light switches, or equipment with open flames within the affected area EVACUATE · Leave area and go to an exterior location where you can call 911 from a land line

Karonis, Nicholas T.

84

U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

3: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote 3: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges August 13, 2012 - 7:00am Addthis PROBLEM: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges PLATFORM: Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 ABSTRACT: A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system. Reference LINKS: Oracle Security Alert Oracle Security Alert - CVE-2012-3132 Risk Matrices SecurityTracker Alert ID: 1027367 CVE-2012-3132 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Oracle Database. This vulnerability is not

85

Assessment of Load and Energy Reduction Techniques (ALERT) Retrocommissioning Case Study of Two National Renewable Energy Laboratory (NREL) Sites  

E-Print Network [OSTI]

Portland Energy Conservation Incorporated (PECI) in conjunction with the National Renewable Energy Laboratory (NREL) staff performed an Assessment of Load and Energy Reduction Techniques (ALERT) retrocommissioning evaluation on several buildings...

Luskay, L.; Haasl, T.; Schwab, J.; Beattie, D.

2003-01-01T23:59:59.000Z

86

Development of a High-Preceision ADS-B Based Conflict Alerting System for Operations in the Airport Enviornment  

E-Print Network [OSTI]

The introduction of Automatic Dependent Surveillance - Broadcast (ADS-B) as the future source of aircraft surveillance worldwide provides an opportunity to introduce high-precision airborne conflict alerting systems for ...

Kunzi, Fabrice

2013-11-07T23:59:59.000Z

87

U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets...  

Broader source: Energy.gov (indexed) [DOE]

The Linux Kernel Archives CVE-2011-4131 SecurityTracker Alert ID: 1026324 Linux Kernel PATCH 11 NFSv4 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in the...

88

Microsoft Word - Energy Market Alert Jan 25 2013 - Northeast _public version_ final.docx  

U.S. Energy Information Administration (EIA) Indexed Site

Northeastern Winter Natural Gas and Electricity Alert Friday January 25, 2013 Current status of natural gas and electricity markets in New York and New England For questions or comments about this report, please contact Christopher.Peterson@eia.gov. Temperature: Both NYC and Boston expect continuing cold temperatures during the day today. Beginning tonight, temperatures are forecast to be moderate, with lows of 18°F in NYC and 15°F in Boston. Next week is expected to be milder. Natural gas demand: Bentek forecasts that demand will remain at high levels through today. Natural gas constraints & LNG: Most pipelines from the west and south

89

SeizAlert could give patients 4.5 hour warning of seizure  

ScienceCinema (OSTI)

One percent of Americans, 3 million people, suffer from epilepsy. And their lives are about to be dramatically changed by scientists at Oak Ridge National Laboratory. For 15 years, Dr. Lee Hively has been working on "SeizAlert", a seizure-detecting device that resembles a common PDA. "It allows us to analyze scalp brain waves and give us up to 4.5 hours' forewarning of that event," he said. With the help of partner Kara Kruse, he's now able to help patients predict the previously unpredictable.

Dr. Lee Hively and Kara Kruse

2010-01-08T23:59:59.000Z

90

Protecting grids from cross-domain attacks using security alert sharing mechanisms  

Science Journals Connector (OSTI)

In single administrative domain networks there is only one security policy which can be evaluated by the IT security manager, thanks to monitoring and reporting tools. Grid networks are often composed of different administrative domains owned by different organizations dispersed globally. Such networks are referred to as multi-administrative domain networks. Each domain might have its own security policy and may not want to share its security data with less-protected networks, making it more complex to ensure the security of such networks and protecting them from cross-domain attacks. We propose a Security Event Manager (SEM) called the Grid Security Operation Center (GSOC), which facilitates IT security managers in giving a view of the security of the whole grid network without compromising confidentiality of security data. To do so, GSOC provides a security evaluation of each administrative domain (AD) and a parametric security alert sharing scheme. Alert sharing can then be tuned in order to meet local security policy rules.

Raheel Hassan Syed; Maxime Syrame; Julien Bourgeois

2013-01-01T23:59:59.000Z

91

Link Building Martin Olsen  

E-Print Network [OSTI]

Link Building Martin Olsen PhD Dissertation Department of Computer Science Aarhus University Denmark #12;#12;Link Building A Dissertation Presented to the Faculty of Science of Aarhus University The Computational Complexity of Link Building Proc. Computing and Combinatorics, 14th Annual International

92

Energy Links Page - EIA  

U.S. Energy Information Administration (EIA) Indexed Site

Publications & Reports > Energy Links Page Publications & Reports > Energy Links Page Related Energy Links Energy Companies Coal & Other Electricity Foreign Integrated Natural Gas Transmission, Distribution, and Marketing News Services and Periodicals Oil & Gas Exploration and Production Petroleum Refining, Marketing, and Transportation State Owned U.S. Integrated Government Agencies Other DOE National Laboratories Federal Energy States Universities Trade Associations & Other Trade Associations Other Associations International Statistics Energy Services Other Energy Sites EIA Links Disclaimer These pages contain hypertext links to information created and maintained by other public and private organizations. These links provide additional information that may be useful or interesting and are being provided consistent with the intended purpose of the EIA Web site. EIA does not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. EIA does not endorse the organizations sponsoring linked websites and we do not endorse the views they express or the products/services they offer.

93

Management Alert: OAS-M-12-03 | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

OAS-M-12-03 OAS-M-12-03 Management Alert: OAS-M-12-03 March 23, 2012 Purchase of Computers for the U.S. Department of Agriculture Forest Service at the Savannah River Site In October 2011, the OIG received a complaint that the U.S. Department of Agriculture (Agriculture) Forest Service - Savannah River (Forest Service) had purchased a number of computers under its Interagency Agreement (Agreement) with the Department of Energy's (Department) Savannah River Operations Office (SRO) that were not placed into use and were being stored in a manner that left them vulnerable to theft or misuse. We confirmed the existence of 17 Hewlett-Packard desktop computers that had been purchased in September 2010, by the Forest Service with SRO funds, with the intention of connecting the computers to the Savannah River Site

94

Management Alert: OAS-M-12-03 | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

OAS-M-12-03 OAS-M-12-03 Management Alert: OAS-M-12-03 March 23, 2012 Purchase of Computers for the U.S. Department of Agriculture Forest Service at the Savannah River Site In October 2011, the OIG received a complaint that the U.S. Department of Agriculture (Agriculture) Forest Service - Savannah River (Forest Service) had purchased a number of computers under its Interagency Agreement (Agreement) with the Department of Energy's (Department) Savannah River Operations Office (SRO) that were not placed into use and were being stored in a manner that left them vulnerable to theft or misuse. We confirmed the existence of 17 Hewlett-Packard desktop computers that had been purchased in September 2010, by the Forest Service with SRO funds, with the intention of connecting the computers to the Savannah River Site

95

Fire Prevention: Preventing fires is everyone's job. We all need to be alert to anything that could  

E-Print Network [OSTI]

- sparking tools, and control static electricity as required. 8. Help maintain building security to prevent emergency telephone numbers as well as the company address by the telephone in your station/desk for quick://www.uwinnipeg.ca/index/safety-hazard-alert Using a Portable Fire Extinguisher: #12;Portable Fire Extinguishers can be a useful tool to save lives

Martin, Jeff

96

http://zetoc.mimas.ac.uk/cgi-bin/wayf?A-1 Quick Reference Guide to Zetoc Alert  

E-Print Network [OSTI]

. Search for journals alphabetically, by search term or by subject: Select a letter to view are available in full at the end of this guide. All of the terms used on this page are in the Zetoc Glossary ............................................................................2 Adding Searches to an Alert List

Cambridge, University of

97

Related Links | Department of Energy  

Energy Savers [EERE]

Algal Biofuels Related Links Related Links The links below provide useful algae resources and are organized by categories. Beyond this page, learn more about BETO's Algae...

98

Energy Efficiency Links  

U.S. Energy Information Administration (EIA) Indexed Site

Energy Energy Efficiency Organizations Energy Efficiency Organizations Release Date: October 1999 Last Updated: Septembert 2009 EIA Links Disclaimer: These pages contain hypertext links to information created and maintained by other public and private organizations. These links provide additional information that may be useful or interesting and are being provided consistent with the intended purpose of the EIA website. EIA does not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. EIA does not endorse the organizations sponsoring linked websites, the views they express, or the products and services they offer. U.S. Federal Government / Regional / U.S. Nonprofit / International U.S. Federal Government and Related Agencies

99

Nuclear Data Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links to Useful Online Nuclear Physics Journals Important Online Resources Science Direct American Institute of Physics Journals APS Journals Online: Physical Review A, B, C, D, E,...

100

NREL: News - Related Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Related Links The U.S. Department of Energy provides news online: EERE Network News News and Blog Science News Science and Technology Highlights from the National Laboratories...

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

Southeast Idaho Area Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Area Attractions and Events Area Geography Area History Area Links Driving Directions Idaho Falls Attractions and Events INL History INL Today Research Park Sagebrush Steppe...

102

T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From  

Broader source: Energy.gov (indexed) [DOE]

8: Apache Tomcat HTTP BIO Connector Error Discloses Information 8: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users April 8, 2011 - 5:35am Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user may be able to obtain information from a different request. PLATFORM: Apache Tomcat v7.0.0 - v7.0.11 ABSTRACT: When using HTTP pipelining, the system may return information from a different request to a remote user. The vulnerability resides in the HTTP BIO connector. reference LINKS: Apache Tomcat Security Alert CVE-2011-1475 SecurityTracker Alert ID: 1025303 IMPACT ASSESSMENT: Medium Discussion: Changes introduced to the HTTP BIO connector to support Servlet 3.0

103

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Broader source: Energy.gov (indexed) [DOE]

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

104

T-537: Oracle Critical Patch Update Advisory - January 2011 | Department of  

Broader source: Energy.gov (indexed) [DOE]

7:11am 7:11am Addthis PROBLEM: Oracle Critical Patch Update Advisory - January 2011. PLATFORM: Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Oracle Industry Applications and Oracle VM patches. ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative. reference LINKS: Oracle Critical Patch SecurityTracker Alert ID: 1024979 CVE-2010-3594 Oracle Appendix Critical Patch Updates and Security Alerts

105

T-537: Oracle Critical Patch Update Advisory - January 2011 | Department of  

Broader source: Energy.gov (indexed) [DOE]

2:30pm 2:30pm Addthis PROBLEM: Oracle Critical Patch Update Advisory - January 2011. PLATFORM: Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Oracle Industry Applications and Oracle VM patches. ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative. reference LINKS: Oracle Critical Patch SecurityTracker Alert ID: 1024979 CVE-2010-3594 Oracle Appendix Critical Patch Updates and Security Alerts

106

U-072:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service  

Broader source: Energy.gov (indexed) [DOE]

72:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny 72:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service U-072:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service December 30, 2011 - 9:15am Addthis PROBLEM: Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service PLATFORM: apache Tomcat 5.5.34, 6.0.34, 7.0.22; and prior versions aBSTRACT: A remote user can cause performance to degrade on the target server. reference LINKS: Apache Tomcat Security Alert SecurityTracker Alert ID: 1026477 nruns Advisory SA-2011.004 Secunia Advisory SA47411 CVE-2011-4084 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A remote user can cause denial of service conditions. A remote user can send specially crafted POST request values to trigger hash collisions and cause significant performance

107

U-105:Oracle Java SE Critical Patch Update Advisory | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

05:Oracle Java SE Critical Patch Update Advisory 05:Oracle Java SE Critical Patch Update Advisory U-105:Oracle Java SE Critical Patch Update Advisory February 16, 2012 - 11:45am Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory PLATFORM: 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior ABSTRACT: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. reference LINKS: Oracle Java SE Critical Patch Critical Patch Security Alerts SecurityTracker Alert ID: 1026688 Secunia Advisory: SA48009 Red Hat advisory IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java

108

V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws  

Broader source: Energy.gov (indexed) [DOE]

4: RSA Adaptive Authentication (On-Premise) Input Validation 4: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks November 27, 2012 - 2:00am Addthis PROBLEM: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks PLATFORM: RSA Adaptive Authentication (On-Premise) 6.x ABSTRACT: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). REFERENCE LINKS: SecurityTracker Alert ID: 1027811 SecurityFocus Security Alert RSA Customer Support CVE-2012-4611 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). A remote user can conduct cross-site scripting attacks. The software does not

109

U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

54: Webmin Flaws Let Remote Authenticated Users Execute 54: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files September 10, 2012 - 6:00am Addthis PROBLEM: Webmin Multiple Input Validation Vulnerabilities PLATFORM: The vulnerabilities are reported in version 1.580. Other versions may also be affected. ABSTRACT: An authenticated attacker may be able to execute arbitrary commands. reference LINKS: Webmin Security Alerts Bugtraq ID: 55446 Secunia Advisory SA50512 SecurityTracker Alert ID: 1027507 US CERT Vulnerability Note VU#788478 CVE-2012-2981 CVE-2012-2982 CVE-2012-2983 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in Webmin, which can be exploited by malicious users to compromise a vulnerable system and by

110

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Broader source: Energy.gov (indexed) [DOE]

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

111

T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From  

Broader source: Energy.gov (indexed) [DOE]

8: Apache Tomcat HTTP BIO Connector Error Discloses Information 8: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users April 8, 2011 - 5:35am Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user may be able to obtain information from a different request. PLATFORM: Apache Tomcat v7.0.0 - v7.0.11 ABSTRACT: When using HTTP pipelining, the system may return information from a different request to a remote user. The vulnerability resides in the HTTP BIO connector. reference LINKS: Apache Tomcat Security Alert CVE-2011-1475 SecurityTracker Alert ID: 1025303 IMPACT ASSESSMENT: Medium Discussion: Changes introduced to the HTTP BIO connector to support Servlet 3.0

112

U-105:Oracle Java SE Critical Patch Update Advisory | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

5:Oracle Java SE Critical Patch Update Advisory 5:Oracle Java SE Critical Patch Update Advisory U-105:Oracle Java SE Critical Patch Update Advisory February 16, 2012 - 11:45am Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory PLATFORM: 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior ABSTRACT: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. reference LINKS: Oracle Java SE Critical Patch Critical Patch Security Alerts SecurityTracker Alert ID: 1026688 Secunia Advisory: SA48009 Red Hat advisory IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java

113

Diversity Links; Diversity Office  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Source Disclaimer: Links and/or hyperlinks on this page may contain information gathered from public sources outside Brookhaven National Laboratory. This information is for reference purposes only and, as such, there is no endorsement of products or services therein, nor is BNL responsible for any content inaccuracies. By clicking any of the aforementioned links and/or hyperlinks, you acknowledge your understanding and agreement with this statement. Source Disclaimer: Links and/or hyperlinks on this page may contain information gathered from public sources outside Brookhaven National Laboratory. This information is for reference purposes only and, as such, there is no endorsement of products or services therein, nor is BNL responsible for any content inaccuracies. By clicking any of the aforementioned links and/or hyperlinks, you acknowledge your understanding and agreement with this statement. Diversity Links BNL & DOE Diversity Links Minority Recruitment Links BNL & DOE Diversity Links Brookhaven National Laboratory (BNL) Brookhaven Advocacy Council (BAC) Brookhaven Employees Recreation Association (BERA) | BERA Clubs U.S. DOE Office of Civil Rights and Diversity U.S. DOE Office of Civil Rights and Diversity - Homepage

114

Microsoft Word - Additional links  

Office of Legacy Management (LM)

Links: Links: Link to annual groundwater reports on LM website: http://www.lm.doe.gov/Monticello/Documents.aspx#gwreports Links to peer-reviewed papers referenced in the Program Status and Analytical Update (Note: Due to copyright restrictions, links to these papers, rather than reproductions, are provided): a. Harding, Lee E. "Non-linear uptake and hormesis effects of selenium in red- winged blackbirds (Agelaius phoeniceus)". Science of the Total Environment 389 (2008) 350-366. Available through sciencedirect at: http://www.sciencedirect.com/science/article/pii/S0048969707010029 b. King, Kirke A. and Thomas W. Custer. "Reproductive Success of Barn Swallows Nesting Near a Selenium-Contaminated Lake in East Texas, USA". Environmental Pollution 84 (1994) 53-58. Available through sciencedirect at:

115

Lighting Group: Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links Links Links Organizations Illuminating Engineering Society of North America (IESNA) International Commission on Illumination (CIE) International Association of Lighting Designers (IALD) International Association of Energy-Efficient Lighting Lightfair International Energy Agency - Task 21: Daylight in Buildings: Design Tools and Performance Analysis International Energy Agency - Task 31: Daylighting Buildings in 21st Century National Association on Qualifications for the Lighting Professions (NCQLP) National Association of Independent Lighting Distributors (NAILD) International Association of Lighting Management Companies (NALMCO) Research Centers California Lighting Technology Center Lighting Research Center Lighting Research at Canada Institute for Research in Construction

116

T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

3: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets 3: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service May 31, 2011 - 3:35pm Addthis PROBLEM: A vulnerability was reported in BIND. A remote user can cause denial of service conditions. PLATFORM: BIND Version(s): 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, 9.8.0 and later; prior to 9.4-ESV-R4-P1, 9.6-ESV-R4-P1, 9.7.3-P1, 9.8.0-P2 ABSTRACT: A remote DNS server can supply very large RRSIG RRsets in a negative response to trigger an off-by-one error in a buffer size check and cause the target requesting named process to crash. A remote user can cause named to crash. reference LINKS: SecurityTracker Alert ID: 1025575 SecurityTracker Alert ID: 1025572

117

Fuel Cell Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Fuel Cell Links Fuel Cell Links The links below are provided as additional resources for fuel-cell-related information. Most of the linked sites are not part of, nor affiliated with, fueleconomy.gov. We do not endorse or vouch for the accuracy of the information found on such sites. Fuel Cell Vehicles and Manufacturers Chevrolet General Motors press release about the Chevrolet Fuel Cell Equinox Ford Ford overview of their hydrogen fuel cell vehicles Honda FCX Clarity official site Hyundai Hyundai press release announcing the upcoming Tucson Fuel Cell Mercedes-Benz Ener-G-Force Fuel-cell-powered concept SUV Nissan Nissan TeRRA concept SUV Toyota Overview of Toyota fuel cell technology Hydrogen- and Fuel-Cell-Related Information and Tools Fuel Cell Vehicles Brief overview of fuel cell vehicles provided by DOE's Alternative Fuels Data Center (AFDC)

118

Hybrid Vehicle Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Hybrid Links Hybrid Links Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Hybrid Vehicles and Manufacturers Acura ILX Hybrid Audi Q5 Hybrid BMW ActiveHybrid 3 ActiveHybrid 5 ActiveHybrid 7 Buick LaCrosse eAssist* Regal eAssist* Chevrolet Malibu Eco* Impala eAssist* Ford Fusion Hybrid Honda Accord Hybrid Civic Hybrid Honda CR-Z Honda Insight Hyundai Sonata Hybrid Infiniti M Hybrid Q50 Hybrid Q50 S Hybrid QX60 Hybrid Kia Optima Hybrid Lexus CT 200h Lexus ES 300h GS 450h LS 600h L RX 450h Lincoln MKZ Hybrid Mercedes-Benz Mercedes E400 Hybrid Nissan Pathfinder Hybrid Porsche Cayenne S Hybrid Subaru XV Crosstrek Hybrid Toyota Avalon Hybrid

119

Location linked information  

E-Print Network [OSTI]

This work builds an infrastructure called Location Linked Information that offers a means to associate digital information with public, physical places. This connection creates a hybrid virtual/physical space, called glean ...

Mankins, Matthew William David, 1975-

2003-01-01T23:59:59.000Z

120

Links - 88-Inch Cyclotron  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Lab Cafeteria Jobs at Berkeley Lab Today at Berkeley Lab Health and Safety Manual (PUB-3000) Science Links: Web Elements (Periodic Table) Science Daily News Sci Tech Daily News...

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

Nuclear Data Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links to Other Useful Sites Online Journals Institutions and Programs Related to Nuclear Physics U.S. Nuclear Data Program: All evaluated nuclear data supported by the U.S....

122

Design and implementation of a marine animal alert system to support Marine Renewable Energy  

SciTech Connect (OSTI)

Power extracted from fast moving tidal currents has been identified as a potential commercial-scale source of renewable energy. Device developers and utilities are pursuing deployment of prototype tidal turbines to assess technology viability, site feasibility, and environmental interactions. Deployment of prototype turbines requires permits from a range of regulatory authorities. Ensuring the safety of marine animals, particularly those under protection of the Endangered Species Act of 1973 (ESA) and the Marine Mammal Protection Act of 1972 has emerged as a key regulatory challenge for initial MHK deployments. The greatest perceived risk to marine animals is from strike by the rotating blades of tidal turbines. Development of the marine mammal alert system (MAAS) was undertaken to support monitoring and mitigation requirements for tidal turbine deployments. The prototype system development focused on Southern Resident killer whales (SRKW), an endangered population of killer whales that frequents Puget Sound and is intermittently present in the part of the sound where deployment of prototype tidal turbines is being considered. Passive acoustics were selected as the primary means because of the vocal nature of these animals. The MAAS passive acoustic system consists of two-stage process involving the use of an energy detector and a spectrogram-based classifier to distinguish between SKRWs calls and noise. A prototype consisting of two 2D symmetrical star arrays separated by 20 m center to center was built and evaluated in the waters of Sequim Bay using whale call playback.

Deng, Zhiqun; Carlson, Thomas J.; Fu, Tao; Ren, Huiying; Martinez, Jayson J.; Myers, Joshua R.; Matzner, Shari; Choi, Eric Y.; Copping, Andrea E.

2013-08-08T23:59:59.000Z

123

Physics 171 Problem Set #3 Fall 2014 MIDTERM ALERT: The midterm exam will be a take-home exam. The exam will be  

E-Print Network [OSTI]

Physics 171 Problem Set #3 Fall 2014 MIDTERM ALERT: The midterm exam will be a take-home exam topics of the Physics 171 Course Outline (and on the material covered on the first three problem sets

California at Santa Cruz, University of

124

MAJOR CONFORMED CONTRACTS LINKS Site/Project Contract Link Idaho  

Office of Environmental Management (EM)

MAJOR CONFORMED CONTRACTS LINKS SiteProject Contract Link Idaho Idaho Cleanup Project http:www.id.doe.govdoeidICPContractICPContract.htm Advance Mixed Waste Treatment http:...

125

Global Climate Change Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Global Climate Change Links Global Climate Change Links This page provides links to web pages that we at CDIAC feel do a responsible job of presenting information and discussion pertinent to the science behind the global climate change ("global warming") debate. These sites include those on both sides of the debate; some asserting that global warming is a clear and present danger, and others that might be labeled global warming "skeptics." Some of these sites don't take a position per se; they exist to offer the public objective scientific information and results on our present understanding of the climate system. The list is not intended to be comprehensive, by any means. We hope it will be especially helpful for those who may be just beginning their research into global

126

BCDA Machine Status Link  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Machine Status Link Machine Status Link Version 1.33 (December 2005) David M. Kline. The Machine Status Link (MSL) is responsible for distributing the digitized beam current, injection status, P0 clock, and other statuses over a single fiber to several locations around the Storage Ring. The MRD100 is a VME-based module that is part of the MSL and was specifically designed for the APS. It receives and interprets information from the XMS100 module by means of copper or fiber. Signals from the XMS100 module are sent at a P0 rate (3.667 microseconds). It sends two registers every cycle and all in about 12 cycles. Refer to the ASD website for additional information regarding the MSL. The focus of this page is to provide information of how to configure the MRD100 for a beamline IOC and to discuss the sample IOC

127

LTS Related Links - Hanford Site  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Information Management LTS Fact Sheets Briefings LTS Related Links LTS Contact Us 2015 Vision LTS Related Links Email Email Page | Print Print Page |Text Increase Font Size...

128

Solitons, links and knots  

Science Journals Connector (OSTI)

...Soc. Lond. A (1999) Solitons, links and knots 4309 on a grid containing 1003 points, where spatial derivatives are approximated...results we can speculate on some qualitative aspects of an energy mini- mization principle which leads to the interesting structures...

1999-01-01T23:59:59.000Z

129

The Universe Adventure - Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Links Links Cosmology and Space Cosmic Journey A site chronicling the history of scientific cosmology, presented by the American Institute of Physics. Hubble Ultra-Deep Field Skywalker Lets you explore the famous Hubble Deep Field photo, which is the deepest view (in the visible spectrum) into the sky to date. QuietBay Constellation Tutorial A fun and easy tutorial to familiarize yourself with the night sky. Astronomy Picture of the Day Astronomy Picture of the Day features a new image from the universe every day, with short explanations written by professional astronomers. The Solar System NASA site that includes images and profiles of the planets (plus Pluto). Earth Guide An Earth planetary science site created by the Japan Science and Technology Agency describing many of the features of Earth and its place in the

130

Website Policies / Important Links | DOE Data Explorer  

Office of Scientific and Technical Information (OSTI)

Website Policies Important Links Website Policies Important Links Javascript Not Enabled OSTI Security Website Policies and Important Links...

131

Covalently Linked DNA Nanotubes  

Science Journals Connector (OSTI)

SEM analyses of the nanotubes generated according to Scheme 2 further support the suggested folding of the 2D cross-linked DNA array into the nanotube structure. ... Here, we report a modular approach to DNA nanotube synthesis that provides access to geometrically well-defined triangular and square-shaped DNA nanotubes. ... and assembly of carbon nanotubes, and in nanotube-based DNA sensing and sepns. ...

Ofer I. Wilner; Anja Henning; Bella Shlyahovsky; Itamar Willner

2010-03-17T23:59:59.000Z

132

Assessment of the need for dual indoor/outdoor warning systems and enhanced tone alert technologies in the Chemical Stockpile Emergency Preparedness Program  

SciTech Connect (OSTI)

The need for a dual indoor/outdoor warning system as recommended by the program guidance and Alert and Notification (A N) standard for the Chemical Stockpile Emergency Preparedness Program is analyzed in this report. Under the current program standards, the outdoor warning system consists of omnidirectional sirens and the new indoor system would be an enhanced tone alert (TA) radio system. This analysis identifies various tone-alert technologies, distribution options, and alternative siren configurations. It also assesses the costs and benefits of the options and analyzes what appears to best meet program needs. Given the current evidence, it is recommended that a 10-dB siren system and the special or enhanced TA radio be distributed to each residence and special institution in the immediate response zone as preferred the A N standard. This approach minimizes the cost of maintenance and cost of the TA radio system while providing a high degree of reliability for indoor alerting. Furthermore, it reaches the population (residential and institutional) in the greatest need of indoor alerting.

Sorensen, J.H.

