Powered by Deep Web Technologies
Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

Science Open Access Journals - Alerts Help  

Office of Scientific and Technical Information (OSTI)

SOAJ Alerts Fast Facts SOAJ Alerts Fast Facts You can easily create an alert right from the results page. Alerts run automatically, based on the schedule you choose. New relevantly ranked results are automatically sent to you through email or an individual or shared RSS/ATOM feed. There is no limit to the number of alerts you can create. Up to 6 previous sets of alert results may be accessed, with permanent links to the sources where possible. Selected results can be emailed, printed, or downloaded into a citation manager such as EndNote, RefWorks or Bib Tex. Alerts Help Alerts will make your recurring searches even easier by automating your search and sending you the results on a regular basis. To receive alerts on your topic(s) of interest, simply create an Alerts account, specify your

2

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

in Adobe AcrobatReader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30...

3

Energy Citations Database (ECD) - Alerts Help  

Office of Scientific and Technical Information (OSTI)

Help Help Alerts Registration - Receiving Alerts - Renewing your registration Alerts Log On Changing E-mail Address ECD Alerts Contact Us Managing your Alerts - Requesting an Alert or revising an Alert request - Canceling all Alerts and your registration - Summary of your Alerts - Weekly Alert notification - Not receiving an Alert? - Excessive Alerts ECD Alerts FAQ Passwords - Password requirements - Changing your password - Forgot your password? ECD Help ECD FAQs OSTI FAQs Alerts Registration Receiving Alerts In order to receive Alerts, you must register. Enter your e-mail address, a password, and repeat the password. Passwords must meet requirements. After submitting an Alerts Registration, you will receive an e-mail indicating that your Alerts Registration has been successfully submitted

4

Energy Citations Database (ECD) - Alerts FAQ  

Office of Scientific and Technical Information (OSTI)

Frequently Asked Questions (FAQs) Frequently Asked Questions (FAQs) What is an ECD Alert? Is there a charge for receiving Alerts? How do I register to receive an Alert? and how do I renew my registration? How do I request, revise, or cancel an Alert? How often will I receive an Alert? Where can I find a summary of my Alerts? And how long is my summary available? What do I do if I do not receive an Alert that I am expecting? What are the password requirements to receive Alerts? What do I do if I have forgotten my Alerts password? How do I change my Alerts password? How do I change my Alerts e-mail address? How do I cancel my registration for Alerts? How do I get help with ECD Alerts? How do I get help with ECD? What other databases/products/services are available from DOE's Office of Scientific and Technical Information (OSTI)?

5

Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links: Anderson County Government Emergency Management Anderson County Local Emergency Planning Committee (LEPC) City of Oak Ridge Fire Department Knoxville-Knox County Emergency...

6

Energy Citations Database (ECD) - Alerts Log On  

Office of Scientific and Technical Information (OSTI)

ECD Alerts Log On You must Log On to use the ECD Alerts. Alerts provide users with e-mail notification of updates to the ECD in specific areas of interest. If you wish to receive...

7

Energy Citations Database (ECD) - Alerts Log On  

Office of Scientific and Technical Information (OSTI)

ECD Alerts Log On Alerts provide users with e-mail notification of updates to the ECD in specific areas of interest. If you wish to receive an Alert and are not registered, please...

8

Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links Dedicated links pages are available for the following topics: Diesel Vehicles and Fuels Electric Vehicles Fuel Cell Vehicles Hybrids Plug-in Hybrids Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Auto Manufacturers Acura Aston Martin Audi Bentley BMW Bugatti Buick Cadillac Chevrolet Chrysler Dodge Ferrari Fiat Ford GMC Honda Hyundai Infiniti Jaguar Jeep Kia Lamborghini Land Rover Lexus Lincoln Lotus Maserati Maybach Mazda McLaren Automotive Mercedes-Benz MINI Mitsubishi Nissan Porsche Ram Rolls Royce Roush Performance Scion smart Spyker Subaru Suzuki Toyota Volkswagen Volvo VPG Buying Guides ACEEE's Green Book Aol Autos

9

Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links Public Outreach Clint Sprott's Wonders of Physics from University of Wisconsin, Madison Clint Sprott's Physics Demo Manual Phun Physics shows from University of Virginia Physics Van from Universitiy of Illinois, Urbana-Champaign How Does A Thing Like That Work from University of Pittsburgh Physics on the Road from Purdue University The Mad Science Group University Catalogues of Demonstrations Boston Univeristy's physics demonstrations University of Victoria physics demonstrations Wesleyan University physics demonstrations University of Minnesota, The Origin of the DCS Physics Demonstrations at the University of Texas at Austin University of Maryland University of Wisconsin University of Guelph University of Oregon Brown Physics Lecture Demonstrations University of California, Berkeley

10

Information Bridge: DOE Scientific and Technical Information - Alerts  

Office of Scientific and Technical Information (OSTI)

Help Help Alerts Registration - Receiving Alerts - Renewing your registration Alerts Log On Changing E-mail Address IB Alerts Comments Managing your Alerts - Requesting an Alert or revising an Alert request - Canceling all Alerts and your registration - Summary of your Alerts - Weekly Alert notification - Not receiving an Alert? - Excessive Alerts IB Alerts FAQ Passwords - Password requirements - Changing your password - Forgot your password? IB Help IB FAQs OSTI FAQs Alerts Registration Receiving Alerts In order to receive Alerts, you must register. Enter your e-mail address, a password, and repeat the password. Passwords must meet requirements. After submitting an Alerts Registration, you will receive an e-mail indicating that your Alerts Registration has been successfully submitted

11

Alert correlation using artificial immune recognition system  

Science Conference Proceedings (OSTI)

High volumes of low-level alerts that are generated by intrusion detection systems (IDSs) are serious obstacle for using them effectively. These high volumes of alerts overwhelm system administrators in such a way that they cannot manage and ...

Mehdi Bateni; Ahmad Baraani; Ali Ghorbani

2012-06-01T23:59:59.000Z

12

Alert correlation survey: framework and techniques  

Science Conference Proceedings (OSTI)

Managing raw alerts generated by various sensors are becoming of more significance to intrusion detection systems as more sensors with different capabilities are distributed spatially in the network. Alert Correlation addresses this issue by reducing, ...

Reza Sadoddin; Ali Ghorbani

2006-10-01T23:59:59.000Z

13

Alerts for Healthcare Process and Data Integration  

Science Conference Proceedings (OSTI)

In healthcare chain workflow management, urgent requests and critical messages in these systems (referred to as alerts) have to be delivered and handled timely. Presently, most systems cannot address urgency and alerts are often handled in an ad-hoc ...

Dickson K. W. Chiu; Benny W. C. Kwok; Ray L. S. Wong; S. C. Cheung; Eleanna Kafeza; Marina Kafeza

2004-01-01T23:59:59.000Z

14

Energy Citations Database (ECD) - Alerts Comments  

Office of Scientific and Technical Information (OSTI)

Alerts Comments If you have a question about Energy Citations Database Alerts, we recommend you check frequently asked questions. If your question still has not been answered or if...

15

Techniques and tools for analyzing intrusion alerts  

Science Conference Proceedings (OSTI)

Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts ... Keywords: Intrusion detection, alert correlation, security management

Peng Ning; Yun Cui; Douglas S. Reeves; Dingbang Xu

2004-05-01T23:59:59.000Z

16

E-print Network Alerts -- Energy, science, and technology for the research  

Office of Scientific and Technical Information (OSTI)

E-print Alerts E-print Alerts Login User Name: Enter User Name Password: Forgot username or password? Login The E-print Alerts feature is a service that will automatically notify you when new e-print information is available in your specific areas of interest. Simply register for the service and then create a search strategy, which will be matched automatically against each new weekly update. Patrons will receive the results of the alert via e-mail. If you are a NEW PATRON, learn how to set up E-print Alerts to meet your needs. If you are an existing patron, enter your user name and password in the box on the right, then press the login button. You may review or modify your search, add a new search, and see search results. Some links on this page may take you to non-federal websites. Their

17

Energy Citations Database (ECD) - Alerts Registration  

Office of Scientific and Technical Information (OSTI)

Registration Registration To be able to receive alerts from the ECD, please fill in and submit an Alerts Registration. Please note that passwords expire 6 months after registration. At this time you will be required to change your password in order to continue to receive Alert notification(s). After submitting an Alerts Registration, you will receive an e-mail indicating that the Alerts Registration has been successfully submitted and received. This e-mail will also provide instructions for confirming your e-mail address. After you have confirmed your e-mail address, you will be able to make an Alert Request. If you have previously registered, you may Log On. Please remember your E-mail Address and Password for future use. E-mail Address Password** Repeat Password** Submit Registration Clear Registration

18

Secure Safe - Personnel Alerting Device - Available ...  

PNNL’s Secure Safe device strengthens your security methods and protects your corporate assets by alerting you with an audible alarm if you begin to ...

19

Information Bridge: DOE Scientific and Technical Information - Alerts FAQ  

Office of Scientific and Technical Information (OSTI)

Frequently Asked Questions (FAQs) Frequently Asked Questions (FAQs) What is an Information Bridge (IB) Alert? Is there a charge for receiving Alerts? How do I register to receive an Alert? and how do I renew my registration? How do I request, revise, or cancel an Alert? How often will I receive an Alert? Where can I find a summary of my Alerts? And how long is my summary available? What do I do if I do not receive an Alert that I am expecting? What are the password requirements to receive Alerts? What do I do if I have forgotten my Alerts password? How do I change my Alerts password? How do I change my Alerts e-mail address? How do I cancel my registration for Alerts? How do I get help with IB Alerts? How do I get help with IB? What other databases/products are available from DOE's Office of

20

Web Links to Commonly Used Sites Can't find the page you are looking for? Please review the Statler College Favorite Links  

E-Print Network (OSTI)

Web Links to Commonly Used Sites Can't find the page you are looking for? Please review the Statler College Favorite Links list (below in alphabetical order) to jump to all other web sites. Have a site you Emeritus o Leaving o New · Emergency Alert o WVU Alert Web site o WVU Phone/Email Alert o Monongalia County

Mohaghegh, Shahab

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

E-print Network Alerts Help -- Energy, science, and technology for the  

Office of Scientific and Technical Information (OSTI)

Alerts Help Alerts Help Alerts will make your recurring searches even easier by automating your search and sending you the results on a regular basis. To receive alerts on your topic(s) of interest, simply create an Alerts account, specify your alert parameters and check your email. For additional information, please choose from one of the below help topics. Alerts Help Topics: Creating an Alerts account Alerts Homepage Create an alert Creating an alert from your search Receiving alerts Viewing alerts Selecting printing, emailing, and exporting alerts Storing alerts Modifying alerts Deleting an alert Alerts Search Tips E-print Network Alerts Fast Facts You can easily create an alert right from the results page. Alerts run automatically, based on the schedule you choose. New relevantly ranked results are automatically sent to you through

22

E-print Network Alert Service  

Office of Scientific and Technical Information (OSTI)

E-print Web Log E-print Web Log alert image About Search Browse by Discipline Find Scientific Societies Receive E-print Alerts Contact Us Help Home Site Map OSTI DOE Welcome to E-print Alerts! This feature can be used to automatically keep abreast of the latest e-prints posted on ArXiv databases as well as a number of other science and engineering databases and Web sites, based on a search profile you submit to us. You can even receive new postings from a number of sites by submitting a single profile based on your specific area of interest. The Service is free, and you can create as many profiles as you wish. Simply register for the Service and create your search strategies for your profiles. This will be run against all selected databases and Web sites, and you will receive a weekly Alert via e-mail with the results of your automatic profile search.

23

Alert-Driven E-Service Management  

Science Conference Proceedings (OSTI)

Process management technology has recently been employed not only within businesses but also in provision of E-services over the Internet. Urgent requests and critical messages in these systems (referred to as alerts) should be delivered and handled ...

Dickson K. W. Chiu; Benny W. C. Kwok; Ray L. S. Wong; S. C. Cheung; Eleanna Kafeza

2004-01-01T23:59:59.000Z

24

Vulnerabilities Analyzing Model for Alert Correlation in Distributed Environment  

Science Conference Proceedings (OSTI)

With the growing deployment of host and network intrusion detection systems, managing alerts from these systems becomes critically important. A promising approach is to develop a cooperation module between several IDS to achieve alerts correlation and ... Keywords: alert correlation, prerequisites and consequences, hyper-alert type, vulnerability tuple

Wen Long; Yang Xin; Yixian Yang

2009-07-01T23:59:59.000Z

25

PNNL: EDO - SBIR Alerting Service Archive  

NLE Websites -- All DOE Office Websites (Extended Search)

SBIR Alerting Service Back Issues SBIR Alerting Service Back Issues NOTICE - This service has been discontinued, effective October 1, 2013. Federal R&D funding is available through the Small Business Innovative Research and Small Business Technology Research (SBIR/STTR) Programs. The SBIR/STTR Alerting Service was a free service that provided bi-weekly notification of SBIR and STTR solicitation announcements, news and information, and Internet resources relevant to the SBIR/STTR programs. This service was provided by the Economic Development Office of Pacific Northwest National Laboratory (PNNL). To receive tips on SBIR/STTR proposals and project execution from the Greenwood Consulting Group, send an email to: gail-jim@g-jgreenwood.com with "subscribe" in the subject line.