1992-05-01T23:59:59.000Z

133

Assessment of the need for dual indoor/outdoor warning systems and enhanced tone alert technologies in the Chemical Stockpile Emergency Preparedness Program  

SciTech Connect (OSTI)

The need for a dual indoor/outdoor warning system as recommended by the program guidance and Alert and Notification (A&N) standard for the Chemical Stockpile Emergency Preparedness Program is analyzed in this report. Under the current program standards, the outdoor warning system consists of omnidirectional sirens and the new indoor system would be an enhanced tone alert (TA) radio system. This analysis identifies various tone-alert technologies, distribution options, and alternative siren configurations. It also assesses the costs and benefits of the options and analyzes what appears to best meet program needs. Given the current evidence, it is recommended that a 10-dB siren system and the special or enhanced TA radio be distributed to each residence and special institution in the immediate response zone as preferred the A&N standard. This approach minimizes the cost of maintenance and cost of the TA radio system while providing a high degree of reliability for indoor alerting. Furthermore, it reaches the population (residential and institutional) in the greatest need of indoor alerting.

Sorensen, J.H.

1992-05-01T23:59:59.000Z

134

U-230: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local  

Broader source: Energy.gov (indexed) [DOE]

0: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets 0: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges U-230: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges August 8, 2012 - 7:00am Addthis PROBLEM: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges PLATFORM: Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) ABSTRACT: An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. reference LINKS: Advisory: RHSA-2012:1149-1 SecurityTracker Alert ID: 1027356 Sudo Main Page Bugzilla 844442 CVE-2012-3440 IMPACT ASSESSMENT: Medium Discussion: A local user can exploit a temporary file symbolic link flaw in the %postun

135

T-589: Citrix XenApp and Citrix Presentation Server Bug | Department of  

Broader source: Energy.gov (indexed) [DOE]

9: Citrix XenApp and Citrix Presentation Server Bug 9: Citrix XenApp and Citrix Presentation Server Bug T-589: Citrix XenApp and Citrix Presentation Server Bug March 28, 2011 - 3:05pm Addthis PROBLEM: Citrix XenApp and Citrix Presentation Server Bug in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: Citrix XenApp Presentation versions 4.5, 5 ABSTRACT: A vulnerability was reported in Citrix XenApp (Presentation Server). A remote user can execute arbitrary code on the target system. -------------------------------------------------------------------------------- LINKS: DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-589.shtml OTHER LINKS: Citrix Document: CTX128366 SecurityTracker Alert ID: 1025254 Citrix Support Technical Support Downloads --------------------------------------------------------------------------------

136

T-589: Citrix XenApp and Citrix Presentation Server Bug | Department of  

Broader source: Energy.gov (indexed) [DOE]

89: Citrix XenApp and Citrix Presentation Server Bug 89: Citrix XenApp and Citrix Presentation Server Bug T-589: Citrix XenApp and Citrix Presentation Server Bug March 28, 2011 - 3:05pm Addthis PROBLEM: Citrix XenApp and Citrix Presentation Server Bug in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: Citrix XenApp Presentation versions 4.5, 5 ABSTRACT: A vulnerability was reported in Citrix XenApp (Presentation Server). A remote user can execute arbitrary code on the target system. -------------------------------------------------------------------------------- LINKS: DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-589.shtml OTHER LINKS: Citrix Document: CTX128366 SecurityTracker Alert ID: 1025254 Citrix Support Technical Support Downloads --------------------------------------------------------------------------------

137

Fermilab | About FermiLINK  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

About FermiLINK About FermiLINK Fermilab Today September 28, 2009 Mentors wanted for Diversity Office's FermiLINK program Fermilab Today October 5, 2009 Mentors wanted for Diversity Office's FermiLINK program Fermilab Today October 13, 2009 FermiLINK Q&A session Fermilab Today November 9, 2009 FermiLINK calls for mentees FermiLINK is Fermilab’s mentorship system designed to create an organizational network of leaders by providing opportunities for professional development and career management. This support structure creates access to the counsel and institutional knowledge of successful Fermilab professionals independent of the immediate supervisory hierarchy. FermiLINK provides web-based access to a host of mentors for issue-specific work-related challenges and opportunities. The network supports email,

138

The Climate Impacts LINK Project  

E-Print Network [OSTI]

The Climate Impacts LINK Project The Climatic Research Unit, University of East Anglia Funded Impacts LINK Project: Applying Results from the Hadley Centre's Climate Change Experiments for Climate change is relatively undeveloped.The Climate Impacts LINK Project was conceived to encourage research

Feigon, Brooke

139

Alertness, performance and off-duty sleep on 8-hour and 12-hour night shifts in a simulated continuous operations control room setting  

SciTech Connect (OSTI)

A growing number of nuclear power plants in the United States have adopted routine 12-hr shift schedules. Because of the potential impact that extended work shifts could have on safe and efficient power plant operation, the U.S. Nuclear Regulatory Commission funded research on 8-hr and 12-hr shifts at the Human Alertness Research Center (HARC) in Boston, Massachusetts. This report describes the research undertaken: a study of simulated 8-hr and 12-hr work shifts that compares alertness, speed, and accuracy at responding to simulator alarms, and relative cognitive performance, self-rated mood and vigor, and sleep-wake patterns of 8-hr versus 12-hr shift workers.

Baker, T.L. [Institute for Circadian Physiology, Boston, MA (United States)

1995-04-01T23:59:59.000Z

140

Future Challenges for Linked APIs  

E-Print Network [OSTI]

Abstract. A number of approaches combine the principles and technologies of Linked Data and RESTful services. Services and APIs are thus enriched by, and contribute to, the Web of Data. These resource-centric approaches, referred to as Linked APIs, focus on flexibility and the integration capabilities of Linked Data. We use our experience in teaching students on how to use Linked APIs to identify the existing challenges in the area. Additionally we introduce the LAPIS catalogue, a directory for Linked APIs as basis for the research to address the identified challenges. 1

Steffen Stadtmller; Sebastian Speiser; Andreas Harth

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

Critical links: The role of electric utilities in information infrastructure  

SciTech Connect (OSTI)

Electric utilities should seek out the role of providing {open_quotes}common infrastructure{close_quotes} for telecommunications services, some of which utilities need themselves. If they do so, in cooperation with cable and/or telephone companies, the public and utilities would be well served. After laboring for years to alert the industry and the public to the possibilities for electric utility involvement in advanced telecommunications networks and services, the author is thrilled by all the new alliances and demonstration projects that link power companies with information and telecommunications providers. But while a few electric utilities talk aggressively about entering competitive voice, data and video businesses, others still dread the very word `telecommunications.` By and large, no unanimity has emerged on how to capture the patent synergy of electricity and telecommunications while paving the way for a congenial, long-term fit between these two multi-faceted industries. Over the past several months, with assistance from the Office of Computational Sciences of the U.S. Department of Energy, the author has tried to fashion a model for the stable evolution of electric utilities into telecommunications and information. In this article, the author summarizes the findings of this inquiry as a `snapshot` of where U.S. electric utilities now stand vis-a-vis the nations`s telecommunications needs. Then he offers his own views about what utilities can and should do to help meet those needs to benefit themselves, their customers, and their shareholders.

Rivkin, S.R.

1995-10-01T23:59:59.000Z

142

UCPD CRIME ALERT -Cell Phones Taken Near Rustin Avenue & Linden Street Cell Phones Taken From Victims near Rustin Avenue & Linden Street  

E-Print Network [OSTI]

UCPD CRIME ALERT - Cell Phones Taken Near Rustin Avenue & Linden Street Cell Phones Taken From Department responded to two(2) cell phone snatchings that occurred at about 6:00 pm and again at about 9 to be aware of their surroundings, to not be distracted by cell phones/electronic devices and to keep those

Lyubomirsky, Ilya

143

PRO-DAIRY Alert and Action Statement Water use reporting required for New York State dairy farms that use large quantities of water.  

E-Print Network [OSTI]

1 PRO-DAIRY Alert and Action Statement Water use reporting required for New York State dairy farms to have plentiful water, the reporting of water usage provides NYSDEC information to manage the state that use large quantities of water. All dairy farms should be aware of this requirement, especially those

Walter, M.Todd

144

Help:Links | Open Energy Information  

Open Energy Info (EERE)

Links Links Jump to: navigation, search There are four sorts of links in MediaWiki: internal links to other pages in the wiki external links to other websites interwiki links to other websites registered to the wiki in advance Interlanguage links to other websites registered as other language versions of the wiki Contents 1 Internal links 2 External links 2.1 How to avoid auto-links 3 Interwiki links 3.1 Interlanguage links 4 See also Internal links To add an internal link, enclose the name of the page you want to link to in double square brackets. When you save the page, you'll see the new link pointing to your page. If the page exists already it is displayed in blue, if it does not, in red. Selflinks to the current page are not transformed in URLs but displayed in bold. (If you really want to link to the current

145

Partners and related links | EMSL  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

are the organizations with which EMSL maintains closest relationships in high performance computing and software development. Partners Note: The links below leave this site...

146

V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated 1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges February 28, 2013 - 12:05am Addthis PROBLEM: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges PLATFORM: VSE 8.8 Patch 2 with Access Protection, including Self Protection, turned off ABSTRACT: A vulnerability was reported in McAfee VirusScan Enterprise. REFERENCE LINKS: McAfee Security Bulletins ID: SB10038 SecurityTracker Alert ID: 1028209 IMPACT ASSESSMENT: Medium DISCUSSION: When Access Protection has been disabled, a local user can gain full control of the target application IMPACT: A local user can obtain elevated privileges on the target system. SOLUTION: The vendor has issued a fix (8.8 Patch 2 with HF778101, 8.8 Patch 3)

147

T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny  

Broader source: Energy.gov (indexed) [DOE]

1: Linux Kernel dns_resolver Key Processing Error Lets Local 1: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services March 7, 2011 - 3:05pm Addthis PROBLEM: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services. PLATFORM: Linux Kernel 2.6.37 and prior versions ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID:1025162 Latest Stable Kernel CVE-2011-1076 IMPACT ASSESSMENT: High Discussion: When a DNS resolver key is instantiated with an error indication, a local user can attempt to read the key to trigger a null pointer dereference and cause a kernel crash. A local user can cause the target system to crash.

148

U-044: HP Operations Agent and Performance Agent Lets Local Users Access a  

Broader source: Energy.gov (indexed) [DOE]

44: HP Operations Agent and Performance Agent Lets Local Users 44: HP Operations Agent and Performance Agent Lets Local Users Access a Restricted Directory U-044: HP Operations Agent and Performance Agent Lets Local Users Access a Restricted Directory November 23, 2011 - 8:00am Addthis PROBLEM: HP Operations Agent and Performance Agent Lets Local Users Access a Restricted Directory. PLATFORM: HP Operations Agent v11.00 and Performance Agent v4.73, v5.0 for AIX, HP-UX, Linux, and Solaris ABSTRACT: A local user can access a directory on the target system. reference LINKS: HP Security Bulletin Document ID: c03091656 CVE-2011-4160 SecurityTracker Alert ID: 1026345 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Operations Agent and Performance Agent. A local user can access data on the target system. A local user can gain

149

U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root  

Broader source: Energy.gov (indexed) [DOE]

6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root 6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges December 9, 2011 - 8:00am Addthis PROBLEM: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges. PLATFORM: Linux kernel ABSTRACT: A vulnerability was reported in the Linux Kernel. reference LINKS: The Linux Kernel Archives SecurityTracker Alert ID: 1026395 CVE-2011-4330 IMPACT ASSESSMENT: Medium Discussion: When a specially crafted Hierarchical File System (HFS) file system is mounted, a local user can to trigger a buffer overflow and execute arbitrary code on the target system with root privileges. The vulnerability resides in the hfs_mac2asc() function. Impact: A local user can obtain root privileges on the target system.

150

V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

5: Firefly Media Server Null Pointer Dereference Lets Remote 5: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service December 26, 2012 - 9:00am Addthis PROBLEM: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service PLATFORM: Version(s): 1.0.0.1359 and prior ABSTRACT: A vulnerability was reported in Firefly Media Server REFERENCE LINKS: SecurityTracker Alert ID: 1027917 HTB Advisory ID: HTB23129 CVE-2012-5875 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to trigger a null pointer dereference and cause the target service to crash. IMPACT: A remote user can cause denial of service conditions. SOLUTION: No solution was available at the time of this entry. Addthis

151

U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

U-213: Google Chrome Multiple Flaws Let Remote Users Execute U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code July 16, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 20.0.1132.57 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: Stable Channel Update SecurityTracker Alert ID: 1027249 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

152

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

153

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Broader source: Energy.gov (indexed) [DOE]

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

154

V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

6: HP-UX Directory Server Discloses Passwords to Remote 6: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users May 29, 2013 - 12:32am Addthis PROBLEM: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users PLATFORM: Directory Server B.08.10.04 ABSTRACT: Two vulnerabilities were reported in HP-UX Directory Server. REFERENCE LINKS: HP Document ID: c03772083 SecurityTracker Alert ID: 1028593 CVE-2012-2678 CVE-2012-2746 IMPACT ASSESSMENT: High DISCUSSION: A local user can access the plaintext password in certain cases [CVE-2012-2678]. A remote authenticated user can can view the password for a target LDAP user when audit logging is enabled by reading the audit log [CVE-2012-2678].

155

U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

08: Symantec Data Loss Prevention Bugs in KeyView Filter Lets 08: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service October 11, 2011 - 8:00am Addthis PROBLEM: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service PLATFORM: Symantec Data Loss Prevention Enforce/Detection Servers for Windows 10.x, 11.x ABSTRACT: A remote user can create a file that, when processed by the target filter, will cause partial denial of service conditions. reference LINKS: Symantec Security Advisory SYM11-013 SecurityTracker Alert ID: 1026157 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities were reported in Symantec Data Loss Prevention. A remote user can cause denial of service conditions on the target system.A

156

U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

7: Red Hat Certificate System Bugs Let Remote Users Conduct 7: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks July 20, 2012 - 7:00am Addthis PROBLEM: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks PLATFORM: Red Hat Certificate System v8 ABSTRACT: Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate. reference LINKS: Advisory: RHSA-2012:1103-1 SecurityTracker Alert ID: 1027284 CVE-2012-2662 CVE-2012-3367 IMPACT ASSESSMENT: Medium Discussion: The Agent and End Entity pages do not properly filter HTML code from

157

T-588: HP Virtual SAN Appliance Stack Overflow | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

T-588: HP Virtual SAN Appliance Stack Overflow T-588: HP Virtual SAN Appliance Stack Overflow T-588: HP Virtual SAN Appliance Stack Overflow March 25, 2011 - 5:05pm Addthis PROBLEM: HP Virtual SAN Appliance Stack Overflow in 'hydra.exe' Lets Remote Users Execute Arbitrary Code. PLATFORM: HP StorageWorks P4000 Virtual SAN Appliance Software ABSTRACT: A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Secunia advisory 34782 SecurityTracker Alert ID: 1025249 ZDI-11-111 Bugtraq ID: 47005 IMPACT ASSESSMENT: High Discussion: Hewlett-Packard Virtual SAN Appliance is prone to a remote buffer-overflow vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in

158

U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

3: RSA SecurID Software Token for Windows DLL Loading Error 3: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code December 16, 2011 - 8:00am Addthis PROBLEM: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code. PLATFORM: RSA SecurID Software Token 4.1 for Microsoft Windows ABSTRACT: A remote user can cause the target application to execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026426 ESA-2011-039 Secunia Advisory: SA45665 Securityfocus Advisory CVE-2011-4141 RSA Online Fraud Resource Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in RSA SecurID Software Token. A remote user

159

U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject  

Broader source: Energy.gov (indexed) [DOE]

19: Symantec Web Gateway Input Validation Flaws Lets Remote 19: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords July 24, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords PLATFORM: Symantec Web Gateway 5.0.x.x ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. REFERENCE LINKS: Security Advisories Relating to Symantec Products SecurityTracker Alert ID: 1027289 Bugtraq ID: 54424 Bugtraq ID: 54425 Bugtraq ID: 54426 Bugtraq ID: 54427 Bugtraq ID: 54429 Bugtraq ID: 54430

160

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Broader source: Energy.gov (indexed) [DOE]

6: HP StorageWorks File Migration Agent Buffer Overflows Let 6: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. 1. (ZDI-12-127) The specific flaw exists within the HsmCfgSvc.exe service

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service  

Broader source: Energy.gov (indexed) [DOE]

07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny 07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. PLATFORM: Nexus 1000v, 5000, and 7000 Series Switches ABSTRACT: A remote user can send a specially crafted IP packet to cause the target device to reload. reference LINKS: Cisco Advisory SecurityTracker Alert ID:1026692 CVE-2012-0352 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. A remote user can send a specially crafted IP packet to cause the target device to reload. The vulnerability occurs when the device attepts to obtain Layer 4 (e.g.,

162

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Broader source: Energy.gov (indexed) [DOE]

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

163

U-168: EMC Documentum Information Rights Management Server Bugs Let Remote  

Broader source: Energy.gov (indexed) [DOE]

168: EMC Documentum Information Rights Management Server Bugs Let 168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service May 14, 2012 - 7:00am Addthis PROBLEM: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service PLATFORM: Information Rights Management Server 4.x, 5.x ABSTRACT: Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions. Reference links: SecurityTracker Alert ID: 1027058 CVE-2012-2276 CVE-2012-2277 IMPACT ASSESSMENT: High Discussion: A remote authenticated user can send specially crafted data to trigger a NULL pointer dereference and cause the target service to crash. A remote

164

U-030: Apache Tomcat Lets Untrusted Web Applications Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

30: Apache Tomcat Lets Untrusted Web Applications Gain Elevated 30: Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges U-030: Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges November 9, 2011 - 8:30am Addthis PROBLEM: Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges. PLATFORM: Apache Tomcat 7.0.0-7.0.21. ABSTRACT: An untrusted web application can access Manager application functions. reference LINKS: Apache Tomcat 7.x vulnerabilities SecurityTracker Alert ID: 1026295 CVE-2011-3376 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A local user (application) can obtain elevated privileges on the target system. A local web application (that is not trusted) can access Manager application functions without being marked as privileged. This can be exploited to obtain

165

U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

63: RSA SecurID Software Token for Windows DLL Loading Error 63: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code December 16, 2011 - 8:00am Addthis PROBLEM: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code. PLATFORM: RSA SecurID Software Token 4.1 for Microsoft Windows ABSTRACT: A remote user can cause the target application to execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026426 ESA-2011-039 Secunia Advisory: SA45665 Securityfocus Advisory CVE-2011-4141 RSA Online Fraud Resource Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in RSA SecurID Software Token. A remote user

166

U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

0: JBoss Operations Network LDAP Authentication Bug Lets Remote 0: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication March 21, 2012 - 7:00am Addthis PROBLEM: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication PLATFORM: JBoss Operations Network 2.x ABSTRACT: A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases. reference LINKS: SecurityTracker Alert ID: 1026826 Secunia Advisory SA48471 CVE-2012-1100 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based

167

T-591: VMware vmrun Utility Lets Local Users Gain Elevated Privileges |  

Broader source: Energy.gov (indexed) [DOE]

1: VMware vmrun Utility Lets Local Users Gain Elevated 1: VMware vmrun Utility Lets Local Users Gain Elevated Privileges T-591: VMware vmrun Utility Lets Local Users Gain Elevated Privileges March 30, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware. A local user can obtain elevated privileges on the target system. PLATFORM: VMware Workstation 6.5.5 and 7.1.3 and prior; VIX API for Linux 1.10.2 and prior ABSTRACT: The VMware vmrun utility is susceptible to a local privilege escalation in non-standard configurations. reference LINKS: VM Advisory ID:VMSA-2011-0006 Secunia Advisory: SA43885 SecurityTracker Alert ID: 1025270 CVE-2011-1126 VM Post IMPACT ASSESSMENT: Medium Discussion: A security issue has been reported in VMware Workstation, which can be exploited by malicious, local users to gain potentially escalated

168

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Broader source: Energy.gov (indexed) [DOE]

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

169

T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

650: Microsoft Word Unspecified Flaw Lets Remote Users Execute 650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code June 20, 2011 - 3:35pm Addthis PROBLEM: A vulnerability was reported in Microsoft Word. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Office XP; possibly other versions ABSTRACT: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code. reference LINKS: Secunia Advisory: SA44923 SecurityTracker Alert ID: 1025675 Bugtraq ID: 48261 TSL ID: TSL20110614-02 PRL: 2011-07 IMPACT ASSESSMENT: High Discussion: A code execution vulnerability has been reported in Microsoft Office Word. The vulnerability is due to memory corruption when parsing a specially crafted Word file.

170

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Broader source: Energy.gov (indexed) [DOE]

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability.

171

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

172

T-669: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

69: Linux Kernel GFS2 Allocation Error Lets Local Users Deny 69: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service T-669: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service July 15, 2011 - 2:14am Addthis PROBLEM: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. PLATFORM: 2.6.39 and prior versions ABSTRACT: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service. references LINKS: SecurityTracker Alert ID: 1025776 Linux Kernel Updates CVE-2011-2689 IMPACT ASSESSMENT: Medium Discussion: A local user can invoke the gfs2_fallocate() function in 'fs/gfs2/file.c' in certain cases to allocate a non-blksize aligned amount, resulting in an error in subsequent code that requires blksize aligned offsets. Impact: A local user can cause denial of service conditions on the target system.

173

T-720: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

0: Blue Coat Director HTTP Trace Processing Flaw Permits 0: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks T-720: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks September 19, 2011 - 8:45am Addthis PROBLEM Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks. PLATFORM: All versions of Director prior to 5.5.2.3 are vulnerable. ABSTRACT: A vulnerability was reported in Blue Coat Director. A remote user can conduct cross-site scripting attacks. reference LINKS: Blue Coat Advisories ID: SA62 SecurityTracker Alert ID: 1026061 Blue Coat Director 510 Blue Coat SGME 5 IMPACT ASSESSMENT: Medium Discussion: An attacker can use the HTTP TRACE method to echo malicious script back to the client as part of a Cross Site Scripting (XSS) attack. No

174

V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

10: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 10: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB13-09 SecurityTracker Alert ID: 1028277 CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

175

V-124: Splunk Web Input Validation Flaw Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

4: Splunk Web Input Validation Flaw Permits Cross-Site 4: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-124: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks April 2, 2013 - 1:13am Addthis PROBLEM: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 4.3.0 through 4.3.5 ABSTRACT: A vulnerability was reported in Splunk Web. REFERENCE LINKS: SecurityTracker Alert ID: 1028371 Splunk IMPACT ASSESSMENT: High DISCUSSION: Splunk Web does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Splunk Web software and will run in the security context of that site. As a result, the code will be able to access the

176

T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

3: Windows Remote Desktop Client DLL Loading Error Lets Remote 3: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code March 9, 2011 - 3:05pm Addthis PROBLEM: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution. PLATFORM: Remote Desktop Connection Client Version(s): 5.2, 6.0, 6.1, 7.0 ABSTRACT: A vulnerability was reported in Windows Remote Desktop Client. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Microsoft Security Bulletin MS11-017 SecurityTracker Alert ID:1025172 CVE-2011-0029 IMPACT ASSESSMENT: Moderate Discussion: A remote user can create a specially crafted DLL file on a remote share (e.g., WebDAV, SMB share). When the target user opens a valid Remote

177

U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users  

Broader source: Energy.gov (indexed) [DOE]

9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain 9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication May 1, 2012 - 7:00am Addthis PROBLEM: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6) ABSTRACT: A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration. reference LINKS: SecurityTracker Alert ID: 1026990 CVE-2011-3620 Red Hat advisory IMPACT ASSESSMENT: High Discussion: Qpid may accept arbitrary passwords and SASL mechanims. A remote user on the local private interconnect network with knowledge of a valid cluster

178

V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users  

Broader source: Energy.gov (indexed) [DOE]

6: HP Performance Insight Bugs with Sybase Database Let Remote 6: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System November 5, 2012 - 6:00am Addthis PROBLEM: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System PLATFORM: HP Performance Insight v5.31, v5.40 and v5.41 running on HP-UX, Solaris, Linux, and Windows and using Sybase as the database ABSTRACT: Two vulnerabilities were reported in HP Performance Insight. REFERENCE LINKS: HP Support Document ID: c03555488 SecurityTracker Alert ID: 1027719 CVE-2012-3269 CVE-2012-3270 IMPACT ASSESSMENT: High DISCUSSION:

179

V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote  

Broader source: Energy.gov (indexed) [DOE]

3: Red Hat Network Satellite Server Inter-Satellite Sync Remote 3: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass May 24, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Red Hat Network Satellite Server PLATFORM: Red Hat Network Satellite (v. 5.3 for RHEL 5) Red Hat Network Satellite (v. 5.4 for RHEL 5) Red Hat Network Satellite (v. 5.4 for RHEL 6) Red Hat Network Satellite (v. 5.5 for RHEL 5) Red Hat Network Satellite (v. 5.5 for RHEL 6) ABSTRACT: The system does not properly validate all Inter-Satellite Sync operations REFERENCE LINKS: SecurityTracker Alert ID: 1028587 RHSA-2013:0848-1 CVE-2013-2056 IMPACT ASSESSMENT: Medium DISCUSSION: It was discovered that Red Hat Network Satellite did not fully check the

180

V-068: Citrix CloudPlatform Logs Potentially Sensitive Information in the  

Broader source: Energy.gov (indexed) [DOE]

8: Citrix CloudPlatform Logs Potentially Sensitive Information 8: Citrix CloudPlatform Logs Potentially Sensitive Information in the Log File V-068: Citrix CloudPlatform Logs Potentially Sensitive Information in the Log File January 14, 2013 - 12:15am Addthis PROBLEM: Citrix CloudPlatform Logs Potentially Sensitive Information in the Log File PLATFORM: Citrix CloudStack and CloudPlatform up to and including 3.0.5. ABSTRACT: A vulnerability was reported in Citrix CloudPlatform. REFERENCE LINKS: Document ID: CTX136163 SecurityTracker Alert ID: 1027978 CVE-2012-5616 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability has been identified in Citrix CloudPlatform, formerly known as Citrix CloudStack, that could result in security-sensitive information being logged during the normal operation of the CloudPlatform server. IMPACT:

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

5: Cisco Mobility Services Engine Configuration Error Lets 5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously September 5, 2013 - 12:33am Addthis PROBLEM: A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously. PLATFORM: Cisco Mobility Services Engine ABSTRACT: A vulnerability in Cisco Mobility Services Engine could allow an unauthenticated, remote attacker to connect to a database replication port anonymously via Secure Sockets Layer (SSL). REFERENCE LINKS: SecurityTracker Alert ID: 1028972 CVE-2013-3469 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is due to the misconfiguration of the Oracle SSL service. An attacker could exploit this vulnerability by connecting to an

182

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

7: Adobe InDesign Server SOAP Interface Lets Remote Users 7: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands November 19, 2012 - 2:30am Addthis PROBLEM: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands PLATFORM: CS5.5 7.5.0.142; possibly other versions ABSTRACT: Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability REFERENCE LINKS: Secunia Advisory SA48572 SecurityTracker Alert ID: 1027783 Adobe IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system. A remote user can send a specially crafted "RunScript" SOAP message to

183

V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets  

Broader source: Energy.gov (indexed) [DOE]

8: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw 8: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code December 31, 2012 - 6:58am Addthis PROBLEM: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 6, 7, 8 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027930 Secunia Advisory SA51695 CVE-2012-4792 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary

184

V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

5: Google Chrome Multiple Flaws Let Remote Users Execute 5: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code November 28, 2012 - 1:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 23.0.1271.91 ABSTRACT: Several vulnerabilities were reported in Google Chrome. REFERENCE LINKS: Release updates from the Chrome team SecurityTracker Alert ID: 1027815 Secunia Advisory SA51437 CVE-2012-5130 CVE-2012-5131 CVE-2012-5132 CVE-2012-5133 CVE-2012-5134 CVE-2012-5135 CVE-2012-5136 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted content that, when loaded by the

185

V-117: Symantec Enterprise Vault for File System Archiving Unquoted Search  

Broader source: Energy.gov (indexed) [DOE]

7: Symantec Enterprise Vault for File System Archiving Unquoted 7: Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges V-117: Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges March 22, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Symantec Enterprise Vault PLATFORM: Versions prior to Enterprise Vault 9.0.4 and 10.0.1 are vulnerable. ABSTRACT: Symantec Enterprise Vault (EV) for File System Archiving has an unquoted search path in the File Collector and File PlaceHolder services REFERENCE LINKS: SecurityTracker Alert ID: 1028330 Symantec Security Advisories SYM13-003 SecurityFocus ID: 58617 CVE-2013-1609 IMPACT ASSESSMENT: Medium DISCUSSION: This could potentially allow an authorized but non-privileged local user to

186

V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

8: Splunk Web Input Validation Flaw Permits Cross-Site 8: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks May 31, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Splunk Web PLATFORM: Version(s) prior to 5.0.3 ABSTRACT: A reflected cross-site scripting vulnerability was identified in Splunk Web REFERENCE LINKS: SecurityTracker Alert ID: 1028605 Splunk Security Advisory SPL-59895 CVE-2012-6447 IMPACT ASSESSMENT: Medium DISCUSSION: The web interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will

187

T-643: HP OpenView Storage Data Protector Unspecified Code Execution  

Broader source: Energy.gov (indexed) [DOE]

643: HP OpenView Storage Data Protector Unspecified Code 643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability June 9, 2011 - 3:45pm Addthis PROBLEM: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability PLATFORM: Versions 6.0, 6.10, and 6.11 running on HP-UX, Solaris, Linux and Windows. ABSTRACT: A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Secunia Advisory SA44884 CVE-2011-1864 SecurityTracker Alert ID: 1025620 HP Document ID: c02712867 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system.

188

V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw  

Broader source: Energy.gov (indexed) [DOE]

3: IBM Tivoli Federated Identity Manager Signature Verification 3: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes January 21, 2013 - 12:15am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes PLATFORM: Tivoli Federated Identity Manager versions 6.2.0, 6.2.1, 6.2.2 ABSTRACT: A vulnerability was reported in IBM Tivoli Federated Identity Manager. REFERENCE LINKS: IBM Security Bulletin: 1615744 SecurityTracker Alert ID: 1028011 CVE-2012-6359 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not check that all attributes have been signed. A remote user with the ability to conduct a man-in-the-middle attack can modify

189

U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

57: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 57: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe ColdFusion is prone to a remote denial-of-service vulnerability. reference LINKS: Adobe Security bulletins and advisories Adobe Vulnerability identifier: APSB12-21 SecurityTracker Alert ID: 1027516 Bugtraq ID: 55499 CVE-2012-2048 IMPACT ASSESSMENT: Medium Discussion: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which

190

V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

2: EMC NetWorker Module for Microsoft Applications Lets Remote 2: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords October 15, 2012 - 6:00am Addthis PROBLEM: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords PLATFORM: EMC NetWorker Module for Microsoft Applications 2.2.1, 2.3 prior to build 122, 2.4 prior to build 375 ABSTRACT: EMC NetWorker Module for Microsoft Applications Two Vulnerabilities REFERENCE LINKS: EMC Identifier: ESA-2012-025 Secunia Advisory SA50957 SecurityTracker Alert ID: 1027647 CVE-2012-2284 CVE-2012-2290 IMPACT ASSESSMENT: Medium DISCUSSION:

191

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

4: HP Network Node Manager i Input Validation Hole Permits 4: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

192

V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets  

Broader source: Energy.gov (indexed) [DOE]

1: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support 1: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information October 26, 2012 - 6:00am Addthis PROBLEM: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information PLATFORM: Software version: 6.2.3, 6.2.3.1 ABSTRACT: A vulnerability was reported in IBM Tivoli Monitoring. REFERENCE LINKS: IBM Support Document: 1614003 IBM Support Portal SecurityTracker Alert ID: 1027692 IMPACT ASSESSMENT: High DISCUSSION: A remote user may be able to conduct HTTP TRACE and HTTP TRACK attacks to access sensitive information from the HTTP headers.

193

V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information  

Broader source: Energy.gov (indexed) [DOE]

6: HP Service Manager Bugs Permit Cross-Site Scripting and 6: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks May 1, 2013 - 12:43am Addthis PROBLEM: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks PLATFORM: Service Manager v9.31 Web Tier ABSTRACT: Two vulnerabilities were reported in HP Service Manager REFERENCE LINKS: HP Document ID: c03748875 SecurityTracker Alert ID: 1028496 CVE-2012-5222 CVE-2013-2321 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can obtain potentially sensitive information [CVE-2012-5222]. Service Manager Web Tier does not properly filter HTML code from user-supplied input before displaying the input [CVE-2013-2321]. A remote

194

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Broader source: Energy.gov (indexed) [DOE]

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

195

T-623: HP Business Availability Center Input Validation Hole Permits  

Broader source: Energy.gov (indexed) [DOE]

3: HP Business Availability Center Input Validation Hole 3: HP Business Availability Center Input Validation Hole Permits Cross-Site Scripting Attacks T-623: HP Business Availability Center Input Validation Hole Permits Cross-Site Scripting Attacks May 16, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in HP Business Availability Center. A remote user can conduct cross-site scripting attacks. PLATFORM: HP Business Availability Center software 8.06 and prior versions ABSTRACT: The software does not properly filter HTML code from user-supplied input before displaying the input. reference LINKS: SecurityTracker Alert ID:1025535 HP Knowledge Base CVE-2011-1856 Secunia ID: SA44569 HP Document ID:c02823184 | ESB-2011.0525 IMPACT ASSESSMENT: High Discussion: A remote user can cause arbitrary scripting code to be executed by the

196

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

197

U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

79: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute 79: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code January 11, 2012 - 8:00am Addthis PROBLEM: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat/Reader Version(s): 9.x prior to 9.5, 10.x prior to 10.1.2 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026496 Adobe Security Bulletin APSB12-01 CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373. IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Adobe Acrobat/Reader. A remote

198

T-703: Cisco Unified Communications Manager Open Query Interface Lets  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

703: Cisco Unified Communications Manager Open Query Interface 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5 ABSTRACT: A remote user can obtain database contents, including authentication credentials. reference LINKS: SecurityTracker Alert ID: 1025971 Cisco Document ID: 113190 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents. A remote user can access an open

199

U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

8: HP LaserJet Printers Unspecified Flaw Lets Remote Users 8: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code November 30, 2011 - 8:15am Addthis PROBLEM: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code . PLATFORM: HP LaserJet Printers manufactured prior to 2009 ABSTRACT A remote user can upgrade the printer's firmware with arbitrary code. reference LINKS: SecurityTracker Alert ID:1026357 HP Security for Imaging and Printing HP Clarifies on Printer Security IMPACT ASSESSMENT: Low Discussion: A vulnerability was reported in some HP LaserJet Printers. A remote user can update the firmware with arbitrary code. A remote user can send a specially crafted print job or specially crafted data to the

200

U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct  

Broader source: Energy.gov (indexed) [DOE]

21: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, 21: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information March 9, 2012 - 7:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Apple iOS Version(s): prior to 5.1 ABSTRACT: Multiple vulnerabilities were reported in Apple iOS. reference LINKS: SecurityTracker Alert ID: 1026774 Apple Security Updates About the security content of iOS 5.1 Software Update CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644,

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

U-092: Sudo Format String Bug Lets Local Users Gain Elevated Privileges |  

Broader source: Energy.gov (indexed) [DOE]

2: Sudo Format String Bug Lets Local Users Gain Elevated 2: Sudo Format String Bug Lets Local Users Gain Elevated Privileges U-092: Sudo Format String Bug Lets Local Users Gain Elevated Privileges January 31, 2012 - 5:45am Addthis PROBLEM: A vulnerability was reported in Sudo. A local user can obtain elevated privileges on the target system. PLATFORM: Linux (Any) Version(s): 1.8.0 - 1.8.3p1 ABSTRACT: A local user can supply a specially crafted command line argument to trigger a format string flaw and execute arbitrary commands on the target system with root privileges. reference LINKS: CVE-2012-0809 SecurityTracker Alert ID: 1026600 Vendor Site IMPACT ASSESSMENT: Medium Discussion: The vulnerability resides in the sudo_debug() function in 'src/sudo.c'. This can be exploited by local users, regardless of whether they are listed

202

V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

0: VLC Media Player Buffer Overflow in HTML Subtitle Parser 0: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code January 2, 2013 - 1:00am Addthis PROBLEM: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code PLATFORM: VLC Media Player 2.0.4, possibly earlier versions ABSTRACT: Some vulnerabilities have been reported in VLC Media Player REFERENCE LINKS: SecurityTracker Alert ID: 1027929 Secunia Advisory SA51692 IMPACT ASSESSMENT: Medium DISCUSSION: Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors when parsing HTML subtitles in

203

U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users 131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code March 22, 2012 - 3:47am Addthis PROBLEM: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Photoshop CS5 12.x ABSTRACT: Successful exploitation may allow execution of arbitrary code reference LINKS: SecurityTracker Alert ID: 1026831 Secunia Advisory: SA48457 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted TIFF file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target

204

V-220: Juniper Security Threat Response Manager Lets Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

0: Juniper Security Threat Response Manager Lets Remote 0: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands August 17, 2013 - 4:01am Addthis PROBLEM: A remote authenticated user can execute arbitrary commands on the target system. PLATFORM: 2010.0, 2012.0, 2012.1, 2013.1 ABSTRACT: A vulnerability was reported in Juniper Security Threat Response Manager (STRM) REFERENCE LINKS: SecurityTracker Alert ID: 1028921 CVE-2013-2970 IMPACT ASSESSMENT: High DISCUSSION: A remote authenticated user can inject commands to execute arbitrary operating system commands with the privileges of the target web service. This can be exploited to gain shell access on the target device.

205

U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject  

Broader source: Energy.gov (indexed) [DOE]

6: Cisco Small Business SRP500 Series Bug Lets Remote Users 6: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands November 3, 2011 - 8:15am Addthis PROBLEM: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands. PLATFORM: The following models are affected when running firmware prior to version 1.1.24: Cisco SRP521W Cisco SRP526W Cisco SRP527W The following models are affected when running firmware prior to version 1.2.1: Cisco SRP541W Cisco SRP546W Cisco SRP547W ABSTRACT: A remote user can create a URL that, when loaded by the target authenticated administrative user, will execute arbitrary commands on the target system. reference LINKS: Advisory ID: cisco-sa-20111102-srp500 SecurityTracker Alert ID: 1026266

206

V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

3: Symantec PGP Desktop Buffer Overflows Let Local Users Gain 3: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges February 18, 2013 - 12:53am Addthis PROBLEM: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges PLATFORM: Symantec PGP Desktop 10.2.x,10.1.x,10.0.x Symantec Encryption Desktop 10.3.0 ABSTRACT: Two vulnerabilities were reported in Symantec PGP Desktop. REFERENCE LINKS: Symantec Security Advisory SYM13-001 Bugtraq ID: 57170 SecurityTracker Alert ID: 1028145 CVE-2012-4351 CVE-2012-4352 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can trigger an integer overflow in 'pgpwded.sys' to execute arbitrary code on the target system [CVE-2012-4351]. On Windows XP and Windows Sever 2003, a local user can trigger a buffer

207

T-713: Blue Coat Reporter Directory Traversal Flaw | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

3: Blue Coat Reporter Directory Traversal Flaw 3: Blue Coat Reporter Directory Traversal Flaw T-713: Blue Coat Reporter Directory Traversal Flaw September 9, 2011 - 10:47am Addthis PROBLEM: A vulnerability was reported in Blue Coat Reporter. A remote user can view files on the target system and gain full control of the target application. PLATFORM: All pre-9.3 versions of Reporter installed on a Windows server are vulnerable. ABSTRACT: Blue Coat Reporter Directory Traversal Flaw Lets Remote Users Gain Full Control. reference LINKS: Blue Coat Security Advisory ID: SA60 SecurityTracker Alert ID: 1026023 About Path Traversal IMPACT ASSESSMENT: High Discussion: Reporter installed on a Windows server is vulnerable to an HTTP directory traversal attack. An unauthenticated user can browse the file system and read any file. Data from these files can be used by an attacker to gain

208

U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users  

Broader source: Energy.gov (indexed) [DOE]

5: WebCalendar Access Control and File Inclusion Bugs Let 5: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code April 25, 2012 - 7:00am Addthis PROBLEM: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code PLATFORM: 1.2.4 and prior versions ABSTRACT: Two vulnerabilities were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system. reference links: SecurityTracker Alert ID: 1026966 CVE-2012-1495 CVE-2012-1496 IMPACT ASSESSMENT: Medium Discussion: A remote user can access '/install/index.php' to potentially modify '/includes/settings/' with arbitrary values or PHP code. A remote

209

U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic | Department of  

Broader source: Energy.gov (indexed) [DOE]

91: cURL Lets Remote Users Decrypt SSL/TLS Traffic 91: cURL Lets Remote Users Decrypt SSL/TLS Traffic U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic January 30, 2012 - 6:45am Addthis PROBLEM: A vulnerability was reported in cURL. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) : Version(s): 7.10.6 through 7.23.1 ABSTRACT: A remote user can decrypt SSL/TLS sessions in certain cases. reference LINKS: CVE-2011-3389 SecurityTracker Alert ID: 1026587 Vendor Advisory IMPACT ASSESSMENT: Moderate Discussion: A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions. The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows

210

T-603: Mac OS X Includes Some Invalid Comodo Certificates | Department of  

Broader source: Energy.gov (indexed) [DOE]

03: Mac OS X Includes Some Invalid Comodo Certificates 03: Mac OS X Includes Some Invalid Comodo Certificates T-603: Mac OS X Includes Some Invalid Comodo Certificates April 15, 2011 - 1:46am Addthis PROBLEM: Mac OS X Includes Some Invalid Comodo Certificates PLATFORM: For Mac OS X Server v10.5.8, Mac OS X v10.5.8, Mac OS X v10.6.7 and Mac OS X Server v10.6.7 ABSTRACT: The operating system includes some invalid certificates. The vulnerability is due to the invalid certificates and not the operating system itself. Other browsers, applications, and operating systems are affected. reference LINKS: SecurityTracker Alert ID: 1025362 APPLE-SA-2011-04-14-4 Security Update 2011-002 Apple Support Downloads IMPACT ASSESSMENT: High Discussion: A partner of Comodo with Registration Authority capabilities suffered an internal security breach and the attacker caused seven certificates to be

211

V-128: Xen Event Channel Tracking Pointer Bug Local Privilege Escalation |  

Broader source: Energy.gov (indexed) [DOE]

8: Xen Event Channel Tracking Pointer Bug Local Privilege 8: Xen Event Channel Tracking Pointer Bug Local Privilege Escalation V-128: Xen Event Channel Tracking Pointer Bug Local Privilege Escalation April 8, 2013 - 12:28am Addthis PLATFORM: Version(s): 3.2 and later ABSTRACT: A vulnerability was reported in Xen. REFERENCE LINKS: SecurityTracker Alert ID: 1028388 CVE-2013-1920 IMPACT ASSESSMENT: Medium DISCUSSION: A local user with kernel level privileges on the guest operating system can exploit a memory pointer error when the hypervisor is under memory pressure and Xen Security Module (XSM) is enabled to execute arbitrary code on the target host system IMPACT: A local user on the guest operating system can obtain elevated privileges on the target host system. SOLUTION: The vendor has issued a fix (xsa47-4.1.patch, xsa47-4.2-unstable.patch).

212

U-252: Barracuda Web Filter Input Validation Flaws Permit Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

2: Barracuda Web Filter Input Validation Flaws Permit 2: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks U-252: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks September 6, 2012 - 6:00am Addthis PROBLEM: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks PLATFORM: Barracuda Web Filter 5.0.015 is vulnerable; other versions may also be affected. ABSTRACT: Barracuda Web Filter Authentication Module Multiple HTML Injection Vulnerabilities reference LINKS: Barracuda Networks Barracuda Networks Security ID: BNSEC-279/BNYF-5533 SecurityTracker Alert ID: 1027500 Bugtraq ID: 55394 seclists.org IMPACT ASSESSMENT: Medium Discussion: Two scripts not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to

213

V-037: Wireshark Multiple Bugs Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

7: Wireshark Multiple Bugs Let Remote Users Deny Service 7: Wireshark Multiple Bugs Let Remote Users Deny Service V-037: Wireshark Multiple Bugs Let Remote Users Deny Service November 30, 2012 - 3:30am Addthis PROBLEM: Wireshark Multiple Bugs Let Remote Users Deny Service PLATFORM: Version(s): prior to 1.6.12, 1.8.4 ABSTRACT: Several vulnerabilities were reported in Wireshark. REFERENCE LINKS: Wireshark Security Advisories Secunia Advisory SA51422 Seclists SecurityTracker Alert ID: 1027822 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 IMPACT ASSESSMENT: Medium DISCUSSION: Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions. A user can obtain potentially sensitive information.

214

T-651: Blue Coat ProxySG Discloses Potentially Sensitive Information in  

Broader source: Energy.gov (indexed) [DOE]

51: Blue Coat ProxySG Discloses Potentially Sensitive 51: Blue Coat ProxySG Discloses Potentially Sensitive Information in Core Files T-651: Blue Coat ProxySG Discloses Potentially Sensitive Information in Core Files June 21, 2011 - 3:28pm Addthis PROBLEM: Core files produced by ProxySG include unencrypted sensitive data such as keys and end user authentication data. PLATFORM: Version(s): 6.1, 6.2 ABSTRACT: A vulnerability was reported in Blue Coat ProxySG. A local user can obtain potentially sensitive information. reference LINKS: SecurityTracker Alert ID: 1025679 Security Advisories ID: SA56 ProxySG SA56 TSL ID: TSL20110614-02 IM PACT ASSESSMENT: High Discussion: In version 6.1 and 6.2, the software includes information from the secure heap when writing core files. A user with access to the core file can obtain potentially sensitive information, including keys and HTTP

215

U-263: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

3: Trend Micro InterScan Messaging Security Flaws Permit 3: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks U-263: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks September 19, 2012 - 6:00am Addthis PROBLEM: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks PLATFORM: 7.1-Build_Win32_1394; possibly other versions ABSTRACT: A vulnerability was reported in Trend Micro InterScan Messaging Security. reference LINKS: US CERT Vulnerability Note VU#471364 SecurityTracker Alert ID: 1027544 CVE-2012-2995 CVE-2012-2996 Micro Trend IMPACT ASSESSMENT: Medium Discussion: Several scripts do not properly filter HTML code from user-supplied input

216

U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially  

Broader source: Energy.gov (indexed) [DOE]

3: PHP Command Parameter Bug Lets Remote Users Obtain 3: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code May 7, 2012 - 7:00am Addthis PROBLEM: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code PLATFORM: Prior to 5.3.12 and 5.4.2 ABSTRACT: A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1027022 CVE-2012-1823 CVE-2012-2311 IMPACT ASSESSMENT: High Discussion: A remote user can submit a specially crafted request containing a command

217

V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

1: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 1: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks June 5, 2013 - 1:05am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks PLATFORM: Apple Safari prior to 6.0.5 ABSTRACT: Several vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple Article: HT5785 SecurityTracker Alert ID: 1028627 CVE-2013-0926 CVE-2013-1009 CVE-2013-1012 CVE-2013-1013 CVE-2013-1023 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary

218

V-139: Cisco Network Admission Control Input Validation Flaw Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco Network Admission Control Input Validation Flaw Lets 9: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands V-139: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands April 21, 2013 - 11:50pm Addthis PROBLEM: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands PLATFORM: Cisco NAC Manager versions prior to 4.8.3.1 and 4.9.2 ABSTRACT: A vulnerability was reported in Cisco Network Admission Control. REFERENCE LINKS: SecurityTracker Alert ID: 1028451 Cisco Advisory ID: cisco-sa-20130417-nac CVE-2013-1177 IMPACT ASSESSMENT: High DISCUSSION: The Cisco Network Admission Control (NAC) Manager does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

219

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

5: HP IBRIX X9000 Storage Discloses Information to Remote Users 5: HP IBRIX X9000 Storage Discloses Information to Remote Users U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users October 5, 2012 - 6:00am Addthis PROBLEM: HP IBRIX X9000 Storage Discloses Information to Remote Users PLATFORM: Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251 ABSTRACT: A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information. reference LINKS: HP Security Bulletin: c03510876 SecurityTracker Alert ID: 1027590 CVE-2012-3266 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the

220

V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local  

Broader source: Energy.gov (indexed) [DOE]

4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets 4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges April 15, 2013 - 1:30am Addthis PROBLEM: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges PLATFORM: Cisco AnyConnect Secure Mobility Client Cisco Secure Desktop ABSTRACT: Some vulnerabilities were reported in Cisco AnyConnect Secure Mobility Client. REFERENCE LINKS: Cisco Security Notice CVE-2013-1172 Cisco Security Notice CVE-2013-1173 SecurityTracker Alert ID: 1028425 CVE-2013-1172 CVE-2013-1173 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can trigger a heap overflow in the Cisco Host Scan component to execute arbitrary code on the target system with System privileges

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

U-144:Juniper Secure Access Input Validation Flaw Permits Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

4:Juniper Secure Access Input Validation Flaw Permits 4:Juniper Secure Access Input Validation Flaw Permits Cross-Site Scripting Attacks U-144:Juniper Secure Access Input Validation Flaw Permits Cross-Site Scripting Attacks April 10, 2012 - 7:30am Addthis PROBLEM: A vulnerability was reported in Juniper Secure Access/Instant Virtual Extranet (IVE). A remote user can conduct cross-site scripting attacks. PLATFORM: Version(s): prior to 7.0R9 and 7.1R ABSTRACT: The VPN management interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. reference LINKS: Vendor URL SecurityTracker Alert ID: 1026893 IMPACT ASSESSMENT: High Discussion: The code will originate from the interface and will run in the security

222

U-076: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and  

Broader source: Energy.gov (indexed) [DOE]

76: OpenSSL Bugs Let Remote Users Deny Service, Obtain 76: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code U-076: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code January 6, 2012 - 8:15am Addthis PROBLEM: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code PLATFORM: OpenSSL prior to 0.9.8s; 1.x prior to 1.0.0f ABSTRACT: A remote user may be able to execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1026485 OpenSSL Security Advisory IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can obtain sensitive information. A remote user may be able to execute arbitrary code on the

223

V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

5: Cisco ASA Multiple Bugs Let Remote Users Deny Service 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected versions of Cisco ASA Software will vary depending on the specific vulnerability. ABSTRACT: Several vulnerabilities were reported in Cisco ASA. REFERENCE LINKS: Cisco Security Advisory Secunia Advisory SA52989 SecurityTracker Alert ID: 1028415 CVE-2013-1149 CVE-2013-1150 CVE-2013-1151 CVE-2013-1152

224

T-606: Sun Java System Access Manager Lets Remote Users Partially Modify  

Broader source: Energy.gov (indexed) [DOE]

06: Sun Java System Access Manager Lets Remote Users Partially 06: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data April 20, 2011 - 3:58am Addthis PROBLEM: Two vulnerabilities were reported in Sun Java System Access Manager. A remote authenticated user can partially access data on the target system. A remote user can partially modify data on the target system. PLATFORM: Sun Java versions 7.1, 8.0 ABSTRACT: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data. reference LINKS: SecurityTracker Alert ID: 1025408 CVE-2011-0844 CVE-2011-0847 Oracle Critical Patch Update Advisory

225

V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site 0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information April 23, 2013 - 12:26am Addthis PROBLEM: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information PLATFORM: Apache ActiveMQ versions prior to 5.8.0 ABSTRACT: Several vulnerabilities were reported in Apache ActiveMQ. REFERENCE LINKS: Apache ActiveMQ SecurityTracker Alert ID: 1028457 CVE-2012-6092 CVE-2012-6551 CVE-2013-3060 IMPACT ASSESSMENT: High DISCUSSION: Several web demos do not properly filter HTML code from user-supplied input

226

T-701: Citrix Access Gateway Enterprise Edition Input Validation Flaw in  

Broader source: Energy.gov (indexed) [DOE]

1: Citrix Access Gateway Enterprise Edition Input Validation 1: Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks T-701: Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks August 25, 2011 - 3:33pm Addthis PROBLEM: A vulnerability was reported in Citrix Access Gateway Enterprise Edition. A remote user can conduct cross-site scripting attacks. PLATFORM: Citrix Access Gateway Enterprise Edition 9.2-49.8 and prior. Citrix Access Gateway Enterprise Edition version 9.3 is not affected by this vulnerability. ABSTRACT: Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks. reference LINKS: SecurityTracker Alert ID: 1025973 Citrix Document ID: CTX129971

227

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

4: Apache Traffic Server Host Header Processing Flaw Lets 4: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service March 27, 2012 - 7:00am Addthis PROBLEM: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service PLATFORM: Versions prior to 3.0.4 and 3.1.3 ABSTRACT: A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID: 1026847 CVE-2012-0256 Secunia Advisory SA48509 IMPACT ASSESSMENT: High Discussion: A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash. Impact: A remote user can cause the target service to crash.