26

Efficient Monitoring Algorithm for Fast News Alerts  

Science Conference Proceedings (OSTI)

Recently, there has been a dramatic increase in the use of XML data to deliver information over the Web. Personal Weblogs, news Web sites, and discussion forums are now publishing RSS feeds for their subscribers to retrieve new postings. As the popularity ... Keywords: Information search and retrieval, online information services, performance evaluation, user profiles, alert services.

Ka Cheung Sia; Junghoo Cho; Hyun-Kyu Cho

2007-07-01T23:59:59.000Z

27

Information Bridge: DOE Scientific and Technical Information - Alerts  

Office of Scientific and Technical Information (OSTI)

Alerts Registration Alerts Registration To be able to receive alerts from the Information Bridge:DOE Scientific and Technical Information, please fill in and submit an Alerts Registration. Please note that passwords expire 6 months after registration. At this time you will be required to change your password in order to continue to receive Alert notification(s). After submitting an Alerts Registration, you will receive an e-mail indicating that the Alerts Registration has been successfully submitted and received. This e-mail will also provide instructions for confirming your e-mail address. After you have confirmed your e-mail address, you will be able to make an Alert Request. If you have previously registered, you may Log On. Please remember your E-mail Address and Password for future use.

28

TIAA: A Visual Toolkit for Intrusion Alert Analysis  

Science Conference Proceedings (OSTI)

This paper presents the development of TIAA, a visual toolkit for intrusion alert analysis. TIAA is developed to provide an interactive platform for analyzing potentially large sets of intrusion alerts reported by heterogeneous intrusion detection systems ...

Ning, P

2003-03-01T23:59:59.000Z

29

Reducing false positives in anomaly detectors through fuzzy alert aggregation  

Science Conference Proceedings (OSTI)

In this paper we focus on the aggregation of IDS alerts, an important component of the alert fusion process. We exploit fuzzy measures and fuzzy sets to design simple and robust alert aggregation algorithms. Exploiting fuzzy sets, we are able to robustly ... Keywords: Aggregation, Anomaly detection, Fuzzy measures, Fuzzy sets, Intrusion detection, Multisensor fusion

Federico Maggi; Matteo Matteucci; Stefano Zanero

2009-10-01T23:59:59.000Z

30

A cognitive model for alert correlation in a distributed environment  

Science Conference Proceedings (OSTI)

The area of alert fusion for strengthening information assurance in systems is a promising research area that has recently begun to attract attention. Increased demands for “more trustworthy” systems and the fact that a single sensor cannot ... Keywords: alert correlation, fuzzy cognitive modeling, intelligent alert fusion, network security

Ambareen Siraj; Rayford B. Vaughn

2005-05-01T23:59:59.000Z

31

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

32

NIST Study of Hazard to Firefighters Leads to Safety Alert  

Science Conference Proceedings (OSTI)

NIST Study of Hazard to Firefighters Leads to Safety Alert. ... NIST-led research "validated the adverse consequences to firefighters when lens ...

2012-07-25T23:59:59.000Z

33

Albert Einstein Alerts President Roosevelt of German Atomic Energy...  

National Nuclear Security Administration (NNSA)

Albert Einstein Alerts President Roosevelt of German Atomic Energy Program | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation...

34

Find Us Links | OSTI, US Dept of Energy, Office of Scientific...  

Office of Scientific and Technical Information (OSTI)

OSTI Blog Get Widgets Get Alert Services Go to Videos OSTI Facebook OSTI Twitter OSTI Google+ (Link will open in a new window) Bookmark and Share (Link will open in a new window)...

35

ETC Alert Disaster Procedure, 8am 5pm Weekdays  

E-Print Network (OSTI)

work area "The hospital disaster response plan is in effect. Remain at your regular duties and awaitETC Alert Disaster Procedure, 8am ­ 5pm Weekdays ETC ALERT DISASTER ETC Charge Nurse Hospital Operator ETC Tech 3JCP Reception Pager 3735 Phone 6-3350 General Diagnostic Supervisor (Disaster Only) Ass

36

EVADER: Electric Vehicle Alert for Detection and Emergency Response  

E-Print Network (OSTI)

EVADER: Electric Vehicle Alert for Detection and Emergency Response F. Duboisa , G. Baudeta and J effect of vehicle exterior noise for vulnerable users has recently emerged. Quieter cars could reduce pedestrians' ability to travel safely. One of the objectives of the EVADER (Electric Vehicle Alert

Paris-Sud XI, Université de

37

An open meteorological alerting system: issues and solutions  

Science Conference Proceedings (OSTI)

This paper describes an experimental alerting system under development by the Australian Bureau of Meteorology, initially targetted at (but not restricted to) the aviation sector. The system provides alert routing and filtering: for example pressure ... Keywords: artificial intelligence, distributed systems, real-time systems, software engineering

Ian Mathieson; Sandy Dance; Lin Padgham; Malcolm Gorman; Michael Winikoff

2004-01-01T23:59:59.000Z

38

Management Alert: IG-0864 | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

IG-0864 IG-0864 Management Alert: IG-0864 May 17, 2012 Extended Assignments at Princeton Plasma Physics Laboratory Princeton University operates the Princeton Plasma Physics Laboratory (Princeton) under a contract with the Department of Energy's Office of Science. Princeton works with partners around the world to develop fusion as an energy source. The Laboratory's annual operating costs are about $80 million, all of which is reimbursed by the Department. On May 8, 2012, we issued a separate contract audit report on Audit Coverage of Cost Allowability for Princeton Plasma Physics Laboratory during Fiscal Years 2009-2010 under Department of Energy Contract Numbers DE-AC02-76CH03073 and DE-AC02-09CH11466 (OAS-V-12-06, May 2012). One of the objectives of that audit was to determine whether questioned costs and

39

Management Alert: IG-0864 | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

IG-0864 IG-0864 Management Alert: IG-0864 May 17, 2012 Extended Assignments at Princeton Plasma Physics Laboratory Princeton University operates the Princeton Plasma Physics Laboratory (Princeton) under a contract with the Department of Energy's Office of Science. Princeton works with partners around the world to develop fusion as an energy source. The Laboratory's annual operating costs are about $80 million, all of which is reimbursed by the Department. On May 8, 2012, we issued a separate contract audit report on Audit Coverage of Cost Allowability for Princeton Plasma Physics Laboratory during Fiscal Years 2009-2010 under Department of Energy Contract Numbers DE-AC02-76CH03073 and DE-AC02-09CH11466 (OAS-V-12-06, May 2012). One of the objectives of that audit was to determine whether questioned costs and

40

Stability of alert survivable forces during reductions  

Science Conference Proceedings (OSTI)

The stability of current and projected strategic forces are discussed within a framework that contains elements of current US and Russian analyses. For current force levels and high alert, stability levels are high, as are the levels of potential strikes, due to the large forces deployed. As force levels drop towards those of current value target sets, the analysis becomes linear, concern shifts from stability to reconstitution, and survivable forces drop out. Adverse marginal costs generally provide disincentives for the reduction of vulnerable weapons, but the exchange of vulnerable for survivable weapons could reduce cost while increasing stability even for aggressive participants. Exchanges between effective vulnerable and survivable missile forces are studied with an aggregated, probabilistic model, which optimizes each sides` first and determines each sides` second strikes and costs by minimizing first strike costs.

Canavan, G.H.

1998-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

Management Alert: IG-0871 | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

IG-0871 IG-0871 Management Alert: IG-0871 October 3, 2012 The 2020 Vision One System Proposal for Commissioning and Startup of the Waste Treatment and Immobilization Plant The Department of Energy (Department) is considering a proposal known as the 2020 Vision One System (2020 Vision) that would implement a phased approach to commissioning the $12.2 billion Waste Treatment and Immobilization Plant (WTP) including making the Low-Activity Waste (LAW) facility operational approximately 15 months before commissioning the remainder of the project. Although the implementation of the phased approach offers potential benefits, early operation of the LAW facility presents significant cost, technological and permitting risks that could adversely affect the overall success of the Office of the River Protection

42

Alert Service Sends International Research to Public Desktops | OSTI, US  

Office of Scientific and Technical Information (OSTI)

Alert Service Sends International Research to Public Desktops Alert Service Sends International Research to Public Desktops NEWS MEDIA CONTACT: Cathey Daniels, (865) 576-9539 FOR IMMEDIATE RELEASE April 4, 2006 Alert Service Sends International Research to Public Desktops Oak Ridge, TN - Citizens can set up a free e-mail alert account and receive information on a wide variety of energy-related research through a new U.S. Department of Energy (DOE) developed service. Users can target information of interest, and then choose whether to receive updates on a weekly, biweekly, monthly, quarterly or annual basis. Registration is required. The alert service can be accessed through ETDEWEB or Energy Technology Data Exchange World Energy Base. Information is available from 16 ETDE member countries plus other international partners, including research on energy

43

Considerations in missile reductions and de-alerting  

SciTech Connect

Earlier analyses assumed that all survivable forces could withstand first strikes and retaliate. Only those on alert, at sea, or capable of launching under attack meet that assumption. The sensitivity of those results to non-alert forces is discussed. Reduced alert rates decrease stability indices, primarily by reducing second strikes. Survivable, mobile Russian ICBMs could increase both sides stability. Dealerting hastens expected reductions and raises the possibility of abuse. And the low-force goal of arms reductions has some poorly understood and awkward attributes.

Canavan, G.H.

1998-04-01T23:59:59.000Z

44

Alert! Industry and Academia - The Energy Department Seeks Your Novel  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Alert! Industry and Academia - The Energy Department Seeks Your Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems January 7, 2014 - 12:37pm Addthis Alert! Industry and Academia — The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Do you care about power and our environment? Are you buzzing with innovative ideas? If so, the Energy Department wants to hear your new and creative concepts for improving the cost and performance of power or industrial systems that depend on fossil energy. Please note that this is a request for information (RFI) only; it is NOT a request for proposals. Your response may be used to guide the planned funding opportunity announcement (FOA) that will be issued at a later date

45

Alert! Industry and Academia - The Energy Department Seeks Your Novel  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Alert! Industry and Academia - The Energy Department Seeks Your Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Alert! Industry and Academia - The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems January 7, 2014 - 12:37pm Addthis Alert! Industry and Academia — The Energy Department Seeks Your Novel Ideas for Advanced Energy Systems Do you care about power and our environment? Are you buzzing with innovative ideas? If so, the Energy Department wants to hear your new and creative concepts for improving the cost and performance of power or industrial systems that depend on fossil energy. Please note that this is a request for information (RFI) only; it is NOT a request for proposals. Your response may be used to guide the planned funding opportunity announcement (FOA) that will be issued at a later date

46

OSTI Announces Alert Service for arXiv Patrons  

Office of Scientific and Technical Information (OSTI)

Enter Search Terms GO OSTI Announces Alert Service for arXiv Patrons March 2005 Oak Ridge, TN - The Office of Scientific and Technical Information (OSTI) is pleased to...

47

EERE News: EERE Progress Alerts http://www1.eere.energy.gov/news/progress_alerts/progress_alert.asp... 1 of 1 4/3/07 12:29 PM  

E-Print Network (OSTI)

EERE News: EERE Progress Alerts http://www1.eere.energy.gov/news/progress_alerts/progress_alert.asp... 1 of 1 4/3/07 12:29 PM Search Help More Search Options EERE Information Center Printable Version New Industrial Technologies Program within EERE, are run by 26 universities and provide no-cost energy

Washington at Seattle, University of

48

Hanford Site Emergency Alerting System siren testing report  

Science Conference Proceedings (OSTI)

The purpose of the test was to determine the effective coverage of the proposed upgrades to the existing Hanford Site Emergency Alerting System (HSEAS). The upgrades are to enhance the existing HSEAS along the Columbia River from the Vernita Bridge to the White Bluffs Boat Launch as well as install a new alerting system in the 400 Area on the Hanford Site. Five siren sites along the Columbia River and two sites in the 400 Area were tested to determine the site locations that will provide the desired coverage.

Weidner, L.B.