228

T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the  

Broader source: Energy.gov (indexed) [DOE]

48: Avaya IP Office Manager TFTP Server Lets Remote Users 48: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory June 16, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Avaya IP Office Manager. A remote user can view files on the target system. PLATFORM: Versions 5.0.x - 6.1.x ABSTRACT: The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software. reference LINKS: ASA-2011-156 SecurityTracker Alert ID: 1025664 Secunia Advisory: SA43884 Avaya Support IMPACT ASSESSMENT: Medium Discussion: Avaya IP Office Manager is an application for viewing and editing an IP Office system's configuration. It can be used to securely connect to and

229

T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits  

Broader source: Energy.gov (indexed) [DOE]

70: Skype Input Validation Flaw in 'mobile phone' Profile Entry 70: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks July 18, 2011 - 7:09am Addthis PROBLEM: A vulnerability was reported in Skype. A remote user can conduct cross-site scripting attacks. PLATFORM: 5.3.0.120 and prior versions ABSTRACT: The software does not properly filter HTML code from user-supplied input in the The "mobile phone" profile entry before displaying the input. reference LINKS: SecurityTracker Alert ID: 1025789 Skype Security Advisory KoreSecure News H Security ID: 1279864 IMPACT ASSESSMENT: High Discussion: Skype suffers from a persistent Cross-Site Scripting vulnerability due to a lack of input validation and output sanitization of the "mobile phone"

230

V-036: EMC Smarts Network Configuration Manager Database Authentication  

Broader source: Energy.gov (indexed) [DOE]

6: EMC Smarts Network Configuration Manager Database 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: EMC Identifier: ESA-2012-057 Secunia Advisory SA51408 SecurityTracker Alert ID: 1027812 CVE-2012-4614 CVE-2012-4615 IMPACT ASSESSMENT: Medium DISCUSSION: The systems uses a hard-coded key to encrypt authentication credentials on the target system [CVE-2012-4615]. A local user with knowledge of the key

231

U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe ColdFusion is prone to a remote denial-of-service vulnerability. reference LINKS: Adobe Security bulletins and advisories Adobe Vulnerability identifier: APSB12-21 SecurityTracker Alert ID: 1027516 Bugtraq ID: 55499 CVE-2012-2048 IMPACT ASSESSMENT: Medium Discussion: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which

232

U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users  

Broader source: Energy.gov (indexed) [DOE]

6: Adobe Shockwave Player Memory Corruption Flaws Let Remote 6: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code May 10, 2012 - 7:00am Addthis PROBLEM: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code PLATFORM: 11.6.4.634 and prior ABSTRACT: Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1027037 CVE-2012-2029 CVE-2012-2030 CVE-2012-2031 CVE-2012-2032 CVE-2012-2033 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Shockwave content that, when loaded by the target user, will trigger a memory corruption error and

233

V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote  

Broader source: Energy.gov (indexed) [DOE]

5: EMC AlphaStor Command Injection and Format String Flaws Let 5: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code January 23, 2013 - 12:26am Addthis PROBLEM: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code PLATFORM: EMC AlphaStor 4.0 prior to build 800 (All platforms) ABSTRACT: Two vulnerabilities were reported in EMC AlphaStor. REFERENCE LINKS: ESA-2013-008: SecurityTracker Alert ID: 1028020 Secunia Advisory SA51930 CVE-2013-0928 CVE-2013-0929 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send a specially crafted DCP run command to inject commands and cause the Device Manager (rrobotd.exe) to execute arbitrary code on the target system [CVE-2013-0928].

234

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Broader source: Energy.gov (indexed) [DOE]

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

235

U-027: RSA Key Manager Appliance Session Logout Bug Fails to Terminate  

Broader source: Energy.gov (indexed) [DOE]

7: RSA Key Manager Appliance Session Logout Bug Fails to 7: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions U-027: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions November 4, 2011 - 8:00am Addthis PROBLEM: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions. PLATFORM: RSA Key Manager Appliance 2.7 Service Pack 1 ABSTRACT: A remote authenticated user session may not terminate properly. reference LINKS: SecurityTracker Alert ID: 1026276 SecurityFocus Bug Traq Seclists: ESA-2011-035 CVE-2011-2740 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in RSA Key Manager Appliance. A remote authenticated user session may not terminate properly. When using Firefox 4 and 5, an authenticated user session is not terminated properly when logging out.

236

V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute 5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code January 9, 2013 - 12:10am Addthis PROBLEM: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.5.502.135 and earlier versions for Windows Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh Adobe Flash Player 11.2.202.258 and earlier versions for Linux Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. ABSTRACT: Security updates available for Adobe Flash Player REFERENCE LINKS: Adobe Security Bulletin APSB13-01 SecurityTracker Alert ID: 1027950

237

V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code December 13, 2012 - 3:30am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 11.5.502.110 and prior for Windows/Mac; 11.2.202.251 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-27 SecurityTracker Alert ID: 1027854 Secunia Advisory SA51560 RHSA-2012:1569-1 CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 IMPACT ASSESSMENT: High DISCUSSION: A buffer overflow can trigger code execution [CVE-2012-5676]. An integer overflow can trigger code execution [CVE-2012-5677]. A memory corruption flaw can trigger code execution [CVE-2012-5678].

238

V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery  

Broader source: Energy.gov (indexed) [DOE]

8: Cisco Wireless Lan Controller Cross-Site Request Forgery 8: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability December 17, 2012 - 1:00am Addthis PROBLEM: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability PLATFORM: Cisco Wireless LAN Controller (WLC) ABSTRACT: A vulnerability was reported in Cisco Wireless LAN Controller. REFERENCE LINKS: SecurityTracker Alert ID: 1027886 Secunia Advisory SA51546 CVE-2012-5991 CVE-2012-5992 CVE-2012-6007 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Cisco Wireless LAN Controller. A remote user can conduct cross-site request forgery attacks. A remote user can create specially crafted HTML that, when loaded by a target user, will cause arbitrary scripting code to be executed by the

239

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Broader source: Energy.gov (indexed) [DOE]

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

240

T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

7: BIND RPZ Processing Flaw Lets Remote Users Deny Service 7: BIND RPZ Processing Flaw Lets Remote Users Deny Service T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service May 6, 2011 - 7:00am Addthis PROBLEM: A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: ISC BIND version 9.8.0. ABSTRACT: When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash. REFERENCE LINKS: ISC Advisory: CVE-2011-1907 Secunia Advisory: SA44416 Vulnerability Report: ISC BIND CVE-2011-1907 SecurityTracker Alert ID: 1025503 IMPACT ASSESSMENT: High Discussion: This advisory only affects BIND users who are using the RPZ feature configured for RRset replacement. BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for modifying DNS responses returned by a

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

71: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets 71: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service January 17, 2013 - 12:00am Addthis PROBLEM: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service PLATFORM: The vulnerability is reported in versions 8.7.1 and 8.7.1.1. ABSTRACT: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall REFERENCE LINKS: Cisco Advisory ID: cisco-sa-20130116-asa1000v SecurityTracker Alert ID: 1028005 Secunia Advisory SA51897 CVE-2012-5419 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service).

242

T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute  

Broader source: Energy.gov (indexed) [DOE]

T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code September 1, 2011 - 12:00pm Addthis PROBLEM: gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. PLATFORM: Pidgin before 2.10.0 on Windows ABSTRACT: Pidgin bugs let remote users deny service and potentially execute arbitrary code. reference LINKS: CVE-2011-3185 CVE-2011-2943 CVE-2011-3184 SecurityTracker Alert ID: 1025961 Pidgin Security Advisories IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Pidgin. A remote user can cause denial of service conditions. A remote user can cause arbitrary code to be

243

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Broader source: Energy.gov (indexed) [DOE]

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

244

T-675: Apple Laptop Battery Interface Lets Local Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

3:15pm 3:15pm Addthis PROBLEM: A vulnerability was reported in the battery interface used in Apple laptop models. A local user can cause denial of service conditions. PLATFORM: Mac OS X ABSTRACT: Apple Laptop Battery Interface Lets Local Users Deny Service reference LINKS: SecurityTracker Alert ID: 1025831 Apple Article: HT1222 Forbes Article IMPACT ASSESSMENT: Medium Discussion: The battery microcontroller interfaces uses common API keys. A local user with knowledge of the keys can control the microcontroller functions. This can be exploited to prevent the battery from being charged, interfere with battery heat regulation, or cause the battery to stop functioning. Impact: A local user can prevent the battery from charging, interfere with the battery heat regulation, or cause the battery to become unusable. Modern

245

U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain  

Broader source: Energy.gov (indexed) [DOE]

0:HP Onboard Administrator Unspecified Flaw Lets Remote Users 0:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access October 13, 2011 - 8:15am Addthis PROBLEM: HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access PLATFORM: Onboard Administrator (OA) 3.21 through 3.31 ABSTRACT: A remote user can gain access to the target system reference LINKS: HP Support document ID: c03048779 SecurityTracker Alert ID: 1026158 CVE-2011-3155 IMPACT ASSESSMENT: Medium Discussion: A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely to gain unauthorized access. Impact: A remote user can gain access to the target system. Solution: Onboard Administrator (OA) v3.32 is available.

246

V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

2: Oracle Java Reflection API Flaw Lets Remote Users Execute 2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am Addthis PROBLEM: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 7 Update 21; possibly other versions (1.7.0_21-b11) Java Server JRE is also affected. ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: SecurityTracker Alert ID: 1028466 Oracle IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create a specially crafted Java application that, when loaded and approved by the target user, will trigger a flaw in the Reflection API to bypass the security sandbox. IMPACT: A remote user can create a Java file that, when loaded by the target user,

247

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Broader source: Energy.gov (indexed) [DOE]

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

248

U-059: Blackberry PlayBook File Sharing Option Lets Local Users Gain  

Broader source: Energy.gov (indexed) [DOE]

9: Blackberry PlayBook File Sharing Option Lets Local Users 9: Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges U-059: Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges December 13, 2011 - 6:00am Addthis PROBLEM: Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges. PLATFORM: BlackBerry PlayBook tablet software version 1.0.8.4985 and earlier ABSTRACT: A local user can obtain root privileges on the target tablet system. reference LINKS: SecurityTracker Alert ID:1026386 Vulnerability Summary for CVE-2011-0291 BlackBerry Technical Solution Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Blackberry PlayBook. A local user can obtain elevated privileges on the target system. On a tablet with File Sharing enabled and connected via USB to a system running BlackBerry

249

V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny  

Broader source: Energy.gov (indexed) [DOE]

8: Linux Kernel Extended Verification Module Bug Lets Local 8: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service February 25, 2013 - 12:12am Addthis PROBLEM: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service PLATFORM: The Linux Kernel prior to 3.7.5 ABSTRACT: A vulnerability was reported in the Linux Kernel. REFERENCE LINKS: The Linux Kernel Archives Linux Kernel Red Hat Bugzilla - Bug 913266 SecurityTracker Alert ID: 1028196 CVE-2013-0313 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can exploit a null pointer dereference in the evm_update_evmxattr() function in 'security/integrity/evm/evm_crypto.c' to cause the target system to crash. IMPACT: A local user can cause denial of service conditions.

250

U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA®  

Broader source: Energy.gov (indexed) [DOE]

7: RSA® Authentication Agent 7.1 for Microsoft Windows® and 7: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability September 25, 2012 - 6:00am Addthis PROBLEM: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability PLATFORM: Product: RSA Authentication Agent for Microsoft Windows version 7.1 Platforms: Windows XP and Windows 2003 Product: RSA Authentication Client 3.5 Platforms: Windows XP and Windows 2003 ABSTRACT: RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662

251

U-095: HP Data Protector Media Operations Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

5: HP Data Protector Media Operations Lets Remote Users Execute 5: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code U-095: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code February 3, 2012 - 1:33am Addthis PROBLEM: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code PLATFORM: Windows (2003, XP, 2008), HP Data Protector Media Operations version 6.11 and earlier ABSTRACT: Remote execution of arbitrary code reference LINKS: SecurityTracker Alert ID: 1026626 HP Support Center Document ID: c03179046 CVE-2011-4791 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP Data Protector Media Operations. A remote user can execute arbitrary code on the target system. Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. Impact:

252

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

253

U-047: Siemens Automation License Manager Bugs Let Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

7: Siemens Automation License Manager Bugs Let Remote Users 7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code November 29, 2011 - 9:00am Addthis PROBLEM: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code. PLATFORM: Siemens Automation License Manager 500.0.122.1 ABSTRACT: Several vulnerabilities were reported in Siemens Automation License Manager. reference LINKS: SecurityTracker Alert ID: 1026354 Bugtraq Siemens Advisory Services IMPACT ASSESSMENT: Medium Discussion: A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can send specially crafted *_licensekey commands to trigger a

254

V-198: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation  

Broader source: Energy.gov (indexed) [DOE]

8: Red Hat Enterprise MRG Messaging Qpid Python Certificate 8: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks V-198: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks July 12, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Red Hat Enterprise MRG Messaging. PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6) ABSTRACT: A remote user can conduct a man-in-the-middle attack to access potentially sensitive information REFERENCE LINKS: SecurityTracker Alert ID: 1028774 Redhat Advisory RHSA-2013:1024-1 CVE-2013-1909 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not properly validate the remote server's TLS/SSL certificates. A remote user can conduct a man-in-the-middle attack to

255

U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain  

Broader source: Energy.gov (indexed) [DOE]

0: Apple Remote Desktop Encryption Failure Lets Remote Users 0: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information August 21, 2012 - 7:00am Addthis PROBLEM: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information PLATFORM: Apple Remote Desktop after 3.5.1 and prior to 3.6.1 ABSTRACT: A remote user can monitor potentially sensitive information. reference LINKS: Apple.com Apple Article: HT5433 SecurityTracker Alert ID: 1027420 CVE-2012-0681 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apple Remote Desktop. When a user connects to a third-party VNC server with the 'Encrypt all network data' setting enabled, network data is not encrypted. A remote user monitoring the

256

U-051: Skype Discloses IP Addresses to Remote Users | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

51: Skype Discloses IP Addresses to Remote Users 51: Skype Discloses IP Addresses to Remote Users U-051: Skype Discloses IP Addresses to Remote Users December 5, 2011 - 7:00am Addthis PROBLEM: A remote user can determine the IP address of a Skype user. PLATFORM: Skype application ABSTRACT: Skype Discloses IP Addresses to Remote Users reference LINKS: SecurityTracker Alert ID: 1026370 Forbes: Skype Flaw IMPACT ASSESSMENT: High Discussion: A remote user can initiate a Skype call to a target user to determine the target user's IP address and then terminate the call before the target user's Skype application has indicated an incoming call. The remote user does not need to be on the target user's contact list. Armed with an IP address, hackers can uncover specific information about victims, including who they chat with, what they download while online, and

257

V-053: Adobe Shockwave player installs Xtras without prompting | Department  

Broader source: Energy.gov (indexed) [DOE]

3: Adobe Shockwave player installs Xtras without prompting 3: Adobe Shockwave player installs Xtras without prompting V-053: Adobe Shockwave player installs Xtras without prompting December 24, 2012 - 12:15am Addthis PROBLEM: Adobe Shockwave player installs Xtras without prompting PLATFORM: Adobe Shockwave Player ABSTRACT: A vulnerability was reported in Adobe Shockwave. REFERENCE LINKS: Vulnerability Note VU#519137 SecurityTracker Alert ID: 1027903 Bugtraq ID: 56972 CVE-2012-6271 IMPACT ASSESSMENT: Medium DISCUSSION: Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra. IMPACT: By convincing a user to view a specially crafted Shockwave content, an attacker may be able to execute arbitrary code with the privileges of the

258

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

34: Apache Traffic Server Host Header Processing Flaw Lets 34: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service March 27, 2012 - 7:00am Addthis PROBLEM: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service PLATFORM: Versions prior to 3.0.4 and 3.1.3 ABSTRACT: A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID: 1026847 CVE-2012-0256 Secunia Advisory SA48509 IMPACT ASSESSMENT: High Discussion: A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash. Impact: A remote user can cause the target service to crash.

259

V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users  

Broader source: Energy.gov (indexed) [DOE]

0: Apache VCL Input Validation Flaw Lets Remote Authenticated 0: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges May 7, 2013 - 12:01am Addthis PROBLEM: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges PLATFORM: Apache VCL Versions: 2.1, 2.2, 2.2.1, 2.3, 2.3.1 ABSTRACT: A vulnerability was reported in Apache VCL. REFERENCE LINKS: Apache Securelist SecurityTracker Alert ID: 1028515 CVE-2013-0267 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated administrative user with minimal administrative privileges (i.e., nodeAdmin, manageGroup, resourceGrant, or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges.

260

U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

33: Google Chrome Multiple Flaws Let Remote Users Execute 33: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 26, 2012 - 3:35am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 17.0.963.83 ABSTRACT: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026841 CVE-2011-3049 Secunia Advisory SA48512 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A use-after-free may occur

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request  

Broader source: Energy.gov (indexed) [DOE]

6: WordPress Flaws Permit Cross-Site Scripting, Cross-Site 6: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks July 6, 2012 - 7:00am Addthis PROBLEM: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks PLATFORM: Version(s): prior to 3.4.1 ABSTRACT: Several vulnerabilities were reported in WordPress. A remote authenticated user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information. reference LINKS: The Vendor's Advisory WordPress 3.4.1 Maintenance and Security Release SecurityTracker Alert ID: 1027219

262

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

263

U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject  

Broader source: Energy.gov (indexed) [DOE]

19: Symantec Web Gateway Input Validation Flaws Lets Remote 19: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords July 24, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords PLATFORM: Symantec Web Gateway 5.0.x.x ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. REFERENCE LINKS: Security Advisories Relating to Symantec Products SecurityTracker Alert ID: 1027289 Bugtraq ID: 54424 Bugtraq ID: 54425 Bugtraq ID: 54426 Bugtraq ID: 54427 Bugtraq ID: 54429 Bugtraq ID: 54430

264

U-075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute  

Broader source: Energy.gov (indexed) [DOE]

075: Apache Struts Bug Lets Remote Users Overwrite Files and 075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code U-075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code January 5, 2012 - 8:15am Addthis PROBLEM: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code PLATFORM: Version(s): 2.1.0 - 2.3.1 ABSTRACT: A remote user can execute arbitrary Java code on the target system. reference LINKS: SecurityTracker Alert ID: 1026484 Secunia Advisory SA47393 Bugtraq ID: 51257 Apache Struts 2 Documentation S2-008 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache Struts. A remote user can execute arbitrary Java code on the target system. A remote user can overwrite arbitrary files on the target system. A remote user can send specially

265

T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing  

Broader source: Energy.gov (indexed) [DOE]

8: Red Hat Enterprise Virtualization Hypervisor VLAN Packet 8: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service July 28, 2011 - 3:47pm Addthis PROBLEM: A vulnerability was reported in Red Hat Enterprise Virtualization Hypervisor. A remote user can cause denial of service conditions. PLATFORM: Red Hat Enterprise Virtualization-hypervisor package. ABSTRACT: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service. reference LINKS: RHSA-2011:1090-1 SecurityTracker Alert ID: 1025853 CVE-2011-1576 RHBA-2011:1068-1,Hypervisor is based on KVM - Bug Fix Advisory IMPACT ASSESSMENT: Medium Discussion: A flaw was found that allowed napi_reuse_skb() to be called on VLAN

266

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Broader source: Energy.gov (indexed) [DOE]

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

267

U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

9: HP Network Node Manager i Input Validation Flaw Permits 9: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks August 7, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: HP Network Node Manager I (NNMi) v8.x, v9.0x, v9.1x, v9.20 for HP-UX, Linux, Solaris, and Windows ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Reference LINKS: HP Document ID: c03405705 SecurityTracker Alert ID: 1027345 Bugtraq ID: 54815 CVE-2012-2022 IMPACT ASSESSMENT:

268

V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary 6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2012 - 6:00am Addthis PROBLEM: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: CA ARCserve Backup for Windows r12.5, r15, r16 ABSTRACT: Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. REFERENCE LINKS: SecurityTracker Alert ID: 1027683 CA Technologies Support CVE-2012-2971 CVE-2012-2972 IMPACT ASSESSMENT: High DISCUSSION: A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the

269

V-030: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

30: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 30: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service V-030: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service November 21, 2012 - 3:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10 Update 1 and above for Windows ABSTRACT: Adobe ColdFusion Denial of Service Vulnerability REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-25 SecurityTracker Alert ID: 1027787 Secunia Advisory SA51335 CVE-2012-5674 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in Adobe ColdFusion. A remote user can cause denial of service conditions. A remote user can send specially crafted data to cause unspecified denial of service conditions on the target ColdFusion service on Windows Internet

270

U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

3: Google Chrome Multiple Flaws Let Remote Users Execute 3: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code April 9, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 18.0.1025.151 ABSTRACT: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026892 CVE-2011-3066 Secunia Advisory SA48732 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. An out-of-bounds memory

271

T-683:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

83:Google Chrome Multiple Flaws Let Remote Users Execute 83:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-683:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code August 3, 2011 - 3:45pm Addthis PROBLEM: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Google Chrome prior to 13.0.782.107 ABSTRACT: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: Google Chrome advisory Update Chromium Security SecurityTracker Alert ID: 1025882 CVE-2011-2819 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

272

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

273

V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users 5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service August 23, 2013 - 1:26am Addthis PROBLEM: A vulnerability was reported in McAfee Email Gateway. A remote user can cause denial of service conditions. PLATFORM: McAfee Email Gateway (MEG) 7.5 ABSTRACT: A remote user can cause the SMTP proxy to stop responding. REFERENCE LINKS: SecurityTracker Alert ID: 1028941 GENERIC-MAP-NOMATCH IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in McAfee Email Gateway. A remote user can cause denial of service conditions.A remote user can send a specially crafted e-mail to cause the ws_inv-smtp process to enter an infinite loop and cause the target SMTP proxy to stop responding.

274

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

275

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Broader source: Energy.gov (indexed) [DOE]

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

276

U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets  

Broader source: Energy.gov (indexed) [DOE]

3: libvirt virTypedParameterArrayClear() Memory Access Error 3: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service August 24, 2012 - 7:00am Addthis PROBLEM: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service PLATFORM: Version(s): 0.9.13 and prior ABSTRACT: A vulnerability was reported in libvirt. reference LINKS: libvirt SecurityTracker Alert ID: 1027437 Secunia Advisory SA50118 Bugtraq ID: 54748 CVE-2012-3445 IMPACT ASSESSMENT: Medium Discussion A remote user can send a specially crafted RPC call with the number of parameters set to zero to libvirtd to trigger a memory access error in virTypedParameterArrayClear() and cause the target service to crash. Impact:

277

U-045: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

5: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny 5: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service U-045: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service November 25, 2011 - 9:00am Addthis PROBLEM: A vulnerability was reported in the Windows Kernel. A local user can cause denial of service conditions. PLATFORM: Windows Win32k.sys ABSTRACT: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny reference LINKS: SecurityTracker Alert ID: 1026347 Secunia ID: SA46919 IMPACT ASSESSMENT: Low Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an indexing error in the win32k.sys driver when loading a keyboard layout file. This can be exploited to access

278

U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow  

Broader source: Energy.gov (indexed) [DOE]

1: Novell GroupWise Internet Agent "Content-Length" Integer 1: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability September 17, 2012 - 6:00am Addthis PROBLEM: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability PLATFORM: The vulnerability is confirmed in version 8.0.2 HP3 and reported in version 2012. Other versions may also be affected. ABSTRACT: A vulnerability was reported in Novell GroupWise Internet Agent reference LINKS: Novell SecurityTracker Alert ID: 1027536 Secunia Advisory SA50622 CVE-2012-0271 IMPACT ASSESSMENT: Medium Discussion: A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via

279

V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP  

Broader source: Energy.gov (indexed) [DOE]

4: RSA Authentication Manager Writes Operating System, SNMP, 4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files June 10, 2013 - 12:47am Addthis PROBLEM: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files PLATFORM: RSA Authentication Manager 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: RSA SecurityTracker Alert ID: 1028638 CVE-2013-0947 IMPACT ASSESSMENT: Medium DISCUSSION: The system may write operating system, SNMP, and HTTP plug-in proxy passwords in clear text to log and configuration files. IMPACT: A local user can obtain operating system, SNMP, and HTTP plug-in proxy

280

V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 6.0.3 ABSTRACT: Two vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple security update, Article: HT1222 SecurityTracker Alert ID: 1028292 CVE-2013-0960 CVE-2013-0961 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. IMPACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

V-193: Barracuda SSL VPN Input Validation Hole Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

93: Barracuda SSL VPN Input Validation Hole Permits Cross-Site 93: Barracuda SSL VPN Input Validation Hole Permits Cross-Site Scripting Attacks V-193: Barracuda SSL VPN Input Validation Hole Permits Cross-Site Scripting Attacks July 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Barracuda SSL VPN PLATFORM: Version(s) prior to 2.3.3.216 ABSTRACT: Several scripts do not properly filter HTML code from user-supplied input before displaying the input via several parameters REFERENCE LINKS: SecurityTracker Alert ID: 1028736 Barracuda SSL VPN Release Notes Zero Science Lab IMPACT ASSESSMENT: Medium DISCUSSION: The code will originate from the Barracuda SSL VPN interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if

282

U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code 136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code March 29, 2012 - 7:00am Addthis PROBLEM: Adobe Flash Player Lets Remote Users Execute Arbitrary Code PLATFORM: 11.1.102.63 and prior versions ABSTRACT: Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. rEFERENCE LINKS: SecurityTracker Alert ID: 1026859 CVE-2012-0772 Security update available for Adobe Flash Player IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A memory corruption

283

T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

0: HP Diagnostics Input Validation Hole Permits Cross-Site 0: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks March 29, 2011 - 3:05pm Addthis PROBLEM: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: HP Diagnostics software: version(s) 7.5, 8.0 prior to 8.05.54.225 ABSTRACT: A potential security vulnerability has been identified in HP Diagnostics. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). reference LINKS: HP Document ID: c02770512 SecurityTracker Alert ID: 1025255 CVE-2011-0892 Security Focus Document ID: c02770512 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP Diagnostics. A remote user can conduct

284

U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets  

Broader source: Energy.gov (indexed) [DOE]

1: Cisco Unified Communications Manager Directory Traversal 1: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files October 27, 2011 - 7:45am Addthis PROBLEM: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files. PLATFORM: Cisco Unified Communications Manager 6.x, 7.x and 8.x ABSTRACT: A vulnerability was reported in Cisco Unified Communications Manager. reference LINKS: Cisco Advisory ID: cisco-sa-20111026-cucm Cisco Security Advisories and Response SecurityTracker Alert ID: 1026243 CVE-2011-3315 IMPACT ASSESSMENT: Medium Discussion: A remote user can view files on the target system. The software does not properly validate user-supplied input. A remote user can supply a specially

285

T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

4: Apple QuickTime Buffer Overflows Let Remote Users Execute 4: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code August 4, 2011 - 3:33pm Addthis PROBLEM: Multiple vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Apple Quick Time prior to 7.7 ABSTRACT: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code. reference LINKS: Apple security updates SecurityTracker Alert ID: 1025884 Mac OS X: Updating your software Support Downloads QuickTime 7.7 IMPACT ASSESSMENT: High Discussion: A specially crafted PICT file can trigger a buffer overflow [CVE-2011-0245]. Mac OS X version 10.7 is not affected. A specially crafted GIF image can trigger a heap overflow [CVE-2011-0246].

286

U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the  

Broader source: Energy.gov (indexed) [DOE]

2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, 2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information July 27, 2012 - 7:00am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Version(s):Apple Safari prior to 6.0 ABSTRACT: Multiple vulnerabilities were reported in Apple Safari. reference LINKS: The Vendor's Advisory Bugtraq ID: 54683 SecurityTracker Alert ID: 1027307 IMPACT ASSESSMENT:

287

V-192: Symantec Security Information Manager Input Validation Flaws Permit  

Broader source: Energy.gov (indexed) [DOE]

92: Symantec Security Information Manager Input Validation Flaws 92: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks V-192: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks July 4, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in Symantec Security Information Manager PLATFORM: Symantec Security Information Manager Appliance Version 4.7.x and 4.8.0 ABSTRACT: Symantec was notified of multiple security issues impacting the SSIM management console REFERENCE LINKS: SecurityTracker Alert ID: 1028727 Symantec Security Advisory SYM13-006 CVE-2013-1613 CVE-2013-1614 CVE-2013-1615 IMPACT ASSESSMENT: Medium DISCUSSION: The console does not properly filter HTML code from user-supplied input

288

V-231: Cisco Identity Services Engine Discloses Authentication Credentials  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

1: Cisco Identity Services Engine Discloses Authentication 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services Engine REFERENCE LINKS: SecurityTracker Alert ID: 1028965 CVE-2013-3471 IMPACT ASSESSMENT: Meduim DISCUSSION: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials.The system stores the username and password of an authenticated user within hidden HTML form fields. A

289

U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially  

Broader source: Energy.gov (indexed) [DOE]

53: Linux kexec Bugs Let Local and Remote Users Obtain 53: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information December 7, 2011 - 7:30am Addthis PROBLEM: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) ABSTRACT: Several vulnerabilities were reported in Linux kexec. A remote or local user can obtain potentially sensitive information. reference LINKS: Red Hat Security Advisory: RHSA-2011:1532-3 SecurityTracker Alert ID: 1026375 IMPACT ASSESSMENT: Medium Discussion: Kdump uses the SSH "StrictHostKeyChecking=no" option when dumping to SSH

290

U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary 208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code July 10, 2012 - 7:00am Addthis PROBLEM: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows prior to v11.03.12. ABSTRACT: Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027225 CVE-2012-2019 CVE-2012-2020 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities have been identified with HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code.

291

V-194: Citrix XenServer Memory Management Error Lets Local Administrative  

Broader source: Energy.gov (indexed) [DOE]

4: Citrix XenServer Memory Management Error Lets Local 4: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host V-194: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host July 8, 2013 - 12:24am Addthis PROBLEM: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host PLATFORM: Citrix XenServer 5.0 - 6.2 ABSTRACT: A vulnerability was reported in Citrix XenServer. REFERENCE LINKS: CTX138134 SecurityTracker Alert ID: 1028740 CVE-2013-1432 IMPACT ASSESSMENT: Medium DISCUSSION: A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. IMPACT: A local user on the guest operating system can obtain access on the target

292

V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let  

Broader source: Energy.gov (indexed) [DOE]

8: Adobe Flash Player Buffer Overflows and Memory Corruption 8: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code November 7, 2012 - 6:00am Addthis PROBLEM: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.4.402.287 and prior for Windows and OS X; 11.2.202.243 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-24 SecurityTracker Alert ID: 1027730 CVE-2012-5274 CVE-2012-5275 CVE-2012-5276 CVE-2012-5277 CVE-2012-5278 CVE-2012-5279 CVE-2012-5280 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Adobe Flash Player. A remote user

293

T-649: Red Hat Network Satellite Server Request Validation Flaw Permits  

Broader source: Energy.gov (indexed) [DOE]

9: Red Hat Network Satellite Server Request Validation Flaw 9: Red Hat Network Satellite Server Request Validation Flaw Permits Cross-Site Request Forgery Attacks T-649: Red Hat Network Satellite Server Request Validation Flaw Permits Cross-Site Request Forgery Attacks June 17, 2011 - 3:43pm Addthis PROBLEM: A vulnerability was reported in Red Hat Network Satellite Server. A remote user can conduct cross-site request forgery attacks. PLATFORM: Versions 5.4.x ABSTRACT: The Red Hat Network (RHN) Satellite and Spacewalk services do not properly validate user-supplied. A remote user can create specially crafted HTML that, when loaded by a target authenticated user, will take actions on the target site acting as the target user. reference LINKS: SecurityTracker Alert ID: 1025674 RHSA-2011:0879-1 RHN Support CVE-2009-4139 IMPACT ASSESSMENT:

294

V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks  

Broader source: Energy.gov (indexed) [DOE]

6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting 6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions November 16, 2012 - 6:00am Addthis PROBLEM: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions. PLATFORM: RSA Data Protection Manager Appliance versions 2.7.x and 3.x ABSTRACT: Two vulnerabilities were reported in RSA Data Protection Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1027781 EMC Identifier: ESA-2012-055 RSA Worldwide Customer Support CVE-2012-4612 CVE-2012-4613 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities were reported in RSA Data Protection Manager. A remote

295

T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

5: IBM Rational System Architect ActiveBar ActiveX Control Lets 5: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code May 4, 2011 - 7:15am Addthis PROBLEM: A vulnerability was reported in IBM Rational System Architect. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: IBM Rational System 11.4 and prior versions ABSTRACT: There is a high risk security vulnerability with the ActiveBar ActiveX controls used by IBM Rational System Architect. reference LINKS: IBM Advisory: 21497689 SecurityTracker Alert ID: 1025464 CVE-2011-1207 Secunia Advisory: SA43399 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted HTML that, when loaded by the

296

V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

0: VLC Media Player Buffer Overflow in HTML Subtitle Parser 0: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code January 2, 2013 - 1:00am Addthis PROBLEM: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code PLATFORM: VLC Media Player 2.0.4, possibly earlier versions ABSTRACT: Some vulnerabilities have been reported in VLC Media Player REFERENCE LINKS: SecurityTracker Alert ID: 1027929 Secunia Advisory SA51692 IMPACT ASSESSMENT: Medium DISCUSSION: Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors when parsing HTML subtitles in

297

U-050: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

0: Adobe Flex SDK Input Validation Flaw Permits Cross-Site 0: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting Attacks U-050: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting Attacks December 2, 2011 - 5:24am Addthis PROBLEM: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting Attacks. PLATFORM: Adobe Flex SDK 4.5.1 and earlier 4.x versions for Windows, Macintosh and Linux Adobe Flex SDK 3.6 and earlier 3.x versions for Windows, Macintosh and Linux ABSTRACT: Flex applications created using the Flex SDK may not properly filter HTML code from user-supplied input before displaying the input. reference LINKS: Adobe Security Bulletin CVE-2011-2461 SecurityTracker Alert ID: 1026361 IMPACT ASSESSMENT: High Discussion: A remote user may be able to cause arbitrary scripting code to be executed

298

U-017: HP MFP Digital Sending Software Lets Local Users Obtain Potentially  

Broader source: Energy.gov (indexed) [DOE]

7: HP MFP Digital Sending Software Lets Local Users Obtain 7: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information U-017: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information October 24, 2011 - 12:30pm Addthis PROBLEM: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information . PLATFORM: HP MFP Digital Sending Software v4.91.21 and all previous 4.9x versions ABSTRACT: A vulnerability was reported in HP MFP Digital Sending Software. A local user can obtain potentially sensitive information. reference LINKS: HP Advisory ID: c03052686 SecurityTracker Alert ID: 1026228 CVE-2011-3163 IMPACT ASSESSMENT: Medium Discussion: A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could result in

299

T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS  

Broader source: Energy.gov (indexed) [DOE]

21: Citrix XenServer Lets Local Administrative Users on the 21: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service May 12, 2011 - 3:00pm Addthis PROBLEM: A vulnerability was reported in Citrix XenServer. A local administrative user on the guest operating system can cause denial of service conditions. PLATFORM: Citrix XenServer 5.6 Feature Pack 1 and prior ABSTRACT: A local administrative user on a guest operating system can interrupt the normal operation of the target hypervisor. reference LINKS: Document ID: CTX129208 SecurityTracker Alert ID: 1025524 Document ID: CTX129103 Document ID: CTX129102 Document ID: CTX128844 Document ID: CTX129101 Document ID: CTX129100 Citrix Support IMPACT ASSESSMENT Medium Discussion:

300

T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

T-538: HP OpenView Storage Data Protector Bug Lets Remote Users T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code January 20, 2011 - 6:39am Addthis PROBLEM: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code. PLATFORM: HP OpenView Storage Data Protector v6.11 ABSTRACT: A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Bulletin SecurityTracker Alert ID: 1024983 CVE-2011-0273 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code.

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source  

Broader source: Energy.gov (indexed) [DOE]

39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS 39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20, 2012 - 7:00am Addthis PROBLEM: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses PLATFORM: Version(s): 6 beta 4 and prior versions ABSTRACT: A remote user can spoof SMS source addresses. Reference LINKS: SecurityTracker Alert ID: 1027410 Apple.com PCMag.com The original advisory IMPACT ASSESSMENT: Medum Discussion: A vulnerability was reported in Apple iPhone. A remote user can send an SMS message with a specially crafted User Data Header (UDH) value that specifies an alternate reply address. The recipient's iPhone will display the reply address as the source of the SMS.

302

V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication  

Broader source: Energy.gov (indexed) [DOE]

3: RSA Authentication Agent Lets Remote Users Bypass 3: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements March 4, 2013 - 12:27am Addthis PROBLEM: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements PLATFORM: RSA Authentication Agent 7.1, 7.1.1 for Microsoft Windows ABSTRACT: A vulnerability was reported in RSA Authentication Agent. REFERENCE LINKS: RSA SecurCare SecurityTracker Alert ID: 1028230 CVE-2013-0931 IMPACT ASSESSMENT: Medium DISCUSSION: On systems configured for Quick PIN Unlock, the system will request a PIN instead of a full Passcode when the session is activated from an active screensaver after the Quick PIN Unlock timeout has expired. RSA Authentication Agent on Windows Vista, Windows 7, Windows 2008, and

303

V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

5: Google Chrome Multiple Flaws Let Remote Users Execute 5: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code November 28, 2012 - 1:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 23.0.1271.91 ABSTRACT: Several vulnerabilities were reported in Google Chrome. REFERENCE LINKS: Release updates from the Chrome team SecurityTracker Alert ID: 1027815 Secunia Advisory SA51437 CVE-2012-5130 CVE-2012-5131 CVE-2012-5132 CVE-2012-5133 CVE-2012-5134 CVE-2012-5135 CVE-2012-5136 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted content that, when loaded by the

304

U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

1: Google Chrome Out-of-Bounds Write Error Lets Remote Users 1: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code November 18, 2011 - 9:00am Addthis PROBLEM: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Version(s) prior to 15.0.874.121 ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Stable Channel Update CVE-2011-3900 SecurityTracker Alert ID: 1026338 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user,

305

U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

6: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny 6: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service February 6, 2012 - 7:00am Addthis PROBLEM: Vulnerability in AIX TCP stack PLATFORM: Version(s): 5.3, 6.1, 7.1 ABSTRACT: A remote user can send a series of specially crafted TCP packets to trigger a kernel panic on the target system. reference LINKS: SecurityTracker Alert ID: 1026640 IBM Security Advisory CVE-2012-0194 IMPACT ASSESSMENT: Medium Discussion: AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially-crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic.

306

V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking  

Broader source: Energy.gov (indexed) [DOE]

4: Google Chrome Flash Plug-in Lets Remote Users Conduct 4: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks June 24, 2013 - 12:56am Addthis PROBLEM: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks PLATFORM: Google Chrome prior to 27.0.1453.116 ABSTRACT: A vulnerability was reported in Google Chrome. REFERENCE LINKS: Stable Channel Update SecurityTracker Alert ID: 1028694 CVE-2013-2866 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted Flash content that, when loaded by the target user, will display the Flash settings in a transparent manner, which may allow the remote user to cause the target user to modify their Flash settings. This may allow the remote user to obtain potentially

307

V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication |  

Broader source: Energy.gov (indexed) [DOE]

7: Barracuda SSL VPN Bug Lets Remote Users Bypass 7: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication January 25, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Barracuda SSL VPN. PLATFORM: The vulnerability has been verified to exist in Barracuda SSL VPN version 2.2.2.203 ABSTRACT: A remote user can gain administrative access to the target system. REFERENCE LINKS: SecurityTracker Alert ID: 1028039 Barracuda Networks Advisory IMPACT ASSESSMENT: High DISCUSSION: A remote user can set a specially crafted Java system property (via 'setSysProp.jsp') to bypass access restrictions and gain access to the API functionality. This can be exploited to download configuration files, download database dumps, shutdown the system, and set new administrative

308

V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session  

Broader source: Energy.gov (indexed) [DOE]

5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct 5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks May 14, 2013 - 12:08am Addthis PROBLEM: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks PLATFORM: Tomcat 6.0.21 to 6.0.36, 7.0.0 to 7.0.32 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat SecurityTracker Alert ID: 1028534 CVE-2013-2067 IMPACT ASSESSMENT: High DISCUSSION: A remote user can repeatedly send a specially crafted request for a resource requiring authentication while the target user is completing the login form to cause the FORM authentication process to execute the remote user's request with the privileges of the target user.

309

U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco Firewall Services Module Bugs Let Remote Users Execute 9: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service October 11, 2012 - 6:00am Addthis PROBLEM: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: Version(s): prior to 4.1(9) ABSTRACT: Several vulnerabilities were reported in Cisco Firewall Services Module. reference LINKS: Cisco Advisory ID: cisco-sa-20121010-fwsm SecurityTracker Alert ID: 1027640 CVE-2012-4661 CVE-2012-4662 CVE-2012-4663 IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted DCERPC data through the target device to trigger a stack overflow in the DCERPC inspection engine and execute arbitrary code on the target device or cause the target device to

310

U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

0: Google Android DNS Resolver Randomization Flaw Lets Remote 0: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache July 25, 2012 - 7:00am Addthis PROBLEM: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache PLATFORM: Version(s): 4.0.4 and prior versions ABSTRACT: A remote user can poison the DNS cache. reference LINKS: IBM Application Security Research Group SecurityTracker Alert ID: 1027291 Bugtraq ID: 523624 CVE-2012-2808 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Google Android. The res_randomid() function, which bases a return value on the process ID and the current time, is called twice in quick succession. As a result, the effective

311

U-255: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

5: Apache Wicket Input Validation Flaw Permits Cross-Site 5: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks U-255: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks September 11, 2012 - 6:00am Addthis PROBLEM: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Apache Software Foundation Apache Wicket 1.5.5 Apache Software Foundation Apache Wicket 1.5-RC5.1 Apache Software Foundation Apache Wicket 1.4.20 Apache Software Foundation Apache Wicket 1.4.18 Apache Software Foundation Apache Wicket 1.4.17 Apache Software Foundation Apache Wicket 1.4.16 ABSTRACT: A vulnerability was reported in Apache Wicket reference LINKS: Apache Wicket SecurityTracker Alert ID: 1027508 Bugtraq ID: 55445 CVE-2012-3373 IMPACT ASSESSMENT: Medium Discussion: The software does not properly filter HTML code from user-supplied input in

312

U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain  

Broader source: Energy.gov (indexed) [DOE]

42: HP Onboard Administrator Bugs Let Remote Users Gain Access, 42: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks April 6, 2012 - 7:00am Addthis PROBLEM: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks PLATFORM: HP Onboard Administrator (OA) up to and including v3.32 ABSTRACT: A remote user can obtain potentially sensitive information. reference LINKS: HP Support Document ID: c03263573 SecurityTracker Alert ID: 1026889 CVE-2012-0128, CVE-2012-0129, CVE-2012-0130 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Onboard Administrator. A remote

313

U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

1: Citrix Provisioning Services Unspecified Flaw Lets Remote 1: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code May 3, 2012 - 7:00am Addthis PROBLEM: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: 6.1 and prior ABSTRACT: A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1027004 Secunia Advisory SA48971 Citrix advisory IMPACT ASSESSMENT: Medium Discussion: A remote user can send a specially crafted packet to trigger an unspecified flaw and execute arbitrary code on the target system. The code will run with the privileges of the target service.

314

T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary |  

Broader source: Energy.gov (indexed) [DOE]

4: Apple QuickTime Multiple Bugs Let Remote Users Execute 4: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary June 24, 2011 - 4:39am Addthis PROBLEM: A vulnerability was reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): prior to QuickTime 7.6.8 ABSTRACT: A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. reference LINKS: SecurityTracker Alert ID: 1025705 Apple Security Article: HT4339 Apple Security Article: HT4723 Apple Security Article: HT1222 CVE-2011-0213 Secunia Advisory: SA45054 IMPACT ASSESSMENT High Discussion:

315

U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

2: Microsoft Internet Explorer Flaw Lets Remote Users Execute 2: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code September 18, 2012 - 6:00am Addthis PROBLEM: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Internet Explorer 6, 7, 8, 9 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. reference LINKS: Bugtraq ID: 55562 Security Database KB2757760 Microsoft Security Advisory (2757760) SecurityTracker Alert ID: 1027538 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the

316

T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the  

Broader source: Energy.gov (indexed) [DOE]

7: PHP File Upload Bug May Let Remote Users Overwrite Files on 7: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System June 15, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in PHP. A remote user may be able to overwrite files on the target system. PLATFORM: PHP prior to 5.3.7 ABSTRACT: PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions may also be affected. reference LINKS: PHP Security Notice PHP CVE-2011-2202 SecurityTracker Alert ID: 1025659 Secunia Advisory: SA44874 CVE-2011-2202 IMPACT ASSESSMENT: High Discussion: The vulnerability lies in the 'SAPI_POST_HANDLER_FUNC()' function in

317

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Broader source: Energy.gov (indexed) [DOE]

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

318

T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

15: Microsoft SharePoint Multiple Flaws Permit Cross-Site 15: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks September 13, 2011 - 12:35pm Addthis PROBLEM: Multiple vulnerabilities were reported in Microsoft SharePoint. A remote user can conduct cross-site scripting attacks. PLATFORM: Version(s): SharePoint software ABSTRACT: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks. reference LINKS: MS11-074: Article ID: 2552998 SecurityTracker Alert ID: 1026040 CVE-2011-1893 CVE-2011-1892 CVE-2011-1891 CVE-2011-1890 CVE-2011-0653 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted URL or web site that, when loaded by a target user, will cause arbitrary scripting code to be executed

319

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

320

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

704: RSA enVision Lets Remote Users View Files and Remote 704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified  

Broader source: Energy.gov (indexed) [DOE]

6: Citrix XenServer Multiple Flaws in Web Self Service Have 6: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact February 17, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities were reported in Citrix XenServer Web Self Service. PLATFORM: Version(s): 5.5, 5.6 SP2, 6.0; Web Self Service prior to 1.1.1 ABSTRACT: A number of security vulnerabilities have been identified in the management web interface of Citrix XenServer Web Self Service. reference LINKS: Citrix Support Center SecurityTracker Alert ID:1026695 IMPACT ASSESSMENT: Medium Discussion: Customers who have installed XenServer but have not additionally downloaded and installed the optional Web Self Service component are not affected by these vulnerabilities. These vulnerabilities affect all currently supported

322

T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

664: Apache Santuario Buffer Overflow Lets Remote Users Deny 664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service July 8, 2011 - 12:32pm Addthis PROBLEM: A vulnerability was reported in Apache Santuario. A remote user can cause denial of service conditions. PLATFORM: Prior to 1.6.1 - Apache Santuario XML Security for C++ library versions prior to V1.6.1 ABSTRACT: A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker. reference LINKS: SecurityTracker Alert ID: 1025755 Bugzilla: 719698: CVE-2011-2516 xml-security-c The Apache Software Foundation - CVE-2011-2516

323

V-189: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny  

Broader source: Energy.gov (indexed) [DOE]

9: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users 9: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host V-189: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host July 1, 2013 - 12:48am Addthis PROBLEM: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host PLATFORM: VirtualBox 4.2.12 ABSTRACT: A vulnerability was reported in Oracle VirtualBox. REFERENCE LINKS: VirtualBox ticket: 11863 SecurityTracker Alert ID: 1028712 IMPACT ASSESSMENT: Medium DISCUSSION: A local user on the guest operating system can issue a 'tracepath' command to cause the network on the target host system to become unavailable. IMPACT: A local user on a guest operating system can cause denial of service conditions on the target host system.

324

V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

2: EMC NetWorker Module for Microsoft Applications Lets Remote 2: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords October 15, 2012 - 6:00am Addthis PROBLEM: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords PLATFORM: EMC NetWorker Module for Microsoft Applications 2.2.1, 2.3 prior to build 122, 2.4 prior to build 375 ABSTRACT: EMC NetWorker Module for Microsoft Applications Two Vulnerabilities REFERENCE LINKS: EMC Identifier: ESA-2012-025 Secunia Advisory SA50957 SecurityTracker Alert ID: 1027647 CVE-2012-2284 CVE-2012-2290 IMPACT ASSESSMENT: Medium DISCUSSION:

325

V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain  

Broader source: Energy.gov (indexed) [DOE]

6: Linux Kernel Array Bounds Checking Flaw Lets Local Users 6: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges May 15, 2013 - 12:19am Addthis PROBLEM: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges PLATFORM: Version(s): 2.6.37 to 3.8.9 ABSTRACT: A vulnerability was reported in the Linux Kernel. REFERENCE LINKS: Linux Kernel SecurityTracker Alert ID: 1028565 CVE-2013-2094 IMPACT ASSESSMENT: Medium DISCUSSION: On systems compiled with PERF_EVENTS support, a local user can supply a specially crafted perf_event_open() call to execute arbitrary code on the target system with root privileges. The vulnerability resides in the perf_swevent_init() function in 'kernel/events/core.c'.

326

U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

3: Google Chrome Multiple Flaws Let Remote Users Execute 3: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code July 16, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 20.0.1132.57 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: Stable Channel Update SecurityTracker Alert ID: 1027249 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

327

V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary 6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2012 - 6:00am Addthis PROBLEM: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: CA ARCserve Backup for Windows r12.5, r15, r16 ABSTRACT: Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. REFERENCE LINKS: SecurityTracker Alert ID: 1027683 CA Technologies Support CVE-2012-2971 CVE-2012-2972 IMPACT ASSESSMENT: High DISCUSSION: A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the

328

U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

7: HP Performance Manager Unspecified Bug Lets Remote Users 7: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes March 30, 2012 - 9:15am Addthis PROBLEM: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes PLATFORM: HP-UX B.11.31 HP-UX B.11.23 ABSTRACT: A remote user can execute arbitrary code on the target system. REFERENCE LINKS: HP Support Document ID: c03255321 SecurityTracker Alert ID: 1026869 CVE-2012-0127 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS).

329

U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets  

Broader source: Energy.gov (indexed) [DOE]

8: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference 8: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges March 19, 2012 - 7:00am Addthis PROBLEM: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges PLATFORM: ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0 ABSTRACT: A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system. reference LINKS: Secunia Advisory SA48378 SecurityTracker Alert ID: 1026818 CVE-2010-0405 IMPACT ASSESSMENT: Medium Discussion: A local user on a guest operating system can trigger a buffer overflow or null pointer dereference in the display drivers to execute arbitrary code

330

T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain  

Broader source: Energy.gov (indexed) [DOE]

8: HP Virtual Server Environment Lets Remote Authenticated 8: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges April 22, 2011 - 7:47am Addthis PROBLEM: A vulnerability was reported in HP Virtual Server Environment. A remote authenticated user can obtain elevated privileges on the target system. PLATFORM: HP Virtual Server Environment prior to v6.3 ABSTRACT: A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges. reference LINKS: HP Document ID: c02749050 SecurityTracker Alert ID: 1025429 CVE-2011-1724 HP Insight Software media set 6.3 HP Technical Knowledge Base Discussion: System management and security procedures must be reviewed frequently to

331

V-063: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain  

Broader source: Energy.gov (indexed) [DOE]

3: Adobe ColdFusion Bugs Let Remote Users Gain Access and 3: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information V-063: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information January 7, 2013 - 1:00am Addthis PROBLEM: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information PLATFORM: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX REFERENCE LINKS: Adobe Security Bulletin APSA13-01 SecurityTracker Alert ID: 1027938 CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 IMPACT ASSESSMENT: High DISCUSSION: A remote user can bypass authentication and take control of the target system [CVE-2013-0625]. Systems with password protection disabled or with no password set are affected.