1997-08-13T23:59:59.000Z

49

Smart Solar Home System with Safety Device Low Voltage Alert  

Science Conference Proceedings (OSTI)

For many reasons Bangladeshi people are now using renewable energy. So, solar energy is the best renewable energy till now, in respect of Bangladesh. So using of solar system is common nowadays. Bangladesh Government has taken some steps to make solar ... Keywords: Smart Solar Home System (SSHS), Rooftop, Safety Device, Low voltage alert

Tawheed Hasan; Md. Faysal Nayan; Md. Asif Iqbal; Monzurul Islam

2012-03-01T23:59:59.000Z

50

An adaptive architecture of applying vulnerability analysis to IDS alerts  

Science Conference Proceedings (OSTI)

With increasing intrusions and attacks on the Internet, there is an urgent need to develop techniques for network security. Current standalone network security products, such as the firewall systems, the Intrusion Detection System (IDS), the anti-virus ... Keywords: alert, intrusion detection, network security, predicate-based evaluation, vulnerability analysis

Xuejiao Liu; Xin Zhuang; Debao Xiao

2008-07-01T23:59:59.000Z

51

Survey A model-based survey of alert correlation techniques  

Science Conference Proceedings (OSTI)

As telecommunication networks evolve rapidly in terms of scalability, complexity, and heterogeneity, the efficiency of fault localization procedures and the accuracy in the detection of anomalous behaviors are becoming important factors that largely ... Keywords: Alert correlation, Fault localization, Intrusion detection systems, Network management systems, SCADA systems

Saeed Salah; Gabriel Maciá-FernáNdez; JesúS E. DíAz-Verdejo

2013-04-01T23:59:59.000Z

52

Application of Short-Range Lidar in Wind Shear Alerting  

Science Conference Proceedings (OSTI)

Long-range lidar systems have been used operationally at the Hong Kong International Airport for wind shear alerting. They are used for monitoring the headwinds over the last 3 n mi of all of the runway corridors of the Hong Kong International ...

P. W. Chan; Y. F. Lee

2012-02-01T23:59:59.000Z

53

Method and apparatus for extraction of low-frequency artifacts from brain waves for alertness detection  

DOE Patents (OSTI)

Methods and apparatus automatically detect alertness in humans by monitoring and analyzing brain wave signals. Steps include: acquiring the brain wave (EEG or MEG) data from the subject, digitizing the data, separating artifact data from raw data, and comparing trends in f-data to alertness indicators, providing notification of inadequate alertness.

Clapp, Ned E. (Knoxville, TN); Hively, Lee M. (Knoxville, TN)

1997-01-01T23:59:59.000Z

54

The use of social media within the global disaster alert and coordination system (GDACS)  

Science Conference Proceedings (OSTI)

The Global Disaster Alert and Coordination System (GDACS) collects near real-time hazard information to provide global multi-hazard disaster alerting for earthquakes, tsunamis, tropical cyclones, floods and volcanoes. GDACS alerts are based on calculations ... Keywords: disaster management, emergency response, impact analysis, social media, twitter

Beate Stollberg; Tom de Groeve

2012-04-01T23:59:59.000Z

55

TIAA: A Toolkit for Intrusion Alert Analysis (Version 0.4) Installation and Operation Manual  

E-Print Network (OSTI)

TIAA: A Toolkit for Intrusion Alert Analysis (Version 0.4) Installation and Operation Manual 1 Introduction The Toolkit for Intrusion Alert Analysis(TIAA) was developed based on previous Intrusion Alert Correlator [3]. The primary goal of TIAA is to provide system support for interactive analysis of intrusion

Ning, Peng

56

TIAA: A Toolkit for Intrusion Alert Analysis (Version 1.0) Installation and Operation Manual  

E-Print Network (OSTI)

TIAA: A Toolkit for Intrusion Alert Analysis (Version 1.0) Installation and Operation Manual 1 Introduction The Toolkit for Intrusion Alert Analysis(TIAA) was developed based on previous Intrusion Alert Correlator [3]. The primary goal of TIAA is to provide system support for interactive analysis of intrusion

Ning, Peng

57

Method and apparatus for extraction of low-frequency artifacts from brain waves for alertness detection  

DOE Patents (OSTI)

Methods and apparatus automatically detect alertness in humans by monitoring and analyzing brain wave signals. Steps include: acquiring the brain wave (EEG or MEG) data from the subject, digitizing the data, separating artifact data from raw data, and comparing trends in f-data to alertness indicators, providing notification of inadequate alertness. 4 figs.

Clapp, N.E.; Hively, L.M.

1997-05-06T23:59:59.000Z

58

ADVISORY ALERT: Dekker, Ltd. Digital Signature - PARS II Reporting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

ADVISORY ALERT: Dekker, Ltd. Digital Signature - PARS II Reporting ADVISORY ALERT: Dekker, Ltd. Digital Signature - PARS II Reporting As you know, to run reports in the PARS II, users must install an active X control to their workstations. The FIRST TIME a user attempts to run a report after installing the Active X control, a Security Warning will appear stating: That warning appears because, although the digital signature is valid, the digital signature is from a publisher (in this case Dekker, Ltd.) whom you have not yet chosen to trust. The following steps instruct you how to clear the security warning so that you may continue working with PARS II reports. Please note: Once you complete the process of accepting the Dekker, LTd. digital signature, this warning will not re-appear. This process must be done ONCE to "inform" your PC that Dekker, LTd. is an

59

Science.gov Alerts Help Track Latest Science Information | OSTI, US Dept of  

Office of Scientific and Technical Information (OSTI)

Alerts Help Track Latest Science Information Alerts Help Track Latest Science Information NEWS MEDIA CONTACT: Cathey Daniels, (865) 576-9539 FOR IMMEDIATE RELEASE March 1, 2006 Science.gov Alerts Help Track Latest Science Information Oak Ridge, TN - The Science.gov Alert Service has been updated to take advantage of the new Science.gov 3.0 query capabilities. The Alert Service tracks the latest information on your science topics of interest and delivers that information to your desktop e-mail each Monday. The Alert Service is free, and registration is available at the Science.gov home page. New Science.gov query capabilities allow you to better define your search terms by using phrases, date ranges and more. Once you have defined your search terms and set your alert, Science.gov will do your searching for you

60

Management Alert - Extended Assignments at Princeton Plasma Physics Laboratory  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Extended Assignments at Princeton Extended Assignments at Princeton Plasma Physics Laboratory DOE/IG-0864 May 2012 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 May 17, 2012 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Management Alert on "Extended Assignments at Princeton Plasma Physics Laboratory" BACKGROUND Princeton University operates the Princeton Plasma Physics Laboratory (Princeton) under a contract with the Department of Energy's Office of Science. Princeton works with partners around the world to develop fusion as an energy source. The Laboratory's annual operating costs

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Vital Alert's C1000 mine and tunnel radios use magnetic induction...  

NLE Websites -- All DOE Office Websites (Extended Search)

Vital Alert's C1000 mine and tunnel radios use magnetic induction, advanced digital communications techniques and ultra-low frequency transmission to wirelessly provide...

62

Improving the Quality of Alerts and Predicting Intruder's Next Goal with Hidden Colored Petri-Net  

SciTech Connect

Intrusion detection systems (IDS) often provide poor quality alerts, which are insufficient to support rapid identification of ongoing attacks or predict an intruder’s next likely goal. In this paper, we propose a novel approach to alert post-processing and correlation, the Hidden Colored Petri-Net (HCPN). Different from most other alert correlation methods, our approach treats the alert correlation problem as an inference problem rather than a filter problem. Our approach assumes that the intruder’s actions are unknown to the IDS and can be inferred only from the alerts generated by the IDS sensors. HCPN can describe the relationship between different steps carried out by intruders, model observations (alerts) and transitions (actions) separately, and associate each token element (system state) with a probability (or confidence). The model is an extension to Colored Petri-Net (CPN) .It is so called “hidden” because the transitions (actions) are not directly observable but can be inferred by looking through the observations (alerts). These features make HCPN especially suitable for discovering intruders’ actions from their partial observations (alerts,) and predicting intruders’ next goal. Our experiments on DARPA evaluation datasets and the attack scenarios from the Grand Challenge Problem (GCP) show that HCPN has promise as a way to reducing false positives and negatives, predicting intruder’s next possible action, uncovering intruders’ intrusion strategies after the attack scenario has happened, and providing confidence scores.

Yu, Dong; Frincke, Deb A.

2006-06-22T23:59:59.000Z

63

Cooperative Monitoring Center Occasional Paper/9: De-Alerting Strategic Ballistic Missiles  

Science Conference Proceedings (OSTI)

This paper presents a framework for evaluating the technical merits of strategic ballistic missile de-alerting measures, and it uses the framework to evaluate a variety of possible measures for silo-based, land-mobile, and submarine-based missiles. De-alerting measures are defined for the purpose of this paper as reversible actions taken to increase the time or effort required to launch a strategic ballistic missile. The paper does not assess the desirability of pursuing a de-alerting program. Such an assessment is highly context dependent. The paper postulates that if de-alerting is desirable and is used as an arms control mechanism, de-alerting measures should satisfy specific cirteria relating to force security, practicality, effectiveness, significant delay, and verifiability. Silo-launched missiles lend themselves most readily to de-alerting verification, because communications necessary for monitoring do not increase the vulnerabilty of the weapons by a significant amount. Land-mobile missile de-alerting measures would be more challenging to verify, because monitoring measures that disclose the launcher's location would potentially increase their vulnerability. Submarine-launched missile de-alerting measures would be extremely challlenging if not impossible to monitor without increasing the submarine's vulnerability.

Connell, Leonard W.; Edenburn, Michael W.; Fraley, Stanley K.; Trost, Lawrence C.

1999-03-01T23:59:59.000Z

64

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

65

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

66

U-210: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

10: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service 10: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service U-210: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service July 11, 2012 - 7:00am Addthis PROBLEM: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service PLATFORM: Version(s): 2.6.x ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027237 SecurityTracker Alert ID: 1027240 Red Hat advisory CVE-2012-3375 IMPACT ASSESSMENT: Medium Discussion: The Linux kernel's Event Poll (epoll) subsystem does not properly handle resource clean up when an ELOOP error code is returned. A local user can exploit this to cause the target system to crash. Impact: A local user can cause the target system to crash.

67

U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL  

NLE Websites -- All DOE Office Websites (Extended Search)

259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic 259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: RSA BSAFE SSL-C prior to 2.8.6 ABSTRACT: RSA BSAFE SSL-C Multiple Vulnerabilities reference LINKS: Secunia Advisory SA50601 SecurityTracker Alert ID: 1027514 SecurityTracker Alert ID: 1027513 CVE-2011-3389 CVE-2012-2110 CVE-2012-2131 IMPACT ASSESSMENT: High Discussion: EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can

68

U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated 8:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges December 23, 2011 - 8:45am Addthis PROBLEM: Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.2) Red Hat Enterprise Linux Server EUS (v. 6.2.z) Red Hat Enterprise Linux Workstation (v. 6) ABSTRACT: A local privileged user on the guest operating system can obtain elevated privileges on the target system. reference LINKS: Red Hat kernel security and bug fix update SecurityTracker Alert ID: 1026453 SecurityTracker Alert ID: 1026454

69

V-028: Splunk Multiple Cross-Site Scripting and Denial of Service  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Splunk Multiple Cross-Site Scripting and Denial of Service 8: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities V-028: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities November 20, 2012 - 2:00am Addthis PROBLEM: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities PLATFORM: Splunk versions 4.3.5 and 5.0 ABSTRACT: Splunk is prone to multiple vulnerabilities REFERENCE LINKS: SecurityTracker Alert ID: 1027785 SecurityTracker Alert ID: 1027784 Bugtraq ID: 56581 Secunia Advisory SA51337 Secunia Advisory SA51351 Splunk Vulnerability Descriptions IMPACT ASSESSMENT: Medium DISCUSSION: Splunk is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions

70

V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site 2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code October 29, 2012 - 6:00am Addthis PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code PLATFORM: Firefox, Thunderbird, SeaMonkey ABSTRACT: Three vulnerabilities were reported in Mozilla Firefox. REFERENCE LINKS: Mozilla Foundation Security Advisory 2012-90 SecurityTracker Alert ID: 1027701 SecurityTracker Alert ID: 1027702 Advisory: RHSA-2012:1407-1 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 IMPACT ASSESSMENT: High DISCUSSION: A remote user can exploit the valueOf() method of window.location to, in

71

V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site 2: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code October 29, 2012 - 6:00am Addthis PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code PLATFORM: Firefox, Thunderbird, SeaMonkey ABSTRACT: Three vulnerabilities were reported in Mozilla Firefox. REFERENCE LINKS: Mozilla Foundation Security Advisory 2012-90 SecurityTracker Alert ID: 1027701 SecurityTracker Alert ID: 1027702 Advisory: RHSA-2012:1407-1 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 IMPACT ASSESSMENT: High DISCUSSION: A remote user can exploit the valueOf() method of window.location to, in

72

Training Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Courses NERSC Training Accounts Request Form Training Links OSF HPC Seminiars Software Accounts & Allocations Policies Data Analytics & Visualization Science Gateways User Surveys...