332

T-691: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

1: Adobe Flash Player Multiple Flaws Let Remote Users Execute 1: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code T-691: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code August 11, 2011 - 3:00pm Addthis PROBLEM: Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): 10.3.181.36 and prior; 10.3.185.25 and prior for Android. ABSTRACT: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: Security Bulletin: APSB11-21 SecurityTracker Alert ID: 1025907 CVE-2011-2425 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The

333

U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain  

Broader source: Energy.gov (indexed) [DOE]

2: HP Onboard Administrator Bugs Let Remote Users Gain Access, 2: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks April 6, 2012 - 7:00am Addthis PROBLEM: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks PLATFORM: HP Onboard Administrator (OA) up to and including v3.32 ABSTRACT: A remote user can obtain potentially sensitive information. reference LINKS: HP Support Document ID: c03263573 SecurityTracker Alert ID: 1026889 CVE-2012-0128, CVE-2012-0129, CVE-2012-0130 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Onboard Administrator. A remote

334

U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and  

Broader source: Energy.gov (indexed) [DOE]

9: RSA enVision Bugs Permit Cross-Site Scripting, SQL 9: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks March 20, 2012 - 7:00am Addthis PROBLEM: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks PLATFORM: 4.x, prior to 4.1 Patch 4 ABSTRACT: Several vulnerabilities were reported in RSA enVision. A remote user can access the system. A remote authenticated user can conduct cross-site scripting attacks. A remote authenticated user can inject SQL commands. A remote authenticated user can view files on the target system. Reference LINKS: SecurityTracker Alert ID: 1026819 CVE-2012-0403 IMPACT ASSESSMENT: High Discussion: The system does not properly filter HTML code from user-supplied input

335

V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass  

Broader source: Energy.gov (indexed) [DOE]

4: EMC RSA Archer GRC Open Redirection Weakness and Security 4: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue September 4, 2013 - 6:00am Addthis PROBLEM: A weakness and a security issue have been reported in EMC RSA Archer GRC PLATFORM: EMC RSA Archer GRC 5.x ABSTRACT: This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing attacks REFERENCE LINKS: Secunia Advisory SA54717 SecurityTracker Alert ID 1028971 EMC Identifier: ESA-2013-057 CVE-2013-3276 CVE-2013-3277 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application does not properly restrict deactivated users. This can be exploited by deactivated users to login and gain access to otherwise

336

V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions |  

Broader source: Energy.gov (indexed) [DOE]

5: Adobe ColdFusion Lets Local Users Bypass Sandbox 5: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions December 12, 2012 - 2:00am Addthis PROBLEM: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions PLATFORM: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX ABSTRACT: A vulnerability was reported in Adobe ColdFusion. REFERENCE LINKS: SecurityTracker Alert ID: 1027853 Adobe Vulnerability identifier: APSB12-26 CVE 2012-5675 IMPACT ASSESSMENT: High DISCUSSION: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using

337

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

4: RSA enVision Lets Remote Users View Files and Remote 4: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

338

U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco IOS Intrusion Prevention System DNS Processing Bug 9: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service September 27, 2012 - 4:07am Addthis PROBLEM: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service PLATFORM: Devices configured with Cisco IOS IPS are affected ABSTRACT: A vulnerability was reported in Cisco IOS. reference LINKS: SecurityTracker Alert ID: 1027580 Cisco Security Advisory CVE-2012-3950 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can send specially crafted (but legitimate) DNS packets through the target device to cause the device to

339

U-203: HP Photosmart Bug Lets Remote Users Deny Service | Department of  

Broader source: Energy.gov (indexed) [DOE]

03: HP Photosmart Bug Lets Remote Users Deny Service 03: HP Photosmart Bug Lets Remote Users Deny Service U-203: HP Photosmart Bug Lets Remote Users Deny Service July 2, 2012 - 8:00am Addthis PROBLEM: HP Photosmart Bug Lets Remote Users Deny Service PLATFORM: HP Photosmart Wireless e-All-in-One Printer series - B110 HP Photosmart e-All-in-One Printer series - D110 HP Photosmart Plus e-All-in-One Printer series - B210 HP Photosmart eStation All-in-One Printer series - C510 HP Photosmart Ink Advantage e-All-in-One Printer series - K510 HP Photosmart Premium Fax e-All-in-One Printer series - C410 ABSTRACT: A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions. Reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027213 CVE-2012-2017 IMPACT ASSESSMENT: High Discussion:

340

U-223: Bugzilla May Disclose Confidential Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

3: Bugzilla May Disclose Confidential Information to Remote 3: Bugzilla May Disclose Confidential Information to Remote Users U-223: Bugzilla May Disclose Confidential Information to Remote Users July 30, 2012 - 7:00am Addthis PROBLEM: Bugzilla May Disclose Confidential Information to Remote Users PLATFORM: Version(s): 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 ABSTRACT: Two vulnerabilities were reported in Bugzilla. reference LINKS: The Vendor's Advisory Security Advisories CVE-2012-1969 CVE-2012-1968 SecurityTracker Alert ID: 1027320 Bug 777586 IMPACT ASSESSMENT: High Discussion: Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and attachments

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

T-564: Vulnerabilities in Citrix Licensing administration components |  

Broader source: Energy.gov (indexed) [DOE]

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

342

U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

31: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service 31: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service August 9, 2012 - 7:00am Addthis PROBLEM: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service PLATFORM: Version(s): ASA 5500 Series; 8.2 - 8.4 ABSTRACT: Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions. reference LINKS: Release Notes for the Cisco ASA 5500 Series, 8.4(x) SecurityTracker Alert ID: 1027355 CVE-2012-2472 CVE-2012-2474 IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in Cisco ASA. 1. On systems with SIP inspection enabled, a remote user can send specially crafted SIP traffic to cause the target device to create many identical

343

U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the  

Broader source: Energy.gov (indexed) [DOE]

2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, 2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information July 27, 2012 - 7:00am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Version(s):Apple Safari prior to 6.0 ABSTRACT: Multiple vulnerabilities were reported in Apple Safari. reference LINKS: The Vendor's Advisory Bugtraq ID: 54683 SecurityTracker Alert ID: 1027307 IMPACT ASSESSMENT:

344

U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute 80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code January 12, 2012 - 9:00am Addthis PROBLEM: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code PLATFORM: Linux ABSTRACT: A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Linux Kernel Update SecurityTracker Alert ID: 1026512 CVE-2012-0038 Red Hat Bugzilla Bug 773280 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a filesystem that, when mounted by the target user, will execute arbitrary code on the target user's system. Impact: A remote user can create a specially crafted filesystem that, when mounted

345

V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take  

Broader source: Energy.gov (indexed) [DOE]

10: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote 10: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions October 25, 2012 - 6:00am Addthis PROBLEM: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions PLATFORM: 3COM, and H3C Routers & Switches Specific products and model numbers is provided in the vendor's advisory. ABSTRACT: A vulnerability was reported in 3Com, HP, and H3C Switches. REFERENCE LINKS: HP Support document ID: c03515685 SecurityTracker Alert ID: 1027694 CVE-2012-3268 IMPACT ASSESSMENT: High DISCUSSION: A remote user with knowledge of the SNMP public community string can access potentially sensitive data (e.g., user names, passwords) in the

346

T-722: IBM WebSphere Commerce Edition Input Validation Holes Permit  

Broader source: Energy.gov (indexed) [DOE]

2: IBM WebSphere Commerce Edition Input Validation Holes Permit 2: IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks T-722: IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks September 21, 2011 - 8:15am Addthis PROBLEM: IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks. PLATFORM: WebSphere Commerce Edition V7.0 ABSTRACT: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the IBM WebSphere software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. reference LINKS: IBM Recommended Fixes for WebSphere Commerce IBM Support SecurityTracker Alert ID: 1026074

347

V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code 5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle Java Flaws Let Remote Users Execute Arbitrary Code PLATFORM: JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier ABSTRACT: Several vulnerabilities were reported in Oracle Java. REFERENCE LINKS: Updated Release of the February 2013 Oracle Java SE Critical Patch Update SecurityTracker Alert ID: 1028155 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted Java Web Start application or Java applet that, when loaded by the target user, will execute arbitrary

348

T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits  

Broader source: Energy.gov (indexed) [DOE]

8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' 8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks August 22, 2011 - 3:54pm Addthis PROBLEM: A vulnerability was reported in Adobe ColdFusion. A remote user can conduct cross-site scripting attacks. PLATFORM: Adobe ColdFusion 9.x ABSTRACT: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks. reference LINKS: Adobe Vulnerability Report Adobe Security Bulletin ColdFusion Support SecurityTracker Alert ID: 1025957 IMPACT ASSESSMENT: Medium Discussion: The 'probe.cfm' script does not properly filter HTML code from user-supplied input in the 'name' parameter before displaying the input. A remote user can create a specially crafted URL that, when loaded by a

349

V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site 0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information April 23, 2013 - 12:26am Addthis PROBLEM: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information PLATFORM: Apache ActiveMQ versions prior to 5.8.0 ABSTRACT: Several vulnerabilities were reported in Apache ActiveMQ. REFERENCE LINKS: Apache ActiveMQ SecurityTracker Alert ID: 1028457 CVE-2012-6092 CVE-2012-6551 CVE-2013-3060 IMPACT ASSESSMENT: High DISCUSSION: Several web demos do not properly filter HTML code from user-supplied input

350

V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated 1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges February 28, 2013 - 12:05am Addthis PROBLEM: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges PLATFORM: VSE 8.8 Patch 2 with Access Protection, including Self Protection, turned off ABSTRACT: A vulnerability was reported in McAfee VirusScan Enterprise. REFERENCE LINKS: McAfee Security Bulletins ID: SB10038 SecurityTracker Alert ID: 1028209 IMPACT ASSESSMENT: Medium DISCUSSION: When Access Protection has been disabled, a local user can gain full control of the target application IMPACT: A local user can obtain elevated privileges on the target system. SOLUTION: The vendor has issued a fix (8.8 Patch 2 with HF778101, 8.8 Patch 3)

351

T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits  

Broader source: Energy.gov (indexed) [DOE]

0: Skype Input Validation Flaw in 'mobile phone' Profile Entry 0: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks July 18, 2011 - 7:09am Addthis PROBLEM: A vulnerability was reported in Skype. A remote user can conduct cross-site scripting attacks. PLATFORM: 5.3.0.120 and prior versions ABSTRACT: The software does not properly filter HTML code from user-supplied input in the The "mobile phone" profile entry before displaying the input. reference LINKS: SecurityTracker Alert ID: 1025789 Skype Security Advisory KoreSecure News H Security ID: 1279864 IMPACT ASSESSMENT: High Discussion: Skype suffers from a persistent Cross-Site Scripting vulnerability due to a lack of input validation and output sanitization of the "mobile phone"

352

U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

7: Linux Kernel NFSv4 ACL Attribute Processing Error Lets 7: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code November 16, 2011 - 7:43am Addthis PROBLEM: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Kernel version 2.6.x ABSTRACT: A remote server can cause the target connected client to crash. reference LINKS: The Linux Kernel Archives CVE-2011-4131 SecurityTracker Alert ID: 1026324 Linux Kernel [PATCH 1/1] NFSv4 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in the Linux Kernel. A remote user can cause denial of service conditions. Impact: A remote server can return specially crafted data to the connected target

353

V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let  

Broader source: Energy.gov (indexed) [DOE]

14: Cisco Prime Data Center Network Manager JBoss RMI Services 14: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands November 1, 2012 - 6:00am Addthis PROBLEM: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands PLATFORM: All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability. ABSTRACT: A vulnerability was reported in Cisco Prime Data Center Network Manager. REFERENCE LINKS: Cisco Advisory ID: cisco-sa-20121031-dcnm SecurityTracker Alert ID: 1027712 CVE-2012-5417 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability exists because JBoss Application Server Remote Method

354

U-132: Apache Wicket Input Validation Flaw in 'wicket:pageMapName'  

Broader source: Energy.gov (indexed) [DOE]

2: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' 2: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks U-132: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks March 23, 2012 - 7:42am Addthis PROBLEM: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks PLATFORM: Apache Wicket 1.4.x ABSTRACT: A remote user can conduct cross-site scripting attacks. reference LINKS: Apache Wicket CVE-2012-0047 SecurityTracker Alert ID: 1026839 IMPACT ASSESSMENT: High Discussion: The software does not properly filter HTML code from user-supplied input in the 'wicket:pageMapName' request parameter before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target

355

V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints |  

Broader source: Energy.gov (indexed) [DOE]

0: Apache Tomcat Bug Lets Remote Users Bypass Security 0: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints December 5, 2012 - 1:00am Addthis PROBLEM: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints PLATFORM: Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.29 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat Red Hat Bugzilla - Bug 883634 SecurityTracker Alert ID: 1027833 CVE-2012-3546 IMPACT ASSESSMENT: High DISCUSSION: When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to

356

T-705: Linux Kernel Weakness in Sequence Number Generation Facilitates  

Broader source: Energy.gov (indexed) [DOE]

05: Linux Kernel Weakness in Sequence Number Generation 05: Linux Kernel Weakness in Sequence Number Generation Facilitates Packet Injection Attacks T-705: Linux Kernel Weakness in Sequence Number Generation Facilitates Packet Injection Attacks August 30, 2011 - 3:46am Addthis PROBLEM: A remote user can conduct packet injection attacks. PLATFORM: Linux Kernel ABSTRACT: Linux Kernel Weakness in Sequence Number Generation Facilitates Packet Injection Attacks. reference LINKS: SecurityTracker Alert ID: 1025977 CVE-2011-3188 (under review) The Linux Kernel Archives IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in the Linux Kernel. A remote user can conduct packet injection attacks. The kernel's sequence number generation function uses partial MD4 with 24-bits unguessable. A remote user may be able to brute-force guess a valid sequence number to inject a packet into a

357

V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote  

Broader source: Energy.gov (indexed) [DOE]

5: EMC AlphaStor Command Injection and Format String Flaws Let 5: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code January 23, 2013 - 12:26am Addthis PROBLEM: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code PLATFORM: EMC AlphaStor 4.0 prior to build 800 (All platforms) ABSTRACT: Two vulnerabilities were reported in EMC AlphaStor. REFERENCE LINKS: ESA-2013-008: SecurityTracker Alert ID: 1028020 Secunia Advisory SA51930 CVE-2013-0928 CVE-2013-0929 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send a specially crafted DCP run command to inject commands and cause the Device Manager (rrobotd.exe) to execute arbitrary code on the target system [CVE-2013-0928].

358

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

27: Adobe InDesign Server SOAP Interface Lets Remote Users 27: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands November 19, 2012 - 2:30am Addthis PROBLEM: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands PLATFORM: CS5.5 7.5.0.142; possibly other versions ABSTRACT: Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability REFERENCE LINKS: Secunia Advisory SA48572 SecurityTracker Alert ID: 1027783 Adobe IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system. A remote user can send a specially crafted "RunScript" SOAP message to

359

U-277: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

7: Google Chrome Multiple Flaws Let Remote Users Execute 7: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-277: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code October 9, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: SecurityTracker Alert ID: 1027617 Stable Channel Update CVE-2012-2900 CVE-2012-5108 CVE-2012-5109 CVE-2012-5110 CVE-2012-5111 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A crash may occur in Skia text rendering [CVE-2012-2900].

360

U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

60: Google Chrome Multiple Flaws Let Remote Users Execute 60: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code May 2, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Prior to 18.0.1025.168 ABSTRACT: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system reference LINKS: SecurityTracker Alert ID: 1027001 CVE-2011-3078 CVE-2011-3079 CVE-2011-3080 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

T-712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and 712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update T-712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update September 8, 2011 - 10:30am Addthis PROBLEM: A flaw was discovered in Cumin where it would log broker authentication credentials to the Cumin log file. A vulnerability was reported in Red Hat Enterprise MRG Grid. A local user can access the broker password. PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5) ABSTRACT: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update. reference LINKS: RHSA-2011:1249-1 SecurityTracker Alert ID: 1026021 CVE-2011-2925 IMPACT ASSESSMENT: Medium Discussion: A local user exploiting this flaw could connect to the broker outside of Cumin's control and perform certain operations such as scheduling jobs,

362

U-003:RPM Package Manager security update | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

03:RPM Package Manager security update 03:RPM Package Manager security update U-003:RPM Package Manager security update October 4, 2011 - 1:30pm Addthis PROBLEM: A vulnerability was reported in RPM Package Manager. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): 4.9.1.1 and prior versions. ABSTRACT: RPM Package Manager Header Validation Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: RPM Package Manager Advisory RHSA-2011:1349-1 SecurityTracker Alert ID: 1026134 CVE-2011-3378 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted RPM package that, when queried or installed by the target user, will trigger a buffer overflow or memory corruption error and execute arbitrary code on the target system. The code

363

U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

9:Apache Struts ParameterInterceptor() Flaw Lets Remote Users 9:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands January 26, 2012 - 6:45am Addthis PROBLEM: Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands PLATFORM: Struts 2.0.0 - Struts 2.3.1.1 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: CVE-2011-3923 SecurityTracker Alert ID: 1026575 Apache Struts 2 Documentation S2-009 blog.o0o.nu IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache Struts. The vulnerability allows a malicious user to bypass all the protections (regex pattern, deny method invocation) built into the ParametersInterceptor, thus being able to inject

364

T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass  

Broader source: Energy.gov (indexed) [DOE]

7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users 7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information August 31, 2011 - 12:00pm Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user can bypass authentication or obtain potentially sensitive information. PLATFORM: Apache Tomcat 5.5.0 to 5.5.33, 6.0.0 to 6.0.33, 7.0.0 to 7.0.20 ABSTRACT: Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information. reference LINKS: SecurityTracker Alert ID: 1025993 CVE-2011-3190 (under review) Apache Tomcat Security Updates IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A remote user can bypass

365

T-721:Mac OS X Directory Services Lets Local Users View User Password  

Broader source: Energy.gov (indexed) [DOE]

21:Mac OS X Directory Services Lets Local Users View User 21:Mac OS X Directory Services Lets Local Users View User Password Hashes T-721:Mac OS X Directory Services Lets Local Users View User Password Hashes September 20, 2011 - 8:45am Addthis PROBLEM: Mac OS X Directory Services Lets Local Users View User Password Hashes. PLATFORM: Mac OS X Lion (10.7) ABSTRACT: A local user can view user password hashes. reference LINKS: SecurityTracker Alert ID: 1026067 Apple Support Downloads Apple Security Updates Apple OS X Lion v10.7.1 Update IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Mac OS X. A local user can view user password hashes. A local user can invoke the following Directory Services command line command to view the password hash for the target user: dscl localhost -read /Search/Users/[target user] A local user can change their

366

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Broader source: Energy.gov (indexed) [DOE]

84: Cisco Digital Media Manager Lets Remote Authenticated Users 84: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

367

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Broader source: Energy.gov (indexed) [DOE]

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

368

U-001:Symantec IM Manager Input Validation Flaws | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

U-001:Symantec IM Manager Input Validation Flaws U-001:Symantec IM Manager Input Validation Flaws U-001:Symantec IM Manager Input Validation Flaws October 3, 2011 - 12:45pm Addthis PROBLEM: Symantec IM Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Code Execution Attacks. PLATFORM: Version(s): prior to 8.4.18 ABSTRACT: Symantec IM Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Code Execution Attacks. reference LINKS: Security Advisory: SYM11-012 SecurityTracker Alert ID: 1026130 IMPACT ASSESSMENT: Medium Discussion: Several vulnerabilities were reported in Symantec IM Manager. A remote user can conduct cross-site scripting attacks. A remote user can inject SQL commands. Several scripts do not properly filter HTML code from user-supplied input before displaying the input [CVE-2011-0552]. A remote user can create a

369

U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

70: Apple QuickTime Multiple Flaws Let Remote Users Execute 70: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code May 16, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: prior to 7.7.2 ABSTRACT: Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. Reference LINKS: SecurityTracker Alert ID: 1027065 CVE-2012-0265 CVE-2012-0663 CVE-2012-0664 CVE-2012-0665 CVE-2012-0666 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Only Windows-based systems

370

V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

09: Adobe Shockwave Player Buffer Overflows and Array Error Lets 09: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code October 24, 2012 - 6:00am Addthis PROBLEM: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh ABSTRACT: Several vulnerabilities were reported in Adobe Shockwave. REFERENCE LINKS: Adobe Security bulletin SecurityTracker Alert ID: 1027692 CVE-2012-4172 CVE-2012-4173 CVE-2012-4174 CVE-2012-4175 CVE-2012-4176 CVE-2012-5273 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on

371

V-109: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

09: Google Chrome WebKit Type Confusion Error Lets Remote Users 09: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code V-109: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code March 12, 2013 - 12:11am Addthis PROBLEM: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 25.0.1364.160 ABSTRACT: A vulnerability was reported in Google Chrome. REFERENCE LINKS: Stable Channel Update SecurityTracker Alert ID: 1028266 CVE-2013-0912 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a type confusion error in WebKit and execute arbitrary code on the target system. The code will run with the privileges

372

U-194: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

4: Symantec LiveUpdate Administrator Lets Local Users Gain 4: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privledges U-194: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privledges June 19, 2012 - 7:00am Addthis PROBLEM: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privileges . PLATFORM: Version(s): 2.3 and prior versions Abstract: Users Gain Elevated Privileges reference LINKS: Vendor Advisory SecurityTracker Alert ID: 1027182 CVE-2012-0304 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Symantec LiveUpdate Administrator. A local user can obtain elevated privileges on the target system.The default installation of Symantec LiveUpdate Administrator installs files with full control privileges granted to the 'Everyone' group.A local user can exploit

373

T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

0: HP Diagnostics Input Validation Hole Permits Cross-Site 0: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks March 29, 2011 - 3:05pm Addthis PROBLEM: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: HP Diagnostics software: version(s) 7.5, 8.0 prior to 8.05.54.225 ABSTRACT: A potential security vulnerability has been identified in HP Diagnostics. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). reference LINKS: HP Document ID: c02770512 SecurityTracker Alert ID: 1025255 CVE-2011-0892 Security Focus Document ID: c02770512 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP Diagnostics. A remote user can conduct

374

U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

5: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 5: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code December 8, 2011 - 8:30am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code . PLATFORM: Adobe Flash Player 11.1.102.55 on Windows and Mac OS X and prior versions ABSTRACT: Two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead were reported in Adobe Flash Player. reference LINKS: Secunia Advisory: SA47161 SecurityTracker Alert ID: 1026392 CVE-2011-4693 CVE-2011-4694 IMPACT ASSESSMENT: High Discussion: A remote or local user can obtain potentially sensitive information. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted SWF file that, when

375

V-179: Blackberry Z10 Flaw Lets Physically Local Users Access the Device |  

Broader source: Energy.gov (indexed) [DOE]

9: Blackberry Z10 Flaw Lets Physically Local Users Access the 9: Blackberry Z10 Flaw Lets Physically Local Users Access the Device V-179: Blackberry Z10 Flaw Lets Physically Local Users Access the Device June 17, 2013 - 1:09am Addthis PROBLEM: Blackberry Z10 Flaw Lets Physically Local Users Access the Device PLATFORM: BlackBerry 10 OS version 10.0.10.261 and earlier, except version 10.0.9.2743 ABSTRACT: A vulnerability was reported in Blackberry Z10 Smartphones. REFERENCE LINKS: BlackBerry Security Advisory KB34458 SecurityTracker Alert ID: 1028669 CVE-2013-3692 IMPACT ASSESSMENT: Medium DISCUSSION: On systems with BlackBerry Protect enabled, if the user resets the device password via BlackBerry Protect and downloads a specifically crafted applications, then a physically local user can access or modify data on the device. The vulnerability is due to unsafe permissions on a BlackBerry Protect

376

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

377

U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

U-025: HP OpenView Network Node Manager Bugs Let Remote Users U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code November 2, 2011 - 8:00am Addthis PROBLEM: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: HP OpenView Network Node Manager (OV NNM) v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Support Center Document ID: c03054052 SecurityTracker Alert ID: 1026260 CVE-2011-1365 CVE-2011-1366 CVE-2011-1367 IMPACT ASSESSMENT: Medium Discussion: Several vulnerabilities were reported in HP OpenView Network Node Manager. A remote user can execute arbitrary code on the target system.

378

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

204: HP Network Node Manager i Input Validation Hole Permits 204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

379

U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution,  

Broader source: Energy.gov (indexed) [DOE]

3: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, 3: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks February 1, 2012 - 5:51am Addthis PROBLEM: Multiple vulnerabilities were reported in Mozilla Firefox. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) Version(s): prior to 3.2.26; prior to 10.0 ABSTRACT: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting. reference LINKS: SecurityTracker Alert ID: 1026605 CVE-2011-3659, CVE-2012-0442 CVE-2012-0443, CVE-2012-0444 CVE-2012-0445, CVE-2012-0446 CVE-2012-0447, CVE-2012-0449 CVE-2012-0450 Vendor Site IMPACT ASSESSMENT:

380

T-671: Red Hat system-config-firewall Lets Local Users Gain Root Privileges  

Broader source: Energy.gov (indexed) [DOE]

1: Red Hat system-config-firewall Lets Local Users Gain Root 1: Red Hat system-config-firewall Lets Local Users Gain Root Privileges T-671: Red Hat system-config-firewall Lets Local Users Gain Root Privileges July 19, 2011 - 2:42pm Addthis PROBLEM: A vulnerability was reported in Red Hat system-config-firewall. A local user can obtain root privileges on the target system. PLATFORM Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.1.z) Red Hat Enterprise Linux Workstation (v. 6) ABSTRACT: Red Hat system-config-firewall Lets Local Users Gain Root Privileges reference LINKS: RHSA-2011:0953-1 SecurityTracker Alert ID: 1025793 CVE-2011-2520 Red hat Article ID: 11259 IMPACT ASSESSMENT: Medium Discussion: The system-config-firewall utility uses the Python pickle module in an

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

0: Google Chrome Multiple Flaws Let Remote Users Execute 0: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code May 2, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Prior to 18.0.1025.168 ABSTRACT: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system reference LINKS: SecurityTracker Alert ID: 1027001 CVE-2011-3078 CVE-2011-3079 CVE-2011-3080 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will

382

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

5: HP IBRIX X9000 Storage Discloses Information to Remote Users 5: HP IBRIX X9000 Storage Discloses Information to Remote Users U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users October 5, 2012 - 6:00am Addthis PROBLEM: HP IBRIX X9000 Storage Discloses Information to Remote Users PLATFORM: Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251 ABSTRACT: A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information. reference LINKS: HP Security Bulletin: c03510876 SecurityTracker Alert ID: 1027590 CVE-2012-3266 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the

383

V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

20: Apple QuickTime Multiple Flaws Let Remote Users Execute 20: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista and XP. ABSTRACT: Multiple vulnerabilities were reported in Apple QuickTime. REFERENCE LINKS: Apple Security Article: HT5581 SecurityTracker Alert ID: 1027737 Bugtraq ID: 56438 Secunia Advisory SA51226 CVE-2011-1374 CVE-2012-3751 CVE-2012-3752 CVE-2012-3753 CVE-2012-3754 CVE-2012-3755 CVE-2012-3756 CVE-2012-3757 CVE-2012-3758 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Apple QuickTime, which can

384

U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control  

Broader source: Energy.gov (indexed) [DOE]

26: Cisco Adaptive Security Appliances Port Forwarder ActiveX 26: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability March 16, 2012 - 7:00am Addthis PROBLEM: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability PLATFORM: Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Secunia Advisory SA48422 SecurityTracker Alert ID: 1026799 CVE-2012-0358 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted HTML that, when loaded by the

385

U-090: RSA enVision Discloses Environment Variable Information to Remote  

Broader source: Energy.gov (indexed) [DOE]

0: RSA enVision Discloses Environment Variable Information to 0: RSA enVision Discloses Environment Variable Information to Remote Users U-090: RSA enVision Discloses Environment Variable Information to Remote Users January 27, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in RSA enVision PLATFORM: Version(s): 4.0 prior to 4.0 SP4 P5, 4.1 prior to 4.1 P3 ABSTRACT: A remote user can view potentially sensitive data on the target system. reference LINKS: CVE-2011-4143 SecurityTracker Alert ID: 1026591 Secunia Advisory IMPACT ASSESSMENT: Medium Discussion: The security issue is caused due to the application disclosing certain environment variables containing web system setup information via the web interface. Further information about this resolution and other fixes can be found in the Release Notes associated with RSA enVision 4.1, Patch 3 and

386

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Broader source: Energy.gov (indexed) [DOE]

4: Cisco Digital Media Manager Lets Remote Authenticated Users 4: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

387

U-071:HP Database Archiving Software Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

1:HP Database Archiving Software Bugs Let Remote Users Execute 1:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code U-071:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code December 29, 2011 - 8:15am Addthis PROBLEM: HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Database Archiving Software v6.31 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Database Document ID: c03128302 SecurityTracker Alert ID: 1026467 CVE-2011-4163 CVE-2011-4164 CVE-2011-4165 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Database Archiving Software. A remote user can execute arbitrary code on the target system. Impact: A remote user can execute arbitrary code on the target system. Solution:

388

V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users  

Broader source: Energy.gov (indexed) [DOE]

5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, 5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information November 2, 2012 - 6:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information PLATFORM: Apple iOS prior to 6.0.1 ABSTRACT: Three vulnerabilities were reported in Apple iOS. REFERENCE LINKS: Apple Article: HT5567 SecurityTracker Alert ID: 1027716 Bugtraq ID: 56363 CVE-2012-3748 CVE-2012-3749 CVE-2012-3750 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the

389

U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain  

Broader source: Energy.gov (indexed) [DOE]

1: RSA Adaptive Authentication Bugs Let Remote Users Bypass 1: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls December 14, 2011 - 8:17am Addthis PROBLEM: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3 6.0.2.1 SP2 and SP2 Patch 1 6.0.2.1 SP3 ABSTRACT: A remote user may be able to bypass certain security controls. reference LINKS: SecurityTracker Alert ID: 1026420 Security Focus: ESA-2011-036 IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA Adaptive Authentication (On-Premise). A remote user may be able to bypass certain security controls. A remote user can send specially crafted data elements to affect the Device

390

U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass  

Broader source: Energy.gov (indexed) [DOE]

7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass 7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access August 29, 2012 - 6:00am Addthis PROBLEM: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access PLATFORM: EMC Cloud Tiering Appliance (CTA) 7.4 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 7.4 and prior EMC Cloud Tiering Appliance (CTA) 9.0 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and prior ABSTRACT: A vulnerability was reported in EMC Cloud Tiering Appliance. reference LINKS: SecurityTracker Alert ID: 1027448 Bugtraq ID: 55250 EMC.com CVE-2012-2285 IMPACT ASSESSMENT:

391

V-078: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks  

Broader source: Energy.gov (indexed) [DOE]

8: WordPress Bugs Permit Cross-Site Scripting and Port Scanning 8: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks V-078: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks January 28, 2013 - 12:32am Addthis PROBLEM: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks PLATFORM: WordPress all versions are affected prior to 3.5.1 ABSTRACT: WordPress 3.5.1 Maintenance and Security Release REFERENCE LINKS: WordPress News SecurityTracker Alert ID: 1028045 Secunia Advisory SA51967 IMPACT ASSESSMENT: Medium DISCUSSION: Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the WordPress software and will run in the security

392

T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

74: Google Chrome Multiple Flaws Let Remote Users Execute 74: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 10, 2011 - 3:05pm Addthis PROBLEM: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass the pop-up blocker. PLATFORM: Google Chrome prior to 10.0.648.127 ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system. reference LINKS: Secunia Advisory: SA43683 Google Chrome Support Chrome Stable Release SecurityTracker Alert ID:1025181

393

U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

0: HP-UX System Administration Manager Lets Local Users Gain 0: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges November 17, 2011 - 8:00am Addthis PROBLEM: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31; running Enterprise Mobility Suite (EMS) prior to A.04.20.11.04_01 ABSTRACT: A local user can obtain elevated privileges on the target system. reference LINKS: HP Support Center Document ID: c03089106 CVE-2011-4159 SecurityTracker Alert ID: 1026331 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP-UX System Administration Manager. A local user can obtain elevated privileges on the target system. A local user can gain full control of the target system.

394

V-194: Citrix XenServer Memory Management Error Lets Local Administrative  

Broader source: Energy.gov (indexed) [DOE]

4: Citrix XenServer Memory Management Error Lets Local 4: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host V-194: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host July 8, 2013 - 12:24am Addthis PROBLEM: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host PLATFORM: Citrix XenServer 5.0 - 6.2 ABSTRACT: A vulnerability was reported in Citrix XenServer. REFERENCE LINKS: CTX138134 SecurityTracker Alert ID: 1028740 CVE-2013-1432 IMPACT ASSESSMENT: Medium DISCUSSION: A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. IMPACT: A local user on the guest operating system can obtain access on the target

395

V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

9: Microsoft Internet Explorer Object Access Bug Lets Remote 9: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code May 6, 2013 - 12:07am Addthis PROBLEM: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code PLATFORM: Internet Explorer 8 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. REFERENCE LINKS: SecurityTracker Alert ID: 1028514 Microsoft Security Advisory (2847140) CVE-2013-1347 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will access and object that has been deleted or not properly allocated and execute arbitrary code on the target system. The code will run with the privileges of the target user.

396

U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco IOS Intrusion Prevention System DNS Processing Bug 9: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service September 27, 2012 - 4:07am Addthis PROBLEM: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service PLATFORM: Devices configured with Cisco IOS IPS are affected ABSTRACT: A vulnerability was reported in Cisco IOS. reference LINKS: SecurityTracker Alert ID: 1027580 Cisco Security Advisory CVE-2012-3950 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can send specially crafted (but legitimate) DNS packets through the target device to cause the device to

397

V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 6.0.3 ABSTRACT: Two vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple security update, Article: HT1222 SecurityTracker Alert ID: 1028292 CVE-2013-0960 CVE-2013-0961 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. IMPACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

398

V-160: Wireshark Multiple Bugs Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

60: Wireshark Multiple Bugs Let Remote Users Deny Service 60: Wireshark Multiple Bugs Let Remote Users Deny Service V-160: Wireshark Multiple Bugs Let Remote Users Deny Service May 21, 2013 - 12:09am Addthis PROBLEM: Wireshark Multiple Bugs Let Remote Users Deny Service PLATFORM: Versions 1.8.0 to 1.8.6 ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark Docid: wnpa-sec-2013-23 Secunia Advisory SA53425 SecurityTracker Alert ID: 1028582 CVE-2013-2486 CVE-2013-2487 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the RELOAD dissector (dissectors/packet-reload.c) can be exploited to trigger infinite loops and consume CPU resources via specially

399

U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and  

Broader source: Energy.gov (indexed) [DOE]

4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, 4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information October 4, 2012 - 6:00am Addthis PROBLEM: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information PLATFORM: HP Network Node Manager I (NNMi) v9.20 for HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. reference LINKS: HP Security Bulletin: c03507708 SecurityTracker Alert ID: 1027605 Security Focus: 524302 CVE-2012-3267 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Network Node

400

T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits  

Broader source: Energy.gov (indexed) [DOE]

8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' 8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks August 22, 2011 - 3:54pm Addthis PROBLEM: A vulnerability was reported in Adobe ColdFusion. A remote user can conduct cross-site scripting attacks. PLATFORM: Adobe ColdFusion 9.x ABSTRACT: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks. reference LINKS: Adobe Vulnerability Report Adobe Security Bulletin ColdFusion Support SecurityTracker Alert ID: 1025957 IMPACT ASSESSMENT: Medium Discussion: The 'probe.cfm' script does not properly filter HTML code from user-supplied input in the 'name' parameter before displaying the input. A remote user can create a specially crafted URL that, when loaded by a

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

U-077: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

7: Google Chrome Multiple Flaws Let Remote Users Execute 7: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-077: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code January 9, 2012 - 9:15am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 16.0.912.75 ABSTRACT: A remote user may be able to execute arbitrary code on the target system. reference LINKS: Google Chrome Releases Chromium Security SecurityTracker Alert ID:1026487 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Specially crafted animation frames can trigger a use-after-free memory

402

V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

5: Firefly Media Server Null Pointer Dereference Lets Remote 5: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service December 26, 2012 - 9:00am Addthis PROBLEM: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service PLATFORM: Version(s): 1.0.0.1359 and prior ABSTRACT: A vulnerability was reported in Firefly Media Server REFERENCE LINKS: SecurityTracker Alert ID: 1027917 HTB Advisory ID: HTB23129 CVE-2012-5875 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to trigger a null pointer dereference and cause the target service to crash. IMPACT: A remote user can cause denial of service conditions. SOLUTION: No solution was available at the time of this entry. Addthis

403

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

404

V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

68: Splunk Web Input Validation Flaw Permits Cross-Site 68: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks May 31, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Splunk Web PLATFORM: Version(s) prior to 5.0.3 ABSTRACT: A reflected cross-site scripting vulnerability was identified in Splunk Web REFERENCE LINKS: SecurityTracker Alert ID: 1028605 Splunk Security Advisory SPL-59895 CVE-2012-6447 IMPACT ASSESSMENT: Medium DISCUSSION: The web interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will

405

U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query  

Broader source: Energy.gov (indexed) [DOE]

0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc 0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands September 28, 2012 - 6:00am Addthis PROBLEM: Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands PLATFORM: Control Manager - 3.0, 3.5, 5.0, 5.5, 6.0 ABSTRACT: Trend Micro has been notified of a potential product vulnerability in Control Manager. reference LINKS: Trend Micro Technical Support ID 1061043 SecurityTracker Alert ID: 1027584 Secunia Advisory SA50760 CVE-2012-2998 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in Trend Micro Control Manager, which can

406

T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

5: Microsoft SharePoint Multiple Flaws Permit Cross-Site 5: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks September 13, 2011 - 12:35pm Addthis PROBLEM: Multiple vulnerabilities were reported in Microsoft SharePoint. A remote user can conduct cross-site scripting attacks. PLATFORM: Version(s): SharePoint software ABSTRACT: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks. reference LINKS: MS11-074: Article ID: 2552998 SecurityTracker Alert ID: 1026040 CVE-2011-1893 CVE-2011-1892 CVE-2011-1891 CVE-2011-1890 CVE-2011-0653 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted URL or web site that, when loaded by a target user, will cause arbitrary scripting code to be executed

407

T-675: Apple Laptop Battery Interface Lets Local Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

7:03am 7:03am Addthis PROBLEM: A vulnerability was reported in the battery interface used in Apple laptop models. A local user can cause denial of service conditions. PLATFORM: Mac OS X ABSTRACT: Apple Laptop Battery Interface Lets Local Users Deny Service reference LINKS: SecurityTracker Alert ID: 1025831 Apple Article: HT1222 Forbes Article IMPACT ASSESSMENT: Medium Discussion: The battery microcontroller interfaces uses common API keys. A local user with knowledge of the keys can control the microcontroller functions. This can be exploited to prevent the battery from being charged, interfere with battery heat regulation, or cause the battery to stop functioning. Impact: A local user can prevent the battery from charging, interfere with the battery heat regulation, or cause the battery to become unusable. Modern

408

U-094: EMC Documentum Content Server Lets Local Administrative Users Gain  

Broader source: Energy.gov (indexed) [DOE]

4: EMC Documentum Content Server Lets Local Administrative 4: EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges U-094: EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges February 2, 2012 - 9:15am Addthis PROBLEM: EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges PLATFORM: EMC Documentum Content Server 6.0, 6.5, 6.6 ABSTRACT: EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an unauthorized user to obtain highest administrative privileges on the system. reference LINKS: SecurityTracker Alert ID: 1026624 EMC Resource Library CVE-2011-4144 bugtraq ESA-2012-009 IMPACT ASSESSMENT: Medium Discussion: EMC Documentum Content Server contains a security vulnerability that may allow a system administrator to elevate their or other users privileges to

409

U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access  

Broader source: Energy.gov (indexed) [DOE]

5: Apache mod_proxy Pattern Matching Bug Lets Remote Users 5: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers October 6, 2011 - 9:30am Addthis PROBLEM: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers. PLATFORM: Apache HTTP Server 1.3.x, 2.2.21 and prior versions ABSTRACT: A remote user can access internal servers. reference LINKS: The Apache HTTP Server Project SecurityTracker Alert ID: 1026144 CVE-2011-3368 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache mod_proxy. A remote user can access internal servers. When this system is configured in reverse proxy mode and uses the RewriteRule or ProxyPassMatch directives with a pattern match, a remote user can send a specially crafted request to access internal

410

V-085: Cisco Unity Express Input Validation Hole Permits Cross-Site Request  

Broader source: Energy.gov (indexed) [DOE]

5: Cisco Unity Express Input Validation Hole Permits Cross-Site 5: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks V-085: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks February 6, 2013 - 1:06am Addthis PROBLEM: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks PLATFORM: Cisco Unity Express prior to 8.0 ABSTRACT: A vulnerability was reported in Cisco Unity Express. REFERENCE LINKS: Cisco Security Notice SecurityTracker Alert ID: 1028075 CVE-2013-1120 IMPACT ASSESSMENT: Medium DISCUSSION: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by

411

U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

8: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary 8: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code January 25, 2012 - 6:00am Addthis PROBLEM: A remote user can execute arbitrary code on the target system. PLATFORM: Version(s): 12.5 SP3; pcAnywhere Solutions 7.1 GA, SP 1, and SP 2 ABSTRACT: Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system. reference LINKS: Symantec Advisory Secunia Advisory SecurityTracker Alert ID:102576 IMPACT ASSESSMENT: Medium Discussion: A remote user can send specially crafted data to TCP port 5631 to trigger a but in the validation of authentication data and execute arbitrary code.

412

V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE LINKS: RealPlayer Security Vulnerabilities Secunia Advisory SA51589 SecurityTracker Alert ID: 1027893 CVE-2012-5690 CVE-2012-5691 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. A remote user can create a specially crafted RealAudio file that, when

413

U-011: Cisco Security Response: Cisco TelePresence Video Communication  

Broader source: Energy.gov (indexed) [DOE]

1: Cisco Security Response: Cisco TelePresence Video 1: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability U-011: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability October 14, 2011 - 12:30pm Addthis PROBLEM: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability PLATFORM: Version(s): VCS prior to 7.0 ABSTRACT: A vulnerability was reported in Cisco TelePresence Video Communication Server. A remote user can conduct cross-site scripting attacks. reference LINKS: Cisco Document ID: 113264 SecurityTracker Alert ID: 1026186 CVE-2011-3294 IMPACT ASSESSMENT: Medium Discussion: A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based

414

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Broader source: Energy.gov (indexed) [DOE]

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

415

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Broader source: Energy.gov (indexed) [DOE]

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

416

V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB13-09 SecurityTracker Alert ID: 1028277 CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

417

U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

40: HP-UX System Administration Manager Lets Local Users Gain 40: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges November 17, 2011 - 8:00am Addthis PROBLEM: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31; running Enterprise Mobility Suite (EMS) prior to A.04.20.11.04_01 ABSTRACT: A local user can obtain elevated privileges on the target system. reference LINKS: HP Support Center Document ID: c03089106 CVE-2011-4159 SecurityTracker Alert ID: 1026331 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP-UX System Administration Manager. A local user can obtain elevated privileges on the target system. A local user can gain full control of the target system.

418

V-195: RSA Authentication Manager Lets Local Users View the Administrative  

Broader source: Energy.gov (indexed) [DOE]

95: RSA Authentication Manager Lets Local Users View the 95: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password July 9, 2013 - 12:51am Addthis PROBLEM: RSA Authentication Manager Lets Local Users View the Administrative Account Password PLATFORM: RSA Authentication Manager 7.1, 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028742 CVE-2013-3273 RSA IMPACT ASSESSMENT: Medium DISCUSSION: When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace

419

U-071:HP Database Archiving Software Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

1:HP Database Archiving Software Bugs Let Remote Users Execute 1:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code U-071:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code December 29, 2011 - 8:15am Addthis PROBLEM: HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Database Archiving Software v6.31 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Database Document ID: c03128302 SecurityTracker Alert ID: 1026467 CVE-2011-4163 CVE-2011-4164 CVE-2011-4165 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Database Archiving Software. A remote user can execute arbitrary code on the target system. Impact: A remote user can execute arbitrary code on the target system. Solution:

420

T-653: Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed  

Broader source: Energy.gov (indexed) [DOE]

53: Linux Kernel sigqueueinfo() Process Lets Local Users Send 53: Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed Signals T-653: Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed Signals June 23, 2011 - 4:49am Addthis PROBLEM: Userland should be able to trust the pid and uid of the sender of a signal if the si_code is SI_TKILL. PLATFORM: Version(s): prior to 2.6.38 ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user can send spoofed signals to other processes in certain cases. reference LINKS: OSVDB ID: 71652 SecurityTracker Alert ID: 1025690 Linux Update CVE-2011-1182 Linux Reference 1 Linux Reference 2 IMPACT ASSESSMENT: High Discussion: A local user with the ability to send signals to a process can spoof the uid and pid of the sending process via the sigqueueinfo() system call.

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

U-223: Bugzilla May Disclose Confidential Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

3: Bugzilla May Disclose Confidential Information to Remote 3: Bugzilla May Disclose Confidential Information to Remote Users U-223: Bugzilla May Disclose Confidential Information to Remote Users July 30, 2012 - 7:00am Addthis PROBLEM: Bugzilla May Disclose Confidential Information to Remote Users PLATFORM: Version(s): 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 ABSTRACT: Two vulnerabilities were reported in Bugzilla. reference LINKS: The Vendor's Advisory Security Advisories CVE-2012-1969 CVE-2012-1968 SecurityTracker Alert ID: 1027320 Bug 777586 IMPACT ASSESSMENT: High Discussion: Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and attachments

422

U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local  

Broader source: Energy.gov (indexed) [DOE]

2: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets 2: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges August 23, 2012 - 7:00am Addthis PROBLEM: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges PLATFORM: Linux Kernel 3.2.x Linux Kernel 3.4.x Linux Kernel 3.5.x ABSTRACT: A vulnerability was reported in the Linux Kernel. reference LINKS: The Linux Kernel Archives SecurityTracker Alert ID: 1027434 Secunia Advisory SA50323 CVE-2012-3520 IMPACT ASSESSMENT: Medium Discussion: A local user can obtain elevated privileges on the target system. A local user may be able to send specially crafted Netlink messages to spoof SCM_CREDENTIALS and perform actions with elevated privileges.

423

Educational Global Climate Change Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Educational Global Climate Change Links Educational Global Climate Change Links Evidence of the importance of global climate change to the future generation is reflected in the increasing number of queries CDIAC receives from students and educators, from a range of educational levels. We have compiled a listing of some sites that we hope will be of interest and of use to those looking for information, fun, ideas, and ways that they can make a difference. These links were chosen because we have found them useful in responding to those with inquiring minds. These links will take the user outside of CDIAC, and are by no means comprehensive. We are not responsible for the content or intent of these outside links. Tools you can use! NOAA's Global Climate Dashboard - The Global Climate Dashboard is

424

Related Links | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Related Links Related Links Related Links November 1, 2013 - 11:40am Addthis Need additional help or more information? DOE's CHP Technical Assistance Partnerships (CHP TAPs) provide local, individualized solutions to customers on specific combined heat and power (CHP) projects. Partners of DOE's CHP Program include federal and state agencies, non-governmental organizations, international entities, private clean energy companies, technology developers, and commercial builders and developers. Partners American Council for an Energy-Efficient Economy (ACEEE) Argonne National Laboratory (ANL) CHP Association International District Energy Association (IDEA) International Energy Agency (IEA) National Energy Technology Laboratory (NETL) New York State Energy Research and Development Authority (NYSERDA)

425

NREL: Energy Analysis - Related Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Related Links Related Links Here you'll find links to other programs, organizations, and information resources concerning other analysis capabilities, energy-modeling, and technology expertise related to renewable energy. International Applications NREL's International Program in its effort to promote the use of renewable energy as a tool for sustainable development, applies world-class expertise in technology development and deployment, economic analysis, resource assessment, project design and implementation, and policy formulation. Assisting State and Local Governments Using renewable energy and being energy efficient is smart. Not only does it protect the environment, it benefits the economy. Many mayors, governors, city/county commissioners, state legislators, state energy

426

Plug-in Hybrid Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Plug-in Hybrid Links Plug-in Hybrid Links Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Plug-in Hybrid Vehicles and Manufacturers Chevrolet Volt Official site for the Chevrolet Volt Cadillac ELR Official site for the Cadillac ELR (arriving early 2014) Ford C-MAX Energi Plug-in Hybrid Official site for the C-MAX Energi Plug-in Hybrid Ford Fusion Energi Plug-in Hybrid Official site for the Fusion Energi Plug-in Hybrid Honda Accord Plug-in Official site for the Honda Accord Plug-in Hybrid Toyota Prius Plug-in Official site for the Toyota Prius Plug-in Hybrid Plug-in-Related Information and Tools

427

Linked Deposit Loan Program (Kentucky)  

Broader source: Energy.gov [DOE]

The Linked Deposit Program provides loan financing for small businesses of up to $100,000 for up to 7 years. The State Investment Commission invests funds from the state's Abandoned Property Cash...

428

Link invariants from finite racks  

E-Print Network [OSTI]

We define ambient isotopy invariants of oriented knots and links using the counting invariants of framed links defined by finite racks. These invariants reduce to the usual quandle counting invariant when the rack in question is a quandle. We are able to further enhance these counting invariants with 2-cocycles from the coloring rack's second rack cohomology satisfying a new degeneracy condition which reduces to the usual case for quandles.

Nelson, Sam

2008-01-01T23:59:59.000Z

429

Galaxy Clusters in the Swift/Burst Alert Telescope Era: Hard X-rays in the Intracluster Medium  

Science Journals Connector (OSTI)

We report the detection of 10 clusters of galaxies in the ongoing Swift/Burst Alert Telescope (BAT) all-sky survey. This sample, which mostly comprises merging clusters, was serendipitously detected in the 15-55 keV band. We use the BAT sample to investigate the presence of excess hard X-rays above the thermal emission. The BAT clusters do not show significant (e.g., ?2?) nonthermal hard X-ray emission. The only exception is represented by Perseus whose high-energy emission is likely due to NGC 1275. Using XMM-Newton, Swift/XRT, Chandra and BAT data, we are able to produce upper limits of the inverse Compton (IC) emission mechanism which are in disagreement with most of the previously-claimed hard X-ray excesses. The coupling of the X-ray upper limits of the IC mechanism to radio data shows that, in some clusters, the magnetic field might be larger than 0.5 ?G. We also derive the first log N-log S and luminosity function distributions of galaxy clusters above 15 keV.

M. Ajello; P. Rebusco; N. Cappelluti; O. Reimer; H. Bhringer; J. Greiner; N. Gehrels; J. Tueller; A. Moretti

2009-01-01T23:59:59.000Z

430

Identification of glioma cancer-alerted gene markers based on a diagnostic outcome correlation analysis preferential approach  

Science Journals Connector (OSTI)

Identifying glioma cancer-alerted genetic markers through analysis of microarray data allows us to detect tumours at the genome-wide level. To this end, we propose to identify glioma gene markers based primarily on their correlation with the glioma diagnostic outcomes, rather than merely on the classification quality or differential expression levels, as it is not the classification or expression level per se that is crucial, but the selection of biologically relevant biomarkers is the most important issue. With the help of singular value decomposition, microarray data are decomposed and the eigenvectors corresponding to the biological effect of diagnostic outcomes are identified. Genes that play important roles in determining this biological effect are thus detected. Therefore, genes are essentially identified in terms of their strength of association with diagnostic outcomes. Monte Carlo simulations are then used to fine tune the selected gene set in terms of classification accuracy. Experiments show that the proposed method achieves better classification accuracies and is data sets independent. Graph-based statistical analysis showed that the selected genes have close relationships with glioma diagnostic outcomes. Further biological database and literature study confirms that the identified genes are biologically relevant.

Bin Han; Haifeng Lai; Ruifei Xie; Lihua Li; Lei Zhu

2014-01-01T23:59:59.000Z

431

Alternative Fuels Data Center: Electricity Related Links  

Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

Electricity Electricity Printable Version Share this resource Send a link to Alternative Fuels Data Center: Electricity Related Links to someone by E-mail Share Alternative Fuels Data Center: Electricity Related Links on Facebook Tweet about Alternative Fuels Data Center: Electricity Related Links on Twitter Bookmark Alternative Fuels Data Center: Electricity Related Links on Google Bookmark Alternative Fuels Data Center: Electricity Related Links on Delicious Rank Alternative Fuels Data Center: Electricity Related Links on Digg Find More places to share Alternative Fuels Data Center: Electricity Related Links on AddThis.com... More in this section... Electricity Basics Production & Distribution Research & Development Related Links Benefits & Considerations Stations

432

Alternative Fuels Data Center: Biodiesel Related Links  

Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

Biodiesel Biodiesel Printable Version Share this resource Send a link to Alternative Fuels Data Center: Biodiesel Related Links to someone by E-mail Share Alternative Fuels Data Center: Biodiesel Related Links on Facebook Tweet about Alternative Fuels Data Center: Biodiesel Related Links on Twitter Bookmark Alternative Fuels Data Center: Biodiesel Related Links on Google Bookmark Alternative Fuels Data Center: Biodiesel Related Links on Delicious Rank Alternative Fuels Data Center: Biodiesel Related Links on Digg Find More places to share Alternative Fuels Data Center: Biodiesel Related Links on AddThis.com... More in this section... Biodiesel Basics Blends Production & Distribution Specifications Related Links Benefits & Considerations Stations Vehicles Laws & Incentives

433

Alternative Fuels Data Center: Hydrogen Related Links  

Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

Hydrogen Hydrogen Printable Version Share this resource Send a link to Alternative Fuels Data Center: Hydrogen Related Links to someone by E-mail Share Alternative Fuels Data Center: Hydrogen Related Links on Facebook Tweet about Alternative Fuels Data Center: Hydrogen Related Links on Twitter Bookmark Alternative Fuels Data Center: Hydrogen Related Links on Google Bookmark Alternative Fuels Data Center: Hydrogen Related Links on Delicious Rank Alternative Fuels Data Center: Hydrogen Related Links on Digg Find More places to share Alternative Fuels Data Center: Hydrogen Related Links on AddThis.com... More in this section... Hydrogen Basics Production & Distribution Research & Development Related Links Benefits & Considerations Stations Vehicles Laws & Incentives

434

Alternative Fuels Data Center: Ethanol Related Links  

Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

Ethanol Ethanol Printable Version Share this resource Send a link to Alternative Fuels Data Center: Ethanol Related Links to someone by E-mail Share Alternative Fuels Data Center: Ethanol Related Links on Facebook Tweet about Alternative Fuels Data Center: Ethanol Related Links on Twitter Bookmark Alternative Fuels Data Center: Ethanol Related Links on Google Bookmark Alternative Fuels Data Center: Ethanol Related Links on Delicious Rank Alternative Fuels Data Center: Ethanol Related Links on Digg Find More places to share Alternative Fuels Data Center: Ethanol Related Links on AddThis.com... More in this section... Ethanol Basics Blends Specifications Production & Distribution Feedstocks Related Links Benefits & Considerations Stations Vehicles Laws & Incentives

435

Energy Citations Database (ECD) - Site Map  

Office of Scientific and Technical Information (OSTI)

Site Map Home Basic Search Fielded Search Document Availability About ECD Help FAQ Contact Us Website Policies and Important Links Alerts Log On Alerts Registration Alerts Help...

436

EIA - Related Links for Transportation  

U.S. Energy Information Administration (EIA) Indexed Site

Transportation Related Links Transportation Related Links Transportation Related Links government reports, data, and web sites (sorted alphabetically by primary agency) Date Last Updated/Reviewed: December 2006 Next Update/Review: April 2007 Federal and International Agencies and Institutes International Energy Agency (IEA) Dealing with Climate Change The International Energy Agency's »Dealing with Climate Change« database of policies and measures now features 2005 revisions and developments. The database has expanded to include more than 1400 records of the climate policy process in the IEA's 26 Member Countries since 1999. Member country governments have reviewed and endorsed the policies listed, reinforcing the informative value and authority of the database. The database is freely accessible online.

437

Related Links | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Related Links Related Links Related Links Private, public, and nonprofit organizations around the country offer a wide range of courses and other services to help you either improve your current skills or learn new ones. The sites featured here can help you find courses of specific interest as well as other information about training requirements for certain energy jobs. DOE Related Advanced Manufacturing Office: Training Find training sessions in your area and learn how to save energy in your manufacturing plant or commercial building. American Museum of Science & Energy Learn more about the American Museum of Science & Energy (AMSE), a DOE-sponsored museum in Oak Ridge, TN, that provides cultural, educational, and scientific programs and exhibits, as well as summer camps for kids.