73

AFRD - Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links Home Organization Diversity Research Highlights Safety Links Intramural Links Accelerators are built, operated, and used by a large and diverse worldwide community. These links will take you to pages elsewhere that are related to AFRDÂ’ work. The U.S. Department of Energy, Office of Science, is the principal supporter of our activities (and many other R&D endeavors). For information on the Joint Accelerator Conferences go to JACoW. The International Committee for Future Accelerators and the American Physical SocietyÂ’ Division of Physics of Beams are among the organizations that advance, encourage, and communicate accelerator and beam science. The Laboratory's 50th Anniversary magazine gives an overview of the early and middle history of LBNL. Two of its authors later published the

74

Diesel Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Diesel Vehicles and Manufacturers Audi A3 (TDI models) A6 (TDI models) A7 (TDI models) A8 L (TDI model) Q5 (TDI models) Q7 (TDI models) BMW 328d Sedan 328d xDrive Sedan 328d xDrive Sports Wagon 535d Sedan 535d xDrive Sedan Chevrolet Cruze Turbo Diesel Jeep Grand Cherokee EcoDiesel Mercedes-Benz E250 BlueTEC GL350 BlueTEC GLK250 BlueTEC ML350 BlueTEC Porsche Cayenne Diesel Volkswagen Beetle (TDI models) Beetle Convertible (TDI models) Golf (TDI models) Jetta (TDI models) Jetta Sportwagen (TDI models) Passat (TDI models) Touareg (TDI models) Diesel-Related Information

75

The Burst Alert Telescope (BAT) on the Swift MIDEX Mission  

E-Print Network (OSTI)

The Burst Alert Telescope (BAT) is one of 3 instruments on the Swift MIDEX spacecraft to study gamma-ray bursts (GRBs). The BAT first detects the GRB and localizes the burst direction to an accuracy of 1-4 arcmin within 20 sec after the start of the event. The GRB trigger initiates an autonomous spacecraft slew to point the two narrow field-of-view (FOV) instruments at the burst location within 20-70 sec so to make follow-up x-ray and optical observations. The BAT is a wide-FOV, coded-aperture instrument with a CdZnTe detector plane. The detector plane is composed of 32,768 pieces of CdZnTe (4x4x2mm), and the coded-aperture mask is composed of approximately 52,000 pieces of lead (5x5x1mm) with a 1-m separation between mask and detector plane. The BAT operates over the 15-150 keV energy range with approximately 7 keV resolution, a sensitivity of approximately 10E-8 erg*cm^-2*s^-1, and a 1.4 sr (half-coded) FOV. We expect to detect >100 GRBs/yr for a 2-year mission. The BAT also performs an all-sky hard x-ray survey with a sensitivity of approximately 2 mCrab (systematic limit) and it serves as a hard x-ray transient monitor.

S. D. Barthelmy; L. M. Barbier; J. R. Cummings; E. E. Fenimore; N. Gehrels; D. Hullinger; H. A. Krimm; C. B. Markwardt; D. M. Palmer; A. Parsons; G. Sato; M. Suzuki; T. Takahashi; M. Tashiro; J. Tueller

2005-07-18T23:59:59.000Z

76

Alert Services | OSTI, US Dept of Energy, Office of Scientific and  

Office of Scientific and Technical Information (OSTI)

Alert Services Alert Services Get weekly e-mail notification of new information about your specific area(s) of interest. Simply register for the service on one or all of the OSTI products described below and then sign up for topic(s) which will be matched automatically against each new weekly update. E-Print Network E-print Network Alerts Searchable gateway to over 5 million e-print documents and over 32,000 websites and databases worldwide. OSTIblog E-mail notifications OSTIblog E-mail Notifications Automatic notifications by e-mail when new OSTIblog articles are posted to the OSTI website. Science Accelerator Science Accelerator Alerts Searchable gateway to key DOE/OSTI resources that contain research and development results, project descriptions, accomplishments, and more.

77

OSTI Announces Alert Service for arXiv Patrons | OSTI, US Dept of Energy,  

Office of Scientific and Technical Information (OSTI)

Announces Alert Service for arXiv Patrons Announces Alert Service for arXiv Patrons March 2005 Oak Ridge, TN - The Office of Scientific and Technical Information (OSTI) is pleased to announce implementation of an Alert Service that serves patrons of arXiv, a source in the fields of physics, mathematics, non-linear science, computer science, and quantitative biology. ArXiv, a service of Cornell University Library System, is one of the sources included in OSTI's E-print Network. Through this Alert Service, patrons can subscribe to be automatically notified of the latest information posted on arXiv, as well as other e-print sources in the E-print Network. A special interface is provided for arXiv patrons through the E-print Network. E-print Network is a vast, integrated network of electronic scientific and

78

Effects of psychostimulants on alertness and spatial bias in healthy participants  

Science Conference Proceedings (OSTI)

Converging evidence from neuropsychological and neuroimaging studies suggests that the ability to maintain an alert, ready-to-respond state is mediated by a network of right-hemisphere frontal and parietal cortical areas. This right lateralization may ...

Chris Dodds; Ulrich Müller; Tom Manly

2009-03-01T23:59:59.000Z

79

Human factors studies of an ADS-B based traffic alerting system for general aviation  

E-Print Network (OSTI)

Several recent high profile mid-air collisions highlight the fact that mid-air collisions are a concern for general aviation. Current traffic alerting systems have limited usability in the airport environment where a ...

Silva, Sathya Samurdhi

2012-01-01T23:59:59.000Z

80

MIDC: Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links Other Data Collection Activities Baseline Surface Radiation Network (BSRN) Clear Sky Forcast for NREL/SRRL (or other locations) Colorado Dept. of Public Health & Environment: Air Quality Index (AQI) Reporting System Colorado State University: USDA UV-B Monitoring and Research Program European Skynet Radiometers network (ESR) Jefferson County, Colorado: Jeffco Weather Station NOAA: Climate Monitoring & Diagnostics Laboratory (CMDL) NREL OTF: Reference Meteorological and Irradiance System (RMIS) NREL RReDC: Cooperative Networks for Renewable Resource Measurements (CONFRRM) NREL RReDC: NASA Remote Sensing Validation Data: Saudi Arabia Rocky Mountain Arsenal (RMA): National Wildlife Refuge Sandia National Laboratories: Photovoltaic Systems Evaluation

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Federal technology alert. Parabolic-trough solar water heating  

DOE Green Energy (OSTI)

Parabolic-trough solar water heating is a well-proven renewable energy technology with considerable potential for application at Federal facilities. For the US, parabolic-trough water-heating systems are most cost effective in the Southwest where direct solar radiation is high. Jails, hospitals, barracks, and other facilities that consistently use large volumes of hot water are particularly good candidates, as are facilities with central plants for district heating. As with any renewable energy or energy efficiency technology requiring significant initial capital investment, the primary condition that will make a parabolic-trough system economically viable is if it is replacing expensive conventional water heating. In combination with absorption cooling systems, parabolic-trough collectors can also be used for air-conditioning. Industrial Solar Technology (IST) of Golden, Colorado, is the sole current manufacturer of parabolic-trough solar water heating systems. IST has an Indefinite Delivery/Indefinite Quantity (IDIQ) contract with the Federal Energy Management Program (FEMP) of the US Department of Energy (DOE) to finance and install parabolic-trough solar water heating on an Energy Savings Performance Contract (ESPC) basis for any Federal facility that requests it and for which it proves viable. For an ESPC project, the facility does not pay for design, capital equipment, or installation. Instead, it pays only for guaranteed energy savings. Preparing and implementing delivery or task orders against the IDIQ is much simpler than the standard procurement process. This Federal Technology Alert (FTA) of the New Technology Demonstration Program is one of a series of guides to renewable energy and new energy-efficient technologies.

NONE

1998-04-01T23:59:59.000Z

82

Recovery Act Energy Home Improvement Loan Scam Alert | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Recovery Act Energy Home Improvement Loan Scam Alert Recovery Act Energy Home Improvement Loan Scam Alert Recovery Act Energy Home Improvement Loan Scam Alert May 24, 2010 - 1:05pm Addthis The U.S. Department of Energy is aware of fraudulent solicitations being received through the United States Postal Service that solicit personal information for purported "Federal Energy Home Improvement Loans" under the American Reinvestment and Recovery Act. These solicitations falsely appear to be on U.S. Department of Energy letterhead, and offer recipients the prospect of obtaining up to a $50,000 loan. A sample of the fraudulent solicitation can be found here. Should you receive such a solicitation, you should not return the enclosed application, but instead report the matter immediately in one of the following manners:

83

Management Alert on Protective Force Training Facility Utilization at the Pantex Plant, IG-0855  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Management Alert on Protective Management Alert on Protective Force Training Facility Utilization at the Pantex Plant DOE/IG-0855 September 2011 Department of Energy Washington, DC 20585 September 27, 2011 MEMORANDUM FOR THE ADMINISTRATOR, NATIONAL NUCLEAR SECURITY ADMINISTRATION FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Management Alert on "Protective Force Training Facility Utilization at the Pantex Plant" IMMEDIATE CONCERN As part of our ongoing audit to determine whether the Department of Energy is effectively utilizing its protective force training facilities, we determined that the National Nuclear Security Administration's (NNSA) Office of Secure Transportation (OST) plans to spend approximately $2 million for a new Physical Training/Intermediate Use of Force (PT/IUF) facility at the Pantex

84

e-Alert from Fermilab Education Office Sept 2013 - Spring 2014  

NLE Websites -- All DOE Office Websites (Extended Search)

Program E-Alert - September 2013 - Spring 2014 Program E-Alert - September 2013 - Spring 2014 Calendar * What we're planning * What we're reading ed.fnal.gov Spread the word to your colleagues. Find interesting opportunities and resources in the Fermilab Education Office E-Alert newsletter. E-mail sdahl@fnal.gov to be added to or deleted from our mailing list. Calendar Watch our website for details on these future events. September 25, 2013 - STEM Family Night Planning Workshop October 24-26, 2013 - ISEC, Tinley Park, IL Mid-November 2013 - FFSE Online Scholarship application opens. Spring 2014 -- Save the date for future events. What we're planning STEM Family Night Planning Workshop September 25, 2013 - 7:00 p.m.-9:30 p.m. ed.fnal.gov/sciadv Is your organization (school, PTA, library or co-op) planning a STEM Family

85

Hydrogen: Helpful Links & Contacts  

Science Conference Proceedings (OSTI)

Helpful Links & Contacts. Helpful Links. Hydrogen Information, Website. ... Contacts for Commercial Hydrogen Measurement. ...

2013-07-31T23:59:59.000Z

86

The EMA system: a CTI based e-mail alerting service  

Science Conference Proceedings (OSTI)

The integration of Internet services and telephony services is a new area for the development of telecommunications services. One example is an e-mail alerting service that uses the telephony network for e-mail notification. The EMA system is a computer ...

D. Frank; H. Lucic; M. Opsenica; L. Puksec; M. Zic; S. Brajkovic; V. Maricic

2000-02-01T23:59:59.000Z

87

Design of Electric or Hybrid vehicle alert sound system for pedestrian  

E-Print Network (OSTI)

on a track of our test center located in La Ferté Vidame. Two cars were used: -a diesel-vehicle - an electricDesign of Electric or Hybrid vehicle alert sound system for pedestrian J.-C. Chamard and V, France 1691 #12;The arrival of fully or hybrid electric vehicles raised safety problems respect

Paris-Sud XI, Université de

88

Alert correlation in collaborative intelligent intrusion detection systems-A survey  

Science Conference Proceedings (OSTI)

As complete prevention of computer attacks is not possible, intrusion detection systems (IDSs) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuse- and anomaly-based. ... Keywords: Alert correlation, Collaborative intrusion detection, Computational intelligence approaches, False positive analysis

Huwaida Tagelsir Elshoush; Izzeldin Mohamed Osman

2011-10-01T23:59:59.000Z

89

An Alert Classification System for Monitoring and Assessing the ENSO Cycle  

Science Conference Proceedings (OSTI)

An alert classification system for the ENSO cycle is introduced. The system includes watches, advisories, and a five-class intensity scale for warm and cold phases of the ENSO cycle. A watch is issued when conditions are favorable for the ...

V. E. Kousky; R. W. Higgins

2007-04-01T23:59:59.000Z

90

my account e-alert subscribe register Can quantum computers be  

E-Print Network (OSTI)

my account e-alert subscribe register Can quantum computers be made with solid-state electronics & Ecology Genetics Immunology Materials Science Medical Research 28 August 2004 Quantum computers get in tune Ultra-powerful quantum computers could use nanoscale resonators for passing information between

Geller, Michael R.

91

U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote 3: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges August 13, 2012 - 7:00am Addthis PROBLEM: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges PLATFORM: Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 ABSTRACT: A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system. Reference LINKS: Oracle Security Alert Oracle Security Alert - CVE-2012-3132 Risk Matrices SecurityTracker Alert ID: 1027367 CVE-2012-3132 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Oracle Database. This vulnerability is not

92

NEWTON's Weather Links  

NLE Websites -- All DOE Office Websites (Extended Search)

References Do you have a great weather reference link? Please click our Ideas page. Featured Reference Links: NOAA Teachers Support Page NOAA Teachers Support Page for Weather and...