438

Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Home > Field Offices > Welcome to the NNSA Production Office > Links Home > Field Offices > Welcome to the NNSA Production Office > Links Links NNSA HQ National Nuclear Security Administration Advanced Simulation & Computing NNSA Graduate Program NNSA Small Business Program Office of Defense Nuclear Nonproliferation Field Offices NNSA Albuquerque Complex Kansas City Field Office Livermore Field Office Los Alamos Field Office Naval Reactors Idaho Branch Office Nevada Field Office Sandia Field Office DOE Oak Ridge Sites Oak Ridge Office Oak Ridge National Laboratory UCOR Oak Ridge Institute for Science and Education Oak Ridge Site Specific Advisory Board American Museum of Science and Energy City of Oak Ridge Plants Laboratories Bechtel Nevada Bettis Laboratory Kansas City Plant Knolls Atomic Power Laboratory Lawrence Livermore National Laboratory

439

Ising-link Regge gravity  

Science Journals Connector (OSTI)

We define a simplified version of Regge quantum gravity where the link lengths can take on only two possible values, both always compatible with the triangle inequalities. This is therefore equivalent to a model of Ising spins living on the links of a regular lattice with somewhat complicated, yet local interactions. The measure corresponds to the natural sum over all 2?links configurations, and numerical simulations can be efficiently implemented by means of look-up tables. In three dimensions we find a peak in the curvature susceptibility which grows with increasing system size. The value of the corresponding critical exponent appears to vary with the cosmological constant ?, agreeing with Regge gravity for at least one value of ?. However, the curvature does not go to zero at the transition.

Tom Fleming; Mark Gross; Ray Renken

1994-12-15T23:59:59.000Z

440

Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Related Sites National Nanotechnology Initiative Nano Technology Industries Advanced Materials Research Institute Institute of Physics Max-Planck Institute for Kohlenforschung The...

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

Linked Environments for Atmospheric Discovery Linked Environments for Atmospheric  

E-Print Network [OSTI]

Unidata Program Center #12;Linked Environments for Atmospheric Discovery The Team: 9 institutions and 105 MethodologyTraditional NWP Methodology STATIC OBSERVATIONS Radar Data Mobile Mesonets Surface Observations Satellites The Process is Entirely Prescheduled and Serial; It Does NOT Respond to the Weather! The Process

442

Property:News/Link | Open Energy Information  

Open Energy Info (EERE)

NewsLink Jump to: navigation, search This is a property of type URL. Retrieved from "http:en.openei.orgwindex.php?titleProperty:NewsLink&oldid285881"...

443

Related Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

About Us Our Programs Defense Programs Future Science & Technology Programs Advanced Simulation and Computing and Institutional R&D Programs Related Links Related Links...

444

Voluntary Protection Program - Related Links | Department of...  

Broader source: Energy.gov (indexed) [DOE]

- Related Links Voluntary Protection Program - Related Links VPPPA - The Voluntary Protection Programs Participants' Association, a non- profit organization is leading the way in...

445

Energy Education Links | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

For Students and Educators Energy Education Links Energy Education Links These Web sites offer educational information about hydrogen and fuel cell technologies. American...

446

Linking Cyclicality and Product Quality  

Science Journals Connector (OSTI)

This paper examines the impact of architectural decisions on the level of defects in a product. We view products as collections of components linked together to work as an integrated whole. Previous work has established modularity how decoupled ... Keywords: cycles, defects, iterative problem solving, modularity, product architecture

Manuel E. Sosa; Jrgen Mihm; Tyson R. Browning

2013-07-01T23:59:59.000Z

447

RELATED LINKS Green Technology for  

E-Print Network [OSTI]

have been certified to the National Green Building Standard, which was approved earlier this year by the American National Standards Institute. Preferences for specific green building techniques are decidedlyRELATED LINKS Green Technology for 2009: See the Photos Green Building: Getting Past the Media Hype

448

Alternative Fuels Data Center: Propane Related Links  

Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

Propane Propane Printable Version Share this resource Send a link to Alternative Fuels Data Center: Propane Related Links to someone by E-mail Share Alternative Fuels Data Center: Propane Related Links on Facebook Tweet about Alternative Fuels Data Center: Propane Related Links on Twitter Bookmark Alternative Fuels Data Center: Propane Related Links on Google Bookmark Alternative Fuels Data Center: Propane Related Links on Delicious Rank Alternative Fuels Data Center: Propane Related Links on Digg Find More places to share Alternative Fuels Data Center: Propane Related Links on AddThis.com... More in this section... Propane Basics Production & Distribution Related Links Benefits & Considerations Stations Vehicles Laws & Incentives Propane Related Links This list includes links related to propane. The Alternative Fuels Data

449

Wireless Link Scheduling under Physical Interference Model  

E-Print Network [OSTI]

approximation algorithms for link scheduling with or without power control. Index Terms--Link schedulingWireless Link Scheduling under Physical Interference Model Peng-Jun Wan, Ophir Frieder, Xiaohua Jia: jia@cs.cityu.edu.hk, csfyao@cityu.edu.hk Abstract--Link scheduling is a fundamental problem in multi

Jia, Xiaohua

450

RADIATION ALERT User Manual  

E-Print Network [OSTI]

not contaminate the Inspector by touching it to radioactive surfaces or materials. If contamination is suspected Environmental Area Monitoring 16 Checking for Surface Contamination 16 5 Maintenance 17 Calibration 17, and x-ray radiation. Its applications include: · Detecting and measuring surface contamination

Haller, Gary L.

451

BPA LINKED TO HEALTH PROBLEMS  

Science Journals Connector (OSTI)

BPA LINKED TO HEALTH PROBLEMS ... A STUDY PUBLISHED last week in the Journal of the American Medical Association suggests that people with high concentrations of bisphenol A (BPA) in their bodies are more likely to have heart disease, diabetes, and liver damage ( J. Am. ... The American Chemistry Council (ACC), which represents major U.S. chemical manufacturers, has steadfastly defended the safety of BPA and says the new JAMA study has substantial limitations and is far from conclusive. ...

GLENN HESS

2008-09-22T23:59:59.000Z

452

Breaking information-thermodynamics link  

E-Print Network [OSTI]

The information-thermodynamics link is revisited, going back to the analysis of Szilard's engine. It is argued that instead of equivalence rather complementarity of physical entropy and information theoretical one is a correct concept. Famous Landauer's formula for a minimal cost of information processing is replaced by a new one which takes into account accuracy and stability of information encoding. Two recent experiments illustrating the information-energy conversion are critically discussed.

Robert Alicki

2014-06-23T23:59:59.000Z

453

Alternative Fuels Data Center: Related Links  

Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

Related Links to Related Links to someone by E-mail Share Alternative Fuels Data Center: Related Links on Facebook Tweet about Alternative Fuels Data Center: Related Links on Twitter Bookmark Alternative Fuels Data Center: Related Links on Google Bookmark Alternative Fuels Data Center: Related Links on Delicious Rank Alternative Fuels Data Center: Related Links on Digg Find More places to share Alternative Fuels Data Center: Related Links on AddThis.com... Related Links For a list of additional resources about alternative fuels and advanced vehicles, select one or more categories below. All organizations are provided as suggested resources. The Alternative Fuels Data Center does not endorse these companies or the products and services listed on their websites (see disclaimer).

454

Modeling photonic links in Verilog-A  

E-Print Network [OSTI]

Integrated photonic links are a promising emerging technology that can relieve the interconnect bottleneck in core-to-core and core-to-memory communications of modern processors. Developing and optimizing photonic link ...

Kononov, Ekaterina (Ekaterina R.)

2013-01-01T23:59:59.000Z

455

SunLink Corporation | Open Energy Information  

Open Energy Info (EERE)

Name: SunLink Corporation Place: Larkspur, California Zip: 94939 Product: US-based manufacturer of PV roof and ground mounting systems. References: SunLink Corporation1 This...

456

Track with overlapping links for dry coal extrusion pumps  

DOE Patents [OSTI]

A chain for a particulate material extrusion pump includes a plurality of links, each of the plurality of links having a link body and a link ledge, wherein each link ledge of the plurality of links at least partially overlaps the link body of an adjacent one of the plurality of links.

Saunders, Timothy; Brady, John D

2014-01-21T23:59:59.000Z

457

Optimal Power Schedule for Distributed MIMO Links  

E-Print Network [OSTI]

an integration of link scheduling and power control for MIMOmedium access control, space-time power scheduling. Fig. 1.

Rong, Yue; Hua, Yingbo

2008-01-01T23:59:59.000Z

458

Linking Transcribed Conversational Speech Joseph Malionek  

E-Print Network [OSTI]

-of-words techniques can identify some useful links. Categories and Subject Descriptors H.3.m [Information Systems

Oard, Doug

459

Japan aims to forge stronger European links  

Science Journals Connector (OSTI)

... Government officials in Japan are addressing what they see as a growing problem in science weak links with ...

David Cyranoski

2001-06-21T23:59:59.000Z

460

PIPELINES AS COMMUNICATION NETWORK LINKS  

SciTech Connect (OSTI)

This report presents the results of an investigation into two methods of using the natural gas pipeline as a communication medium. The work addressed the need to develop secure system monitoring and control techniques between the field and control centers and to robotic devices in the pipeline. In the first method, the pipeline was treated as a microwave waveguide. In the second method, the pipe was treated as a leaky feeder or a multi-ground neutral and the signal was directly injected onto the metal pipe. These methods were tested on existing pipeline loops at UMR and Batelle. The results reported in this report indicate the feasibility of both methods. In addition, a few suitable communication link protocols for this network were analyzed.

Kelvin T. Erickson; Ann Miller; E. Keith Stanek; C.H. Wu; Shari Dunn-Norman

2005-03-14T23:59:59.000Z

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

Widget:LinkButton | Open Energy Information  

Open Energy Info (EERE)

source source History View New Pages Recent Changes All Special Pages Semantic Search/Querying Get Involved Help Apps Datasets Community Login | Sign Up Search Widget Edit History Facebook icon Twitter icon » Widget:LinkButton Jump to: navigation, search Basic button for links, opens in the same browser tab. Use Widget:ExternalLinkButton for launching link in a new browser tab (_blank). Parameters Include: action - url to link to value - button text class - add additional css classes, separate multiple classes with spaces (i.e.- btn-primary) style - add style elements, cannot change button color with this (optional) id - element id Examples Default Button Visit FWA {{#Widget:LinkButton | action=http://www.thefwa.com | value=Visit FWA}} Primary Button Visit FWA {{#Widget:LinkButton | action=http://www.thefwa.com | value=Visit FWA | class=btn-primary}}

462

V-084: RSA Archer eGRC Permits Cross-Site Scripting, Cross-Domain Access,  

Broader source: Energy.gov (indexed) [DOE]

84: RSA Archer eGRC Permits Cross-Site Scripting, Cross-Domain 84: RSA Archer eGRC Permits Cross-Site Scripting, Cross-Domain Access, Clickjacking, and File Upload Attacks V-084: RSA Archer eGRC Permits Cross-Site Scripting, Cross-Domain Access, Clickjacking, and File Upload Attacks February 5, 2013 - 12:01am Addthis PROBLEM: RSA Archer eGRC Permits Cross-Site Scripting, Cross-Domain Access, Clickjacking, and File Upload Attacks PLATFORM: RSA Archer SmartSuite Framework version 4.x RSA Archer GRC version 5.x ABSTRACT: Several vulnerabilities were reported in RSA Archer eGRC. REFERENCE LINKS: Security Alert: ESA-2013-002 SecurityTracker Alert ID: 1028073 CVE-2012-1064 CVE-2012-2292 CVE-2012-2293 CVE-2012-2294 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can cause arbitrary scripting code to be executed by the target user's browser [CVE-2012-1064]. The code will originate from the

463

Management Alert - The 2020 Vision One System Proposal for Commissioning and Startup of the Waste Treatment and Immobilization Plant, IG-0871  

Broader source: Energy.gov (indexed) [DOE]

The 2020 Vision One System Proposal The 2020 Vision One System Proposal for Commissioning and Startup of the Waste Treatment and Immobilization Plant DOE/IG-0871 October 2012 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 October 3, 2012 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Management Alert on "The 2020 Vision One System Proposal for Commissioning and Startup of the Waste Treatment and Immobilization Plant" IMMEDIATE CONCERN The Department of Energy is considering a proposal known at the 2020 Vision One System (2020 Vision) that would implement a phased approach to commissioning the $12.2 billion Waste Treatment and Immobilization Plant (WTP). As part of the phased approach, the Low-

464

Crime Alert: Theft of Cell Phone near Campus On November 8th, at about 4:00 pm, a student was walking on Blaine St, near Canyon Crest Drive  

E-Print Network [OSTI]

Crime Alert: Theft of Cell Phone near Campus On November 8th, at about 4:00 pm, a student was walking on Blaine St, near Canyon Crest Drive listening to his iPhone on a pair of headphones. A subject approached him, asked to use his iPhone and when the victim refused, the suspect grabbed the phone and ran

465

Sign In My EndNote Web My ResearcherID My Citation Alerts My Saved Searches Log Out Help Search Cited Reference Search Advanced Search Search History Marked List (0)  

E-Print Network [OSTI]

Cited Reference Search Advanced Search Search History Marked List (0) Web of Science® Sign In My EndNote Web My ResearcherID My Citation Alerts My Saved Searches Log Out Help Search a Cited Reference Search to include citations to items not indexed within Web of Science. Citation Report

Wang, Zhong L.

466

Sign In My EndNote Web My ResearcherID My Citation Alerts My Saved Searches Log Out Help Search Cited Reference Search Advanced Search Search History Marked List (0)  

E-Print Network [OSTI]

Cited Reference Search Advanced Search Search History Marked List (0) Web of Science® Sign In My EndNote Web My ResearcherID My Citation Alerts My Saved Searches Log Out Help Search&HCI. This report reflects citations to source items indexed within Web of Science. Perform a Cited Reference Search

Wang, Zhong L.

467

Jordan Boyd-Graber, Kimberly Glasgow, and Jackie Sauter Zajac. Spoiler Alert: Machine Learning Approaches to Detect Social Media Posts with Revelatory Information. ASIST 2013: The 76th Annual Meeting of the American  

E-Print Network [OSTI]

Jordan Boyd-Graber, Kimberly Glasgow, and Jackie Sauter Zajac. Spoiler Alert: Machine Learning of the American Society for Information Science and Technology, 2013. @inproceedings{Boyd and Technology Author = {Jordan Boyd-Graber and Kimberly Glasgow and Jackie Sauter Zajac}, Year = {2013

Boyd-Graber, Jordan

468

linked open data | OpenEI Community  

Open Energy Info (EERE)

linked open data linked open data Home Jweers's picture Submitted by Jweers(83) Contributor 10 October, 2012 - 08:20 LOD Workshop Invitation Event linked open data LOD Open Data workshop Update the invitation (attached). It now features a link to the public facing wiki page.Upload Files: application/pdf icon LOD Workshop Invitation Jweers's picture Submitted by Jweers(83) Contributor 8 October, 2012 - 15:42 LOD Workshop Invitation Event linked open data LOD Open Data workshop The latest invitation.Upload Files: application/pdf icon lod_workshop_invitation.pdf Linked Open Data Workshop in Washington, D.C. Description: A group organizing the LOD workshop in Washington, D.C. in fall 2012 A follow-up event to the successful LOD Workshop held in Abu Dhabi last January, this event aims to bring together key parties in the states, to

469

New Optical Link Technologies for HEP Experiments  

E-Print Network [OSTI]

As a concern with the reliability and mass of current optical links in LHC experiments, we are investigating CW lasers and light modulators as an alternative to VCSELs. In addition we are developing data links in air, utilizing steering by MEMS mirrors and optical feedback paths for the control loop. Laser, modulator, and lens systems used are described, as well as two different electronic systems for a free space steering feedback loop. Our prototype system currently operates at 1.25 Gb/s, but could be upgraded. This link works over distances of order meters. Such links might enable one to move communication lasers (e.g. VCSELs) and optical fibers out of tracking detectors, for reasons such as reliability and power consumption. Some applications for free space data links, such as local triggering and data readout and trigger-clock distribution and links for much longer distances are also discussed.

P. Delurgio; W. Fernando; B. Salvachua; D. Lopez; R. Stanek; D. Underwood

2011-09-30T23:59:59.000Z

470

Demo Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Demo Links | National Nuclear Security Administration Demo Links | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Demo Links Home > About Us > Our Operations > Management and Budget > Human Resources > Pay-banding > Demo Links Demo Links Federal Register Notices July 31, 2008: Federal Register Notice This is a link to a PDF document.

471

Nuclear power, nuclear eapons link argued  

Science Journals Connector (OSTI)

Nuclear power, nuclear eapons link argued ... The problem of the spread of nuclear weapons to nations not currently possessing themso-called horizontal proliferationoften is linked to development of commercial nuclear power. ... However, John P. Holdren, professor of energy and resources at the University of California, Berkeley, maintains that commercial nuclear power is linked intimately to horizontal proliferation and that the development of alternative energy technologies is crucial to prevent the spread. ...

1982-02-08T23:59:59.000Z

472

Help:Linked images | Open Energy Information  

Open Energy Info (EERE)

Redirect page Jump to: navigation, search REDIRECT Manual:Linked images Retrieved from "http:en.openei.orgwindex.php?titleHelp:Linkedimages&oldid58478"...

473

Introduction to the Use of Link Analysis  

E-Print Network [OSTI]

Introduction to the Use of Link Analysis by Web Search Engines Amy Langville langvillea's SMART system 1989 Berner-Lee's WWW #12;the pre-1998 Web Yahoo · hierarchies of sites · organized inaccessible, seemed almost intolerable. #12;1998 ... enter Link Analysis Change in User Attitudes about Web

Kunkle, Tom

474

Disulfide-Linked Protein Folding Pathways  

E-Print Network [OSTI]

Disulfide-Linked Protein Folding Pathways Bharath S. Mamathambika1,3 and James C. Bardwell2,3, 1 of protein folding is difficult because it involves the identification and characterization of folding to protein folding in vitro and in vivo. 211 Click here for quick links to Annual Reviews content online

Bardwell, James

475

Wireless link design using a patch antenna  

SciTech Connect (OSTI)

A wireless link was designed using a patch antenna. In the process, several different models were tested. Testing proved a patch antenna was a viable solution for building a wireless link within the design specifications. Also, this experimentation provided a basis for future patch antenna design.

Hall, E

2000-08-11T23:59:59.000Z

476

EEO Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Links | National Nuclear Security Administration Links | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog EEO Links Home > About Us > Our Operations > Management and Budget > Office of Civil Rights > EEO Links EEO Links DOE Office of Civil Rights (weblink) Department Of Justice Civil Rights Division (weblink) Department of Veterans Affairs (weblink)

477

Central Internet Database (CID) Related Links  

Office of Environmental Management (EM)

Related Links Related Links Central Internet Database CID Photo Banner Links to Waste and Materials Disposition Information Below is a collection of reports and links to various documents that provide information related to waste and material disposition. While most of these are directly related to the Department of Energy's waste management activities, some links include information from the commercial sector. Some of the information provides an historical context for current waste disposition alternatives. To view PDF documents, please ensure Adobe Reader is installed on your computer, it is available to download here Exit CID Website . Waste Volume Related Databases For DOE/EM waste and material stream data: Waste Information Management System (WIMS) provided by Florida International University Exit CID Website

478

ElectraLink | Open Energy Information  

Open Energy Info (EERE)

ElectraLink ElectraLink Jump to: navigation, search Name ElectraLink Place London, United Kingdom Product London-based ElectraLink specialises in technology to communicate data between the participants in the competitive electricity market. Coordinates 51.506325°, -0.127144° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":51.506325,"lon":-0.127144,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

479

Racks and Links in Codimension 2 Introduction RACKS AND LINKS IN CODIMENSION TWO  

E-Print Network [OSTI]

Racks and Links in Codimension 2 Introduction RACKS AND LINKS IN CODIMENSION TWO ROGER FENN University of Warwick Coventry CV4 7AL UK Received 11 October 1991 ABSTRACT A rack, which is the algebraic is an automorphism. Any codimension two link has a fundamental rack which contains more information than

Fenn, Roger

480

Related Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

The National Nuclear Security Administration The National Nuclear Security Administration Related Links Home > About Us > Our Programs > Defense Programs > Future Science & Technology Programs > Office of Advanced Simulation and Computing and Institutional R&D Programs > Related Links Related Links NNSA Lab Directed Research and Development (LDRD) Lab Directed Research and Development Collaborations DOE Adanced Scientific Computing Research DTRA (Defense Threat Reduction Agency) NAS (National Academy of Sciences) NSF (National Science Foundation) DOD (Department of Defense) NASA Exascale Activities NNSA Exascale Environment Planning Workshop ASCR Co-Design Centers Supercomputing Top 500 List ASC at Supercomputing Conference Printer-friendly version Printer-friendly version Facebook

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


481

Linked data platform for web applications  

E-Print Network [OSTI]

Most of today's web applications are tightly coupled to proprietary server backends that store and control all user data. This thesis presents Linked Data as a decentralized web app platform, eliminating vendor lock-in, ...

Presbrey, Joe (Joseph Warren)

2014-01-01T23:59:59.000Z

482

Linked Deposit Loan Program (West Virginia)  

Broader source: Energy.gov [DOE]

The Linked Deposit Loan Program is targeted at small, private firms with 50 or fewer employees and gross annual revenues of $5 million or less comes. This loan offered through the West Virginia...

483

Small Business Linked Deposit Program (Oklahoma)  

Broader source: Energy.gov [DOE]

The Small Business Linked Deposit Program provides below-market interest rates for qualified small businesses and certified industrial parks through local financing sources. Loans are for a two...

484

Hawaii Noise Forms and Links Webpage | Open Energy Information  

Open Energy Info (EERE)

and Links Webpage Jump to: navigation, search OpenEI Reference LibraryAdd to library Web Site: Hawaii Noise Forms and Links Webpage Abstract This webpage contains links to...

485

Environmental Justice Links | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Links Links Environmental Justice Links Public Information Center DOE Library U.S. Department of Health and Human Services (HHS), National Health Information Center U.S. Department of Health and Human Services (HHS), Office of Minority Health Resource Center U.S. Department of Housing and Urban Development Online Library U.S. Department of Interior Library U.S. Department of Labor Library U.S. Department of Transportation (DOT) Library U.S. Environmental Protection Agency Public Information Centers U.S. National Agricultural Library (USDA) Legal Resources Earthjustice (formerly: Sierra Club Legal Defense Fund) Lawyers' Committee for Civil Rights Under Law New Mexico Environmental Law Center New York Lawyers for the Public Interest The Environmental Law Institute Environmental Law & Climate Change Center (from LexisNexis)

486

Related Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Los Alamos Field Office > Related Los Alamos Field Office > Related Links Related Links NNSA and Other Related Links DOE/NNSA Phonebook Freedom of Information Act Department of Energy DOE Directives DOE Jobs Online Defense Nuclear Facilities Safety Board DOE Pulse Publication DOE Office of Health, Safety and Security USA.Gov Los Alamos County Los Alamos National Laboratory LANL Phonebook National Nuclear Security Administration NNSA Service Center - Albuquerque NNSA Nevada Field Office New Mexico Environmental Department - LANL Sandia National Laboratories Waste Isolation Pilot Plant U.S. Department of Homeland Security Code of Federal Regulations Printer-friendly version Printer-friendly version Facebook Twitter Youtube Flickr General Information About Los Alamos Field Office Contact Us Employee Concerns Program

487

NREL: Financing Geothermal Power Projects - Related Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Related Links Related Links View these websites for more information on geothermal power project financing. NREL Geothermal Policymakers' Guidebooks NREL Geothermal Policymakers' Guidebooks Learn the five key steps for creating effective policy and increasing the deployment of geothermal electricity generation technologies. California Energy Commission's Geothermal Program Here you'll find information on the California Energy Commission's geothermal program, including geothermal energy, funding opportunities, and contacts. Database of State Incentives for Renewables and Energy Efficiency This database of state, local, utility, and federal incentives and policies that promote renewable energy and energy efficiency can help you find financing incentives and opportunities in your state.

488

Related Links on Hawaii | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Hawaii Hawaii Related Links on Hawaii Below are related links to resources specifically for implementing energy efficiency and renewable energy technologies in Hawaii. Learn more about deployment efforts in Hawaii. Department of Economic Development, Business, and Tourism The state's Department of Business, Economic Development and Tourism works closely with DOE and the National Renewable Energy Laboratory (NREL) to implement deployment efforts from Hawaii Clean Energy Initiative activities. Find resources for economic and statistical data, business development opportunities, energy and conservation information, and foreign trade advantages. Electric Vehicles in Hawaii The state of Hawaii sees the use of electric vehicles (EVs) as one solution to reducing the state's petroleum consumption and provides information on

489

Facility Representative Program: Subject Matter Links  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Subject Matter Links Subject Matter Links Nuclear Office of Nuclear Safety and Environment Nuclear Regulatory Commission American Nuclear Society (ANS) Nuclear Energy Institute International Atomic Energy Agency (IAEA) Electrical OSHA Electrical Safety Information Underwriters Laboratories National Electrical Manufacturers Association Institute of Electrical and Electronic Engineers (IEEE) IPC - Association Connecting Electronics Industries OSHA Laser Hazards Chemical DOE Chemical Safety Program DOE Chronic Beryllium Disease Prevention Program EPA Chemical Information Material Safety Data Sheets Search NIOSH Guide to Chemical Hazards American Petroleum Institute Alternative Fluorocarbons Environmental Acceptability Study American Institute of Chemical Engineers Chemical Reactivity Worksheet

490

New program investigates health and water link  

E-Print Network [OSTI]

Story by Kathy Wythe tx H2O | pg. 24 New program investigates public health and water link Thousands of cases of waterborne and water-related diseases worldwide are related to drinking water. A new program in the Texas A&M Health Science... Center?s School of Rural Public Health is working to understand this link between diseases and water and educate the public about this connection. The Program in Public Health and Water Research was established in October 2008 within the rural...

Wythe, Kathy

2009-01-01T23:59:59.000Z

491

Racks and Links in Codimension 2 Introduction RACKS AND LINKS IN CODIMENSION TWO  

E-Print Network [OSTI]

Racks and Links in Codimension 2 Introduction RACKS AND LINKS IN CODIMENSION TWO ROGER FENN University of Warwick Coventry CV4 7AL UK Received 11 October 1991 ABSTRACT A rack, which is the algebraic the fundamental group. Racks provide an elegant and complete algebraic framework in which to study linksand

Rourke, Colin

492

EIA - Natural Gas Pipeline Network - Regional Overview and Links  

U.S. Energy Information Administration (EIA) Indexed Site

Overview and Links About U.S. Natural Gas Pipelines - Transporting Natural Gas based on data through 20072008 with selected updates Regional Overviews and Links to Pipeline...

493

Radiation Effects Research Foundation Links Past and Future ...  

Broader source: Energy.gov (indexed) [DOE]

Radiation Effects Research Foundation Links Past and Future Radiation Effects Research Foundation Links Past and Future August 2009 This document provides historical information...

494

External Links | U.S. DOE Office of Science (SC)  

Office of Science (SC) Website

External Links Budget Budget Home About Budget by Program GAO Audit Reports External Links Contact Information Budget U.S. Department of Energy SC-41Germantown Building 1000...