93

Safety Alerts  

NLE Websites -- All DOE Office Websites (Extended Search)

The Office of Health, Safety and Security HSS Logo Department of Energy Seal Left Tab SEARCH Right Tab TOOLS Right Tab Left Tab HOME Right Tab Left Tab ABOUT US Right Tab Left Tab...

94

Microsoft Word - Energy Market Alert Jan 25 2013 - Northeast _public version_ final.docx  

U.S. Energy Information Administration (EIA) Indexed Site

Northeastern Winter Natural Gas and Electricity Alert Friday January 25, 2013 Current status of natural gas and electricity markets in New York and New England For questions or comments about this report, please contact Christopher.Peterson@eia.gov. Temperature: Both NYC and Boston expect continuing cold temperatures during the day today. Beginning tonight, temperatures are forecast to be moderate, with lows of 18°F in NYC and 15°F in Boston. Next week is expected to be milder. Natural gas demand: Bentek forecasts that demand will remain at high levels through today. Natural gas constraints & LNG: Most pipelines from the west and south

95

Passive pavement-mounted acoustical linguistic drive alert system and method  

DOE Patents (OSTI)

Systems and methods are described for passive pavement-mounted acoustical alert of the occupants of a vehicle. A method of notifying a vehicle occupant includes providing a driving medium upon which a vehicle is to be driven; and texturing a portion of the driving medium such that the textured portion interacts with the vehicle to produce audible signals, the textured portion pattern such that a linguistic message is encoded into the audible signals. The systems and methods provide advantages because information can be conveyed to the occupants of the vehicle based on the location of the vehicle relative to the textured surface.

Kisner, Roger A. (Knoxville, TN); Anderson, Richard L. (Oak Ridge, TN); Carnal, Charles L. (Cookeville, TN); Hylton, James O. (Clinton, TN); Stevens, Samuel S. (Harriman, TN)

2001-01-01T23:59:59.000Z

96

Federal Technology Alert: Ground-Source Heat Pumps Applied to Federal Facilities--Second Edition  

SciTech Connect

This Federal Technology Alert, which was sponsored by the U.S. Department of Energy's Office of Federal Energy Management Programs, provides the detailed information and procedures that a Federal energy manager needs to evaluate most ground-source heat pump applications. This report updates an earlier report on ground-source heat pumps that was published in September 1995. In the current report, general benefits of this technology to the Federal sector are described, as are ground-source heat pump operation, system types, design variations, energy savings, and other benefits. In addition, information on current manufacturers, technology users, and references for further reading are provided.

Hadley, Donald L.

2001-03-01T23:59:59.000Z

97

Alerting device and method for reminding a person of a risk  

DOE Patents (OSTI)

An alerting device and method to remind personnel of a risk is disclosed. The device has at least two sensors, a logic controller, a power source, and an annunciator that delivers a visual message, with or without an audible alarm, about a risk to a person when the sensors detect the person exiting a predetermined space. In particular, the present invention reminds a person of a security, safety, or health risk upon exiting a predetermined space. More particularly, the present invention reminds a person of an information security risk relating to sensitive, proprietary, confidential, trade secret, classified, or intellectual property information.

Runyon, Larry [Richland, WA; Gunter, Wayne M [West Richland, WA; Pratt, Richard M [Richland, WA

2001-11-27T23:59:59.000Z

98

Pages that link to "Property:UNRegion" | Open Energy Information  

Open Energy Info (EERE)

( links) Mauritius ( links) Bahrain ( links) Moldova ( links) Thailand ( links) Portugal ( links) Sudan ( links) View (previous 50 |...

99

Pages that link to "Form:Tool" | Open Energy Information  

Open Energy Info (EERE)

( links) Mauritius ( links) Bahrain ( links) Moldova ( links) Thailand ( links) Portugal ( links) Sudan ( links) Senegal (...

100

Pages that link to "Form:Research Institution" | Open Energy...  

Open Energy Info (EERE)

( links) Mauritius ( links) Bahrain ( links) Moldova ( links) Thailand ( links) Portugal ( links) Sudan ( links) Senegal (...

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

Pages that link to "Form:Program" | Open Energy Information  

Open Energy Info (EERE)

( links) Mauritius ( links) Bahrain ( links) Moldova ( links) Thailand ( links) Portugal ( links) Sudan ( links) Senegal (...

102

Pages that link to "Form:Company" | Open Energy Information  

Open Energy Info (EERE)

( links) Mauritius ( links) Bahrain ( links) Moldova ( links) Thailand ( links) Portugal ( links) Sudan ( links) View (previous 50 |...

103

secondary purpose was to alert people to the relative size of the different resources avail  

E-Print Network (OSTI)

and shifting output like flow batteries, hightemperature batteries, smartgrid options linked to distributed

104

Standard-Related Links  

Science Conference Proceedings (OSTI)

... Standard-Related Links. ... Association for Clinical Chemistry ACS - American Chemical Society ANSI - American National Standards Institute AOAC ...

2013-06-28T23:59:59.000Z

105

Energy Links Page - EIA  

U.S. Energy Information Administration (EIA) Indexed Site

Publications & Reports > Energy Links Page Publications & Reports > Energy Links Page Related Energy Links Energy Companies Coal & Other Electricity Foreign Integrated Natural Gas Transmission, Distribution, and Marketing News Services and Periodicals Oil & Gas Exploration and Production Petroleum Refining, Marketing, and Transportation State Owned U.S. Integrated Government Agencies Other DOE National Laboratories Federal Energy States Universities Trade Associations & Other Trade Associations Other Associations International Statistics Energy Services Other Energy Sites EIA Links Disclaimer These pages contain hypertext links to information created and maintained by other public and private organizations. These links provide additional information that may be useful or interesting and are being provided consistent with the intended purpose of the EIA Web site. EIA does not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. EIA does not endorse the organizations sponsoring linked websites and we do not endorse the views they express or the products/services they offer.

106

Management Alert: OAS-M-12-03 | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

OAS-M-12-03 OAS-M-12-03 Management Alert: OAS-M-12-03 March 23, 2012 Purchase of Computers for the U.S. Department of Agriculture Forest Service at the Savannah River Site In October 2011, the OIG received a complaint that the U.S. Department of Agriculture (Agriculture) Forest Service - Savannah River (Forest Service) had purchased a number of computers under its Interagency Agreement (Agreement) with the Department of Energy's (Department) Savannah River Operations Office (SRO) that were not placed into use and were being stored in a manner that left them vulnerable to theft or misuse. We confirmed the existence of 17 Hewlett-Packard desktop computers that had been purchased in September 2010, by the Forest Service with SRO funds, with the intention of connecting the computers to the Savannah River Site

107

Management Alert: OAS-M-12-03 | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

OAS-M-12-03 OAS-M-12-03 Management Alert: OAS-M-12-03 March 23, 2012 Purchase of Computers for the U.S. Department of Agriculture Forest Service at the Savannah River Site In October 2011, the OIG received a complaint that the U.S. Department of Agriculture (Agriculture) Forest Service - Savannah River (Forest Service) had purchased a number of computers under its Interagency Agreement (Agreement) with the Department of Energy's (Department) Savannah River Operations Office (SRO) that were not placed into use and were being stored in a manner that left them vulnerable to theft or misuse. We confirmed the existence of 17 Hewlett-Packard desktop computers that had been purchased in September 2010, by the Forest Service with SRO funds, with the intention of connecting the computers to the Savannah River Site

108

Domestic Water Conservation Technologies: Federal Energy Management Program (FEMP) Federal Technology Alert (Booklet)  

SciTech Connect

Executive Order 13123 calls for the Federal government to conserve water as well as energy in its 500,000 facilities. To help set priorities among water-saving measures, the Federal Energy Management Program conducted a study of Federal water use in 1997. The study indicated that the government consumes more than 50% of its water in just three types of Federal facilities: housing, hospitals, and office buildings. These facilities have enough kitchens, rest rooms, and laundry areas to provide facility managers with many opportunities to begin reducing their water use (and utility costs) with appropriate water-saving fixtures and products. Therefore, this Federal Technology Alert focuses on domestic technologies, products, and appliances such as water-efficient faucets, showerheads, toilets, urinals, washing machines, and dishwashers. Conserving water also saves the energy needed to treat, pump, and heat that water in homes, businesses, and other buildings.

2002-10-01T23:59:59.000Z

109

Plant alert: Don`t let erosion/corrosion compromise safety  

Science Conference Proceedings (OSTI)

One year ago, the rupture of a feed-water-pipe section just upstream of the economizer resulted in a fatal accident at a US utility drum-boiler unit. The direct cause of the accident was thinning of the pipe wall, apparently the result of erosion/corrosion. An accident similar in origin and consequences occurred in December 1986 at a nuclear pressurized-water reactor (PWR) unit in virginia. Although such serious accidents are rare, erosion/corrosion is a relatively common occurrence in all types of steam systems. It joins drum-boiler waterwall-tube failures and deaerator cracking as the most extensive and expensive waterside problems encountered at powerplants. The purpose of this alert is to urge powerplant owners ad operators to inspect locations in feedwater and wet steam components that may be susceptible to wall thinning caused by erosion/corrosion. (An extensive list of references is provided for assistance in obtaining background information.)

Jonas, O. [Jonas Inc., Wilmington, DE (United States)

1996-02-01T23:59:59.000Z

110

NREL: News - Related Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Home Feature News News Releases Events Awards Research Support Facility Energy Systems Integration Facility Related Links NREL is a national laboratory of the U.S....

111

Energy Efficiency Links  

U.S. Energy Information Administration (EIA) Indexed Site

Energy Energy Efficiency Organizations Energy Efficiency Organizations Release Date: October 1999 Last Updated: Septembert 2009 EIA Links Disclaimer: These pages contain hypertext links to information created and maintained by other public and private organizations. These links provide additional information that may be useful or interesting and are being provided consistent with the intended purpose of the EIA website. EIA does not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. EIA does not endorse the organizations sponsoring linked websites, the views they express, or the products and services they offer. U.S. Federal Government / Regional / U.S. Nonprofit / International U.S. Federal Government and Related Agencies

112

Geothermal: Related Links  

NLE Websites -- All DOE Office Websites (Extended Search)

GEOTHERMAL TECHNOLOGIES LEGACY COLLECTION - Related Links Geothermal Technologies Legacy Collection HelpFAQ | Site Map | Contact Us | Admin Log On HomeBasic Search About...

113

Hydrology Group - Related Links  

NLE Websites -- All DOE Office Websites (Extended Search)

links to relevant web pages within the Pacific Northwest National Laboratory and the Hanford Site. . Battelle Environmental Molecular Sciences Laboratory (EMSL) Energy and...

114

ZeptoOS // Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links ZeptoOS-specific resources: Subversion repository Kernel GIT repository Bug tracking system Blue Gene resources: ALCF: Argonne Leadership Computing Facility Blue Gene...

115

Diversity Links; Diversity Office  

NLE Websites -- All DOE Office Websites (Extended Search)

Source Disclaimer: Links and/or hyperlinks on this page may contain information gathered from public sources outside Brookhaven National Laboratory. This information is for reference purposes only and, as such, there is no endorsement of products or services therein, nor is BNL responsible for any content inaccuracies. By clicking any of the aforementioned links and/or hyperlinks, you acknowledge your understanding and agreement with this statement. Source Disclaimer: Links and/or hyperlinks on this page may contain information gathered from public sources outside Brookhaven National Laboratory. This information is for reference purposes only and, as such, there is no endorsement of products or services therein, nor is BNL responsible for any content inaccuracies. By clicking any of the aforementioned links and/or hyperlinks, you acknowledge your understanding and agreement with this statement. Diversity Links BNL & DOE Diversity Links Minority Recruitment Links BNL & DOE Diversity Links Brookhaven National Laboratory (BNL) Brookhaven Advocacy Council (BAC) Brookhaven Employees Recreation Association (BERA) | BERA Clubs U.S. DOE Office of Civil Rights and Diversity U.S. DOE Office of Civil Rights and Diversity - Homepage

116

U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

54: Webmin Flaws Let Remote Authenticated Users Execute 54: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files September 10, 2012 - 6:00am Addthis PROBLEM: Webmin Multiple Input Validation Vulnerabilities PLATFORM: The vulnerabilities are reported in version 1.580. Other versions may also be affected. ABSTRACT: An authenticated attacker may be able to execute arbitrary commands. reference LINKS: Webmin Security Alerts Bugtraq ID: 55446 Secunia Advisory SA50512 SecurityTracker Alert ID: 1027507 US CERT Vulnerability Note VU#788478 CVE-2012-2981 CVE-2012-2982 CVE-2012-2983 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in Webmin, which can be exploited by malicious users to compromise a vulnerable system and by

117

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

118

T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Apache Tomcat HTTP BIO Connector Error Discloses Information 8: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users April 8, 2011 - 5:35am Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user may be able to obtain information from a different request. PLATFORM: Apache Tomcat v7.0.0 - v7.0.11 ABSTRACT: When using HTTP pipelining, the system may return information from a different request to a remote user. The vulnerability resides in the HTTP BIO connector. reference LINKS: Apache Tomcat Security Alert CVE-2011-1475 SecurityTracker Alert ID: 1025303 IMPACT ASSESSMENT: Medium Discussion: Changes introduced to the HTTP BIO connector to support Servlet 3.0

119

T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Apache Tomcat HTTP BIO Connector Error Discloses Information 8: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users April 8, 2011 - 5:35am Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user may be able to obtain information from a different request. PLATFORM: Apache Tomcat v7.0.0 - v7.0.11 ABSTRACT: When using HTTP pipelining, the system may return information from a different request to a remote user. The vulnerability resides in the HTTP BIO connector. reference LINKS: Apache Tomcat Security Alert CVE-2011-1475 SecurityTracker Alert ID: 1025303 IMPACT ASSESSMENT: Medium Discussion: Changes introduced to the HTTP BIO connector to support Servlet 3.0

120

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

T-537: Oracle Critical Patch Update Advisory - January 2011 | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7:11am 7:11am Addthis PROBLEM: Oracle Critical Patch Update Advisory - January 2011. PLATFORM: Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Oracle Industry Applications and Oracle VM patches. ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative. reference LINKS: Oracle Critical Patch SecurityTracker Alert ID: 1024979 CVE-2010-3594 Oracle Appendix Critical Patch Updates and Security Alerts

122

T-537: Oracle Critical Patch Update Advisory - January 2011 | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2:30pm 2:30pm Addthis PROBLEM: Oracle Critical Patch Update Advisory - January 2011. PLATFORM: Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Oracle Industry Applications and Oracle VM patches. ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative. reference LINKS: Oracle Critical Patch SecurityTracker Alert ID: 1024979 CVE-2010-3594 Oracle Appendix Critical Patch Updates and Security Alerts

123

U-072:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny 72:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service U-072:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service December 30, 2011 - 9:15am Addthis PROBLEM: Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service PLATFORM: apache Tomcat 5.5.34, 6.0.34, 7.0.22; and prior versions aBSTRACT: A remote user can cause performance to degrade on the target server. reference LINKS: Apache Tomcat Security Alert SecurityTracker Alert ID: 1026477 nruns Advisory SA-2011.004 Secunia Advisory SA47411 CVE-2011-4084 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A remote user can cause denial of service conditions. A remote user can send specially crafted POST request values to trigger hash collisions and cause significant performance

124

U-105:Oracle Java SE Critical Patch Update Advisory | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

05:Oracle Java SE Critical Patch Update Advisory 05:Oracle Java SE Critical Patch Update Advisory U-105:Oracle Java SE Critical Patch Update Advisory February 16, 2012 - 11:45am Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory PLATFORM: 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior ABSTRACT: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. reference LINKS: Oracle Java SE Critical Patch Critical Patch Security Alerts SecurityTracker Alert ID: 1026688 Secunia Advisory: SA48009 Red Hat advisory IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java

125

V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: RSA Adaptive Authentication (On-Premise) Input Validation 4: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks November 27, 2012 - 2:00am Addthis PROBLEM: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks PLATFORM: RSA Adaptive Authentication (On-Premise) 6.x ABSTRACT: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). REFERENCE LINKS: SecurityTracker Alert ID: 1027811 SecurityFocus Security Alert RSA Customer Support CVE-2012-4611 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). A remote user can conduct cross-site scripting attacks. The software does not

126

U-105:Oracle Java SE Critical Patch Update Advisory | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5:Oracle Java SE Critical Patch Update Advisory 5:Oracle Java SE Critical Patch Update Advisory U-105:Oracle Java SE Critical Patch Update Advisory February 16, 2012 - 11:45am Addthis PROBLEM: Oracle Java SE Critical Patch Update Advisory PLATFORM: 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior ABSTRACT: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. reference LINKS: Oracle Java SE Critical Patch Critical Patch Security Alerts SecurityTracker Alert ID: 1026688 Secunia Advisory: SA48009 Red Hat advisory IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java

127

Microsoft Word - Additional links  

Office of Legacy Management (LM)

Links: Links: Link to annual groundwater reports on LM website: http://www.lm.doe.gov/Monticello/Documents.aspx#gwreports Links to peer-reviewed papers referenced in the Program Status and Analytical Update (Note: Due to copyright restrictions, links to these papers, rather than reproductions, are provided): a. Harding, Lee E. "Non-linear uptake and hormesis effects of selenium in red- winged blackbirds (Agelaius phoeniceus)". Science of the Total Environment 389 (2008) 350-366. Available through sciencedirect at: http://www.sciencedirect.com/science/article/pii/S0048969707010029 b. King, Kirke A. and Thomas W. Custer. "Reproductive Success of Barn Swallows Nesting Near a Selenium-Contaminated Lake in East Texas, USA". Environmental Pollution 84 (1994) 53-58. Available through sciencedirect at:

128

Lighting Group: Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links Links Organizations Illuminating Engineering Society of North America (IESNA) International Commission on Illumination (CIE) International Association of Lighting Designers (IALD) International Association of Energy-Efficient Lighting Lightfair International Energy Agency - Task 21: Daylight in Buildings: Design Tools and Performance Analysis International Energy Agency - Task 31: Daylighting Buildings in 21st Century National Association on Qualifications for the Lighting Professions (NCQLP) National Association of Independent Lighting Distributors (NAILD) International Association of Lighting Management Companies (NALMCO) Research Centers California Lighting Technology Center Lighting Research Center Lighting Research at Canada Institute for Research in Construction

129

Bursty traffic over bursty links  

Science Conference Proceedings (OSTI)

Accurate estimation of link quality is the key to enable efficient routing in wireless sensor networks. Current link estimators focus mainly on identifying long-term stable links for routing. They leave out a potentially large set of intermediate links ... Keywords: bursty links, link estimation, routing

Muhammad Hamad Alizai; Olaf Landsiedel; Jó Ágila Bitsch Link; Stefan Götz; Klaus Wehrle

2009-11-01T23:59:59.000Z

130

Hybrid Vehicle Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Hybrid Links Hybrid Links Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Hybrid Vehicles and Manufacturers Acura ILX Hybrid Audi Q5 Hybrid BMW ActiveHybrid 3 ActiveHybrid 5 ActiveHybrid 7 Buick LaCrosse eAssist* Regal eAssist* Chevrolet Malibu Eco* Impala eAssist* Ford Fusion Hybrid Honda Accord Hybrid Civic Hybrid Honda CR-Z Honda Insight Hyundai Sonata Hybrid Infiniti M Hybrid Q50 Hybrid Q50 S Hybrid QX60 Hybrid Kia Optima Hybrid Lexus CT 200h Lexus ES 300h GS 450h LS 600h L RX 450h Lincoln MKZ Hybrid Mercedes-Benz Mercedes E400 Hybrid Nissan Pathfinder Hybrid Porsche Cayenne S Hybrid Subaru XV Crosstrek Hybrid Toyota Avalon Hybrid

131

Fuel Cell Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Fuel Cell Links Fuel Cell Links The links below are provided as additional resources for fuel-cell-related information. Most of the linked sites are not part of, nor affiliated with, fueleconomy.gov. We do not endorse or vouch for the accuracy of the information found on such sites. Fuel Cell Vehicles and Manufacturers Chevrolet General Motors press release about the Chevrolet Fuel Cell Equinox Ford Ford overview of their hydrogen fuel cell vehicles Honda FCX Clarity official site Hyundai Hyundai press release announcing the upcoming Tucson Fuel Cell Mercedes-Benz Ener-G-Force Fuel-cell-powered concept SUV Nissan Nissan TeRRA concept SUV Toyota Overview of Toyota fuel cell technology Hydrogen- and Fuel-Cell-Related Information and Tools Fuel Cell Vehicles Brief overview of fuel cell vehicles provided by DOE's Alternative Fuels Data Center (AFDC)

132

Links of Interest  

NLE Websites -- All DOE Office Websites (Extended Search)

Links of Interest: EM FY 2014 Budget Priorities EM Site Specific Advisory Board Site Treatment Plan for Mixed Wastes Stewardship URS | CH2M Oak Ridge, LLC (UCOR)* Wastren...

133

Sector 30 - useful links  

NLE Websites -- All DOE Office Websites (Extended Search)

Useful Links Sector 30 Sector Orientation Form HERIX experiment header for lab book MERIX experiment header for lab book Printing from your laptop at the beamline Other IXS sectors...

134

T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets 3: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service May 31, 2011 - 3:35pm Addthis PROBLEM: A vulnerability was reported in BIND. A remote user can cause denial of service conditions. PLATFORM: BIND Version(s): 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, 9.8.0 and later; prior to 9.4-ESV-R4-P1, 9.6-ESV-R4-P1, 9.7.3-P1, 9.8.0-P2 ABSTRACT: A remote DNS server can supply very large RRSIG RRsets in a negative response to trigger an off-by-one error in a buffer size check and cause the target requesting named process to crash. A remote user can cause named to crash. reference LINKS: SecurityTracker Alert ID: 1025575 SecurityTracker Alert ID: 1025572

135

BCDA Machine Status Link  

NLE Websites -- All DOE Office Websites (Extended Search)

Machine Status Link Machine Status Link Version 1.33 (December 2005) David M. Kline. The Machine Status Link (MSL) is responsible for distributing the digitized beam current, injection status, P0 clock, and other statuses over a single fiber to several locations around the Storage Ring. The MRD100 is a VME-based module that is part of the MSL and was specifically designed for the APS. It receives and interprets information from the XMS100 module by means of copper or fiber. Signals from the XMS100 module are sent at a P0 rate (3.667 microseconds). It sends two registers every cycle and all in about 12 cycles. Refer to the ASD website for additional information regarding the MSL. The focus of this page is to provide information of how to configure the MRD100 for a beamline IOC and to discuss the sample IOC

136

Global Climate Change Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Global Climate Change Links Global Climate Change Links This page provides links to web pages that we at CDIAC feel do a responsible job of presenting information and discussion pertinent to the science behind the global climate change ("global warming") debate. These sites include those on both sides of the debate; some asserting that global warming is a clear and present danger, and others that might be labeled global warming "skeptics." Some of these sites don't take a position per se; they exist to offer the public objective scientific information and results on our present understanding of the climate system. The list is not intended to be comprehensive, by any means. We hope it will be especially helpful for those who may be just beginning their research into global

137

All-Electric Vehicle Links  

NLE Websites -- All DOE Office Websites (Extended Search)

All-Electric Vehicle Links Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov website. We offer these external links for your convenience in...

138

Department of Energy Idaho - Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links DOE - HQ Headquarters - Washington, DC DOE - NE Office of Nuclear Energy DOE - EM Office of Environmental Management DOE Field Offices Radiological and Environmental...

139

Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Chapter Albuquerque, NM > Links Links "Promoting Equal Opportunity and Cultural Diversity for APAs in Government" FAPAC, Washington DC Printer-friendly version...

140

The Universe Adventure - Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Links Links Cosmology and Space Cosmic Journey A site chronicling the history of scientific cosmology, presented by the American Institute of Physics. Hubble Ultra-Deep Field Skywalker Lets you explore the famous Hubble Deep Field photo, which is the deepest view (in the visible spectrum) into the sky to date. QuietBay Constellation Tutorial A fun and easy tutorial to familiarize yourself with the night sky. Astronomy Picture of the Day Astronomy Picture of the Day features a new image from the universe every day, with short explanations written by professional astronomers. The Solar System NASA site that includes images and profiles of the planets (plus Pluto). Earth Guide An Earth planetary science site created by the Japan Science and Technology Agency describing many of the features of Earth and its place in the

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

Pages that link to "Rockies Area" | Open Energy Information  

Open Energy Info (EERE)

( links) Simply Efficient ( links) Solix Biofuels ( links) Sun Dog Energy ( links) Techsolas LLC ( links) Toltec Energy ( links) Tri...

142

Balanced link for dry coal extrusion pumps  

Science Conference Proceedings (OSTI)

A link which defines a link body that includes a multiple of link plates integral with a link body, the link body disposed at least partially forward of a forward edge of the multiple of link plates.

Bebejian, Maral

2013-10-22T23:59:59.000Z

143

Pages that link to "EU-UNDP Low Emission Capacity Building Programme...  

Open Energy Info (EERE)

( links) Argentina ( links) Egypt ( links) Moldova ( links) Thailand ( links) Colombia ( links) Peru ( links) Malaysia (...

144

T-589: Citrix XenApp and Citrix Presentation Server Bug | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

89: Citrix XenApp and Citrix Presentation Server Bug 89: Citrix XenApp and Citrix Presentation Server Bug T-589: Citrix XenApp and Citrix Presentation Server Bug March 28, 2011 - 3:05pm Addthis PROBLEM: Citrix XenApp and Citrix Presentation Server Bug in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: Citrix XenApp Presentation versions 4.5, 5 ABSTRACT: A vulnerability was reported in Citrix XenApp (Presentation Server). A remote user can execute arbitrary code on the target system. -------------------------------------------------------------------------------- LINKS: DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-589.shtml OTHER LINKS: Citrix Document: CTX128366 SecurityTracker Alert ID: 1025254 Citrix Support Technical Support Downloads --------------------------------------------------------------------------------

145

U-230: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets 0: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges U-230: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges August 8, 2012 - 7:00am Addthis PROBLEM: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges PLATFORM: Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) ABSTRACT: An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. reference LINKS: Advisory: RHSA-2012:1149-1 SecurityTracker Alert ID: 1027356 Sudo Main Page Bugzilla 844442 CVE-2012-3440 IMPACT ASSESSMENT: Medium Discussion: A local user can exploit a temporary file symbolic link flaw in the %postun

146

T-589: Citrix XenApp and Citrix Presentation Server Bug | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Citrix XenApp and Citrix Presentation Server Bug 9: Citrix XenApp and Citrix Presentation Server Bug T-589: Citrix XenApp and Citrix Presentation Server Bug March 28, 2011 - 3:05pm Addthis PROBLEM: Citrix XenApp and Citrix Presentation Server Bug in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: Citrix XenApp Presentation versions 4.5, 5 ABSTRACT: A vulnerability was reported in Citrix XenApp (Presentation Server). A remote user can execute arbitrary code on the target system. -------------------------------------------------------------------------------- LINKS: DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-589.shtml OTHER LINKS: Citrix Document: CTX128366 SecurityTracker Alert ID: 1025254 Citrix Support Technical Support Downloads --------------------------------------------------------------------------------

147

Fermilab | About FermiLINK  

NLE Websites -- All DOE Office Websites (Extended Search)

About FermiLINK About FermiLINK Fermilab Today September 28, 2009 Mentors wanted for Diversity Office's FermiLINK program Fermilab Today October 5, 2009 Mentors wanted for Diversity Office's FermiLINK program Fermilab Today October 13, 2009 FermiLINK Q&A session Fermilab Today November 9, 2009 FermiLINK calls for mentees FermiLINK is FermilabÂ’s mentorship system designed to create an organizational network of leaders by providing opportunities for professional development and career management. This support structure creates access to the counsel and institutional knowledge of successful Fermilab professionals independent of the immediate supervisory hierarchy. FermiLINK provides web-based access to a host of mentors for issue-specific work-related challenges and opportunities. The network supports email,

148

Pages that link to "London, England, United Kingdom" | Open Energy...  

Open Energy Info (EERE)

Limited ( links) UPC Renewables ( links) Uramin Inc ( links) VANE Uranium One JV ( links) Whitefox Technologies Ltd ( links) View (previous 50 |...

149

Pages that link to "Columbus, Ohio" | Open Energy Information  

Open Energy Info (EERE)

( links) Plug Smart ( links) The Ruhlin Company ( links) Edison Welding Institute ( links) Design Group, Inc. ( links) Clean Fuels Ohio ...

150

Argonne TDC: Intellectual Property Links  

Intellectual Property Links. Patent Law ? U.S. Patent and Trademark Office: Includes information on the patent and trademark process as well as a ...

151

EIA Energy Kids - Related Links  

U.S. Energy Information Administration (EIA)

Find free or low-cost resources with our database of Energy Education Resources: K-12th grade. Plus, find links to other helpful energy sites.

152

Energy Education and Workforce Development: Related Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Related Links to someone by E-mail Share Energy Education and Workforce Development: Related Links on Facebook Tweet about Energy Education and Workforce Development: Related Links...

153

U-255: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache Wicket Input Validation Flaw Permits Cross-Site 5: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks U-255: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks September 11, 2012 - 6:00am Addthis PROBLEM: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Apache Software Foundation Apache Wicket 1.5.5 Apache Software Foundation Apache Wicket 1.5-RC5.1 Apache Software Foundation Apache Wicket 1.4.20 Apache Software Foundation Apache Wicket 1.4.18 Apache Software Foundation Apache Wicket 1.4.17 Apache Software Foundation Apache Wicket 1.4.16 ABSTRACT: A vulnerability was reported in Apache Wicket reference LINKS: Apache Wicket SecurityTracker Alert ID: 1027508 Bugtraq ID: 55445 CVE-2012-3373 IMPACT ASSESSMENT: Medium Discussion: The software does not properly filter HTML code from user-supplied input in

154

U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: HP Onboard Administrator Bugs Let Remote Users Gain Access, 42: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks April 6, 2012 - 7:00am Addthis PROBLEM: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks PLATFORM: HP Onboard Administrator (OA) up to and including v3.32 ABSTRACT: A remote user can obtain potentially sensitive information. reference LINKS: HP Support Document ID: c03263573 SecurityTracker Alert ID: 1026889 CVE-2012-0128, CVE-2012-0129, CVE-2012-0130 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Onboard Administrator. A remote

155

U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Citrix Provisioning Services Unspecified Flaw Lets Remote 1: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code May 3, 2012 - 7:00am Addthis PROBLEM: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: 6.1 and prior ABSTRACT: A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1027004 Secunia Advisory SA48971 Citrix advisory IMPACT ASSESSMENT: Medium Discussion: A remote user can send a specially crafted packet to trigger an unspecified flaw and execute arbitrary code on the target system. The code will run with the privileges of the target service.

156

T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Apple QuickTime Multiple Bugs Let Remote Users Execute 4: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary June 24, 2011 - 4:39am Addthis PROBLEM: A vulnerability was reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): prior to QuickTime 7.6.8 ABSTRACT: A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. reference LINKS: SecurityTracker Alert ID: 1025705 Apple Security Article: HT4339 Apple Security Article: HT4723 Apple Security Article: HT1222 CVE-2011-0213 Secunia Advisory: SA45054 IMPACT ASSESSMENT High Discussion:

157

U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Microsoft Internet Explorer Flaw Lets Remote Users Execute 2: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code September 18, 2012 - 6:00am Addthis PROBLEM: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Internet Explorer 6, 7, 8, 9 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. reference LINKS: Bugtraq ID: 55562 Security Database KB2757760 Microsoft Security Advisory (2757760) SecurityTracker Alert ID: 1027538 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the

158

T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: PHP File Upload Bug May Let Remote Users Overwrite Files on 7: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System June 15, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in PHP. A remote user may be able to overwrite files on the target system. PLATFORM: PHP prior to 5.3.7 ABSTRACT: PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions may also be affected. reference LINKS: PHP Security Notice PHP CVE-2011-2202 SecurityTracker Alert ID: 1025659 Secunia Advisory: SA44874 CVE-2011-2202 IMPACT ASSESSMENT: High Discussion: The vulnerability lies in the 'SAPI_POST_HANDLER_FUNC()' function in

159

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

160

T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

15: Microsoft SharePoint Multiple Flaws Permit Cross-Site 15: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks September 13, 2011 - 12:35pm Addthis PROBLEM: Multiple vulnerabilities were reported in Microsoft SharePoint. A remote user can conduct cross-site scripting attacks. PLATFORM: Version(s): SharePoint software ABSTRACT: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks. reference LINKS: MS11-074: Article ID: 2552998 SecurityTracker Alert ID: 1026040 CVE-2011-1893 CVE-2011-1892 CVE-2011-1891 CVE-2011-1890 CVE-2011-0653 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted URL or web site that, when loaded by a target user, will cause arbitrary scripting code to be executed

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

162

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

704: RSA enVision Lets Remote Users View Files and Remote 704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

163

U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix XenServer Multiple Flaws in Web Self Service Have 6: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact February 17, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities were reported in Citrix XenServer Web Self Service. PLATFORM: Version(s): 5.5, 5.6 SP2, 6.0; Web Self Service prior to 1.1.1 ABSTRACT: A number of security vulnerabilities have been identified in the management web interface of Citrix XenServer Web Self Service. reference LINKS: Citrix Support Center SecurityTracker Alert ID:1026695 IMPACT ASSESSMENT: Medium Discussion: Customers who have installed XenServer but have not additionally downloaded and installed the optional Web Self Service component are not affected by these vulnerabilities. These vulnerabilities affect all currently supported

164

T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

664: Apache Santuario Buffer Overflow Lets Remote Users Deny 664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service July 8, 2011 - 12:32pm Addthis PROBLEM: A vulnerability was reported in Apache Santuario. A remote user can cause denial of service conditions. PLATFORM: Prior to 1.6.1 - Apache Santuario XML Security for C++ library versions prior to V1.6.1 ABSTRACT: A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker. reference LINKS: SecurityTracker Alert ID: 1025755 Bugzilla: 719698: CVE-2011-2516 xml-security-c The Apache Software Foundation - CVE-2011-2516

165

V-189: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users 9: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host V-189: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host July 1, 2013 - 12:48am Addthis PROBLEM: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host PLATFORM: VirtualBox 4.2.12 ABSTRACT: A vulnerability was reported in Oracle VirtualBox. REFERENCE LINKS: VirtualBox ticket: 11863 SecurityTracker Alert ID: 1028712 IMPACT ASSESSMENT: Medium DISCUSSION: A local user on the guest operating system can issue a 'tracepath' command to cause the network on the target host system to become unavailable. IMPACT: A local user on a guest operating system can cause denial of service conditions on the target host system.

166

V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: EMC NetWorker Module for Microsoft Applications Lets Remote 2: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords October 15, 2012 - 6:00am Addthis PROBLEM: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords PLATFORM: EMC NetWorker Module for Microsoft Applications 2.2.1, 2.3 prior to build 122, 2.4 prior to build 375 ABSTRACT: EMC NetWorker Module for Microsoft Applications Two Vulnerabilities REFERENCE LINKS: EMC Identifier: ESA-2012-025 Secunia Advisory SA50957 SecurityTracker Alert ID: 1027647 CVE-2012-2284 CVE-2012-2290 IMPACT ASSESSMENT: Medium DISCUSSION:

167

V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Linux Kernel Array Bounds Checking Flaw Lets Local Users 6: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges May 15, 2013 - 12:19am Addthis PROBLEM: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges PLATFORM: Version(s): 2.6.37 to 3.8.9 ABSTRACT: A vulnerability was reported in the Linux Kernel. REFERENCE LINKS: Linux Kernel SecurityTracker Alert ID: 1028565 CVE-2013-2094 IMPACT ASSESSMENT: Medium DISCUSSION: On systems compiled with PERF_EVENTS support, a local user can supply a specially crafted perf_event_open() call to execute arbitrary code on the target system with root privileges. The vulnerability resides in the perf_swevent_init() function in 'kernel/events/core.c'.

168

U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Google Chrome Multiple Flaws Let Remote Users Execute 3: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code July 16, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 20.0.1132.57 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: Stable Channel Update SecurityTracker Alert ID: 1027249 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

169

V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary 6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2012 - 6:00am Addthis PROBLEM: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: CA ARCserve Backup for Windows r12.5, r15, r16 ABSTRACT: Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. REFERENCE LINKS: SecurityTracker Alert ID: 1027683 CA Technologies Support CVE-2012-2971 CVE-2012-2972 IMPACT ASSESSMENT: High DISCUSSION: A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the

170

U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: HP Performance Manager Unspecified Bug Lets Remote Users 7: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes March 30, 2012 - 9:15am Addthis PROBLEM: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes PLATFORM: HP-UX B.11.31 HP-UX B.11.23 ABSTRACT: A remote user can execute arbitrary code on the target system. REFERENCE LINKS: HP Support Document ID: c03255321 SecurityTracker Alert ID: 1026869 CVE-2012-0127 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS).

171

U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference 8: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges March 19, 2012 - 7:00am Addthis PROBLEM: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges PLATFORM: ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0 ABSTRACT: A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system. reference LINKS: Secunia Advisory SA48378 SecurityTracker Alert ID: 1026818 CVE-2010-0405 IMPACT ASSESSMENT: Medium Discussion: A local user on a guest operating system can trigger a buffer overflow or null pointer dereference in the display drivers to execute arbitrary code

172

T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Virtual Server Environment Lets Remote Authenticated 8: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges April 22, 2011 - 7:47am Addthis PROBLEM: A vulnerability was reported in HP Virtual Server Environment. A remote authenticated user can obtain elevated privileges on the target system. PLATFORM: HP Virtual Server Environment prior to v6.3 ABSTRACT: A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges. reference LINKS: HP Document ID: c02749050 SecurityTracker Alert ID: 1025429 CVE-2011-1724 HP Insight Software media set 6.3 HP Technical Knowledge Base Discussion: System management and security procedures must be reviewed frequently to

173

V-063: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Adobe ColdFusion Bugs Let Remote Users Gain Access and 3: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information V-063: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information January 7, 2013 - 1:00am Addthis PROBLEM: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information PLATFORM: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX REFERENCE LINKS: Adobe Security Bulletin APSA13-01 SecurityTracker Alert ID: 1027938 CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 IMPACT ASSESSMENT: High DISCUSSION: A remote user can bypass authentication and take control of the target system [CVE-2013-0625]. Systems with password protection disabled or with no password set are affected.

174

T-691: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Flash Player Multiple Flaws Let Remote Users Execute 1: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code T-691: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code August 11, 2011 - 3:00pm Addthis PROBLEM: Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): 10.3.181.36 and prior; 10.3.185.25 and prior for Android. ABSTRACT: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: Security Bulletin: APSB11-21 SecurityTracker Alert ID: 1025907 CVE-2011-2425 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The

175

U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: HP Onboard Administrator Bugs Let Remote Users Gain Access, 2: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks April 6, 2012 - 7:00am Addthis PROBLEM: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks PLATFORM: HP Onboard Administrator (OA) up to and including v3.32 ABSTRACT: A remote user can obtain potentially sensitive information. reference LINKS: HP Support Document ID: c03263573 SecurityTracker Alert ID: 1026889 CVE-2012-0128, CVE-2012-0129, CVE-2012-0130 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Onboard Administrator. A remote

176

U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: RSA enVision Bugs Permit Cross-Site Scripting, SQL 9: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks March 20, 2012 - 7:00am Addthis PROBLEM: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks PLATFORM: 4.x, prior to 4.1 Patch 4 ABSTRACT: Several vulnerabilities were reported in RSA enVision. A remote user can access the system. A remote authenticated user can conduct cross-site scripting attacks. A remote authenticated user can inject SQL commands. A remote authenticated user can view files on the target system. Reference LINKS: SecurityTracker Alert ID: 1026819 CVE-2012-0403 IMPACT ASSESSMENT: High Discussion: The system does not properly filter HTML code from user-supplied input

177

V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: EMC RSA Archer GRC Open Redirection Weakness and Security 4: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue September 4, 2013 - 6:00am Addthis PROBLEM: A weakness and a security issue have been reported in EMC RSA Archer GRC PLATFORM: EMC RSA Archer GRC 5.x ABSTRACT: This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing attacks REFERENCE LINKS: Secunia Advisory SA54717 SecurityTracker Alert ID 1028971 EMC Identifier: ESA-2013-057 CVE-2013-3276 CVE-2013-3277 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application does not properly restrict deactivated users. This can be exploited by deactivated users to login and gain access to otherwise

178

V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Adobe ColdFusion Lets Local Users Bypass Sandbox 5: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions December 12, 2012 - 2:00am Addthis PROBLEM: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions PLATFORM: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX ABSTRACT: A vulnerability was reported in Adobe ColdFusion. REFERENCE LINKS: SecurityTracker Alert ID: 1027853 Adobe Vulnerability identifier: APSB12-26 CVE 2012-5675 IMPACT ASSESSMENT: High DISCUSSION: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using

179

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: RSA enVision Lets Remote Users View Files and Remote 4: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

180

U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Cisco IOS Intrusion Prevention System DNS Processing Bug 9: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service September 27, 2012 - 4:07am Addthis PROBLEM: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service PLATFORM: Devices configured with Cisco IOS IPS are affected ABSTRACT: A vulnerability was reported in Cisco IOS. reference LINKS: SecurityTracker Alert ID: 1027580 Cisco Security Advisory CVE-2012-3950 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can send specially crafted (but legitimate) DNS packets through the target device to cause the device to

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

U-203: HP Photosmart Bug Lets Remote Users Deny Service | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

03: HP Photosmart Bug Lets Remote Users Deny Service 03: HP Photosmart Bug Lets Remote Users Deny Service U-203: HP Photosmart Bug Lets Remote Users Deny Service July 2, 2012 - 8:00am Addthis PROBLEM: HP Photosmart Bug Lets Remote Users Deny Service PLATFORM: HP Photosmart Wireless e-All-in-One Printer series - B110 HP Photosmart e-All-in-One Printer series - D110 HP Photosmart Plus e-All-in-One Printer series - B210 HP Photosmart eStation All-in-One Printer series - C510 HP Photosmart Ink Advantage e-All-in-One Printer series - K510 HP Photosmart Premium Fax e-All-in-One Printer series - C410 ABSTRACT: A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions. Reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027213 CVE-2012-2017 IMPACT ASSESSMENT: High Discussion:

182

U-223: Bugzilla May Disclose Confidential Information to Remote Users |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Bugzilla May Disclose Confidential Information to Remote 3: Bugzilla May Disclose Confidential Information to Remote Users U-223: Bugzilla May Disclose Confidential Information to Remote Users July 30, 2012 - 7:00am Addthis PROBLEM: Bugzilla May Disclose Confidential Information to Remote Users PLATFORM: Version(s): 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 ABSTRACT: Two vulnerabilities were reported in Bugzilla. reference LINKS: The Vendor's Advisory Security Advisories CVE-2012-1969 CVE-2012-1968 SecurityTracker Alert ID: 1027320 Bug 777586 IMPACT ASSESSMENT: High Discussion: Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and attachments

183

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

184

U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

31: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service 31: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service August 9, 2012 - 7:00am Addthis PROBLEM: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service PLATFORM: Version(s): ASA 5500 Series; 8.2 - 8.4 ABSTRACT: Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions. reference LINKS: Release Notes for the Cisco ASA 5500 Series, 8.4(x) SecurityTracker Alert ID: 1027355 CVE-2012-2472 CVE-2012-2474 IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in Cisco ASA. 1. On systems with SIP inspection enabled, a remote user can send specially crafted SIP traffic to cause the target device to create many identical

185

U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, 2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information July 27, 2012 - 7:00am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Version(s):Apple Safari prior to 6.0 ABSTRACT: Multiple vulnerabilities were reported in Apple Safari. reference LINKS: The Vendor's Advisory Bugtraq ID: 54683 SecurityTracker Alert ID: 1027307 IMPACT ASSESSMENT:

186

U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute 80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code January 12, 2012 - 9:00am Addthis PROBLEM: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code PLATFORM: Linux ABSTRACT: A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Linux Kernel Update SecurityTracker Alert ID: 1026512 CVE-2012-0038 Red Hat Bugzilla Bug 773280 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a filesystem that, when mounted by the target user, will execute arbitrary code on the target user's system. Impact: A remote user can create a specially crafted filesystem that, when mounted

187

V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

10: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote 10: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions October 25, 2012 - 6:00am Addthis PROBLEM: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions PLATFORM: 3COM, and H3C Routers & Switches Specific products and model numbers is provided in the vendor's advisory. ABSTRACT: A vulnerability was reported in 3Com, HP, and H3C Switches. REFERENCE LINKS: HP Support document ID: c03515685 SecurityTracker Alert ID: 1027694 CVE-2012-3268 IMPACT ASSESSMENT: High DISCUSSION: A remote user with knowledge of the SNMP public community string can access potentially sensitive data (e.g., user names, passwords) in the

188

T-722: IBM WebSphere Commerce Edition Input Validation Holes Permit  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM WebSphere Commerce Edition Input Validation Holes Permit 2: IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks T-722: IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks September 21, 2011 - 8:15am Addthis PROBLEM: IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks. PLATFORM: WebSphere Commerce Edition V7.0 ABSTRACT: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the IBM WebSphere software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. reference LINKS: IBM Recommended Fixes for WebSphere Commerce IBM Support SecurityTracker Alert ID: 1026074

189

V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code 5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle Java Flaws Let Remote Users Execute Arbitrary Code PLATFORM: JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier ABSTRACT: Several vulnerabilities were reported in Oracle Java. REFERENCE LINKS: Updated Release of the February 2013 Oracle Java SE Critical Patch Update SecurityTracker Alert ID: 1028155 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted Java Web Start application or Java applet that, when loaded by the target user, will execute arbitrary

190

T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' 8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks August 22, 2011 - 3:54pm Addthis PROBLEM: A vulnerability was reported in Adobe ColdFusion. A remote user can conduct cross-site scripting attacks. PLATFORM: Adobe ColdFusion 9.x ABSTRACT: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks. reference LINKS: Adobe Vulnerability Report Adobe Security Bulletin ColdFusion Support SecurityTracker Alert ID: 1025957 IMPACT ASSESSMENT: Medium Discussion: The 'probe.cfm' script does not properly filter HTML code from user-supplied input in the 'name' parameter before displaying the input. A remote user can create a specially crafted URL that, when loaded by a

191

V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site 0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information April 23, 2013 - 12:26am Addthis PROBLEM: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information PLATFORM: Apache ActiveMQ versions prior to 5.8.0 ABSTRACT: Several vulnerabilities were reported in Apache ActiveMQ. REFERENCE LINKS: Apache ActiveMQ SecurityTracker Alert ID: 1028457 CVE-2012-6092 CVE-2012-6551 CVE-2013-3060 IMPACT ASSESSMENT: High DISCUSSION: Several web demos do not properly filter HTML code from user-supplied input

192

V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated 1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges February 28, 2013 - 12:05am Addthis PROBLEM: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges PLATFORM: VSE 8.8 Patch 2 with Access Protection, including Self Protection, turned off ABSTRACT: A vulnerability was reported in McAfee VirusScan Enterprise. REFERENCE LINKS: McAfee Security Bulletins ID: SB10038 SecurityTracker Alert ID: 1028209 IMPACT ASSESSMENT: Medium DISCUSSION: When Access Protection has been disabled, a local user can gain full control of the target application IMPACT: A local user can obtain elevated privileges on the target system. SOLUTION: The vendor has issued a fix (8.8 Patch 2 with HF778101, 8.8 Patch 3)

193

T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Skype Input Validation Flaw in 'mobile phone' Profile Entry 0: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks July 18, 2011 - 7:09am Addthis PROBLEM: A vulnerability was reported in Skype. A remote user can conduct cross-site scripting attacks. PLATFORM: 5.3.0.120 and prior versions ABSTRACT: The software does not properly filter HTML code from user-supplied input in the The "mobile phone" profile entry before displaying the input. reference LINKS: SecurityTracker Alert ID: 1025789 Skype Security Advisory KoreSecure News H Security ID: 1279864 IMPACT ASSESSMENT: High Discussion: Skype suffers from a persistent Cross-Site Scripting vulnerability due to a lack of input validation and output sanitization of the "mobile phone"

194

U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Linux Kernel NFSv4 ACL Attribute Processing Error Lets 7: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code November 16, 2011 - 7:43am Addthis PROBLEM: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Kernel version 2.6.x ABSTRACT: A remote server can cause the target connected client to crash. reference LINKS: The Linux Kernel Archives CVE-2011-4131 SecurityTracker Alert ID: 1026324 Linux Kernel [PATCH 1/1] NFSv4 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in the Linux Kernel. A remote user can cause denial of service conditions. Impact: A remote server can return specially crafted data to the connected target

195

V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: Cisco Prime Data Center Network Manager JBoss RMI Services 14: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands November 1, 2012 - 6:00am Addthis PROBLEM: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands PLATFORM: All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability. ABSTRACT: A vulnerability was reported in Cisco Prime Data Center Network Manager. REFERENCE LINKS: Cisco Advisory ID: cisco-sa-20121031-dcnm SecurityTracker Alert ID: 1027712 CVE-2012-5417 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability exists because JBoss Application Server Remote Method

196

U-132: Apache Wicket Input Validation Flaw in 'wicket:pageMapName'  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' 2: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks U-132: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks March 23, 2012 - 7:42am Addthis PROBLEM: Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks PLATFORM: Apache Wicket 1.4.x ABSTRACT: A remote user can conduct cross-site scripting attacks. reference LINKS: Apache Wicket CVE-2012-0047 SecurityTracker Alert ID: 1026839 IMPACT ASSESSMENT: High Discussion: The software does not properly filter HTML code from user-supplied input in the 'wicket:pageMapName' request parameter before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target

197

V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache Tomcat Bug Lets Remote Users Bypass Security 0: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints December 5, 2012 - 1:00am Addthis PROBLEM: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints PLATFORM: Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.29 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat Red Hat Bugzilla - Bug 883634 SecurityTracker Alert ID: 1027833 CVE-2012-3546 IMPACT ASSESSMENT: High DISCUSSION: When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to

198

T-705: Linux Kernel Weakness in Sequence Number Generation Facilitates  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

05: Linux Kernel Weakness in Sequence Number Generation 05: Linux Kernel Weakness in Sequence Number Generation Facilitates Packet Injection Attacks T-705: Linux Kernel Weakness in Sequence Number Generation Facilitates Packet Injection Attacks August 30, 2011 - 3:46am Addthis PROBLEM: A remote user can conduct packet injection attacks. PLATFORM: Linux Kernel ABSTRACT: Linux Kernel Weakness in Sequence Number Generation Facilitates Packet Injection Attacks. reference LINKS: SecurityTracker Alert ID: 1025977 CVE-2011-3188 (under review) The Linux Kernel Archives IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in the Linux Kernel. A remote user can conduct packet injection attacks. The kernel's sequence number generation function uses partial MD4 with 24-bits unguessable. A remote user may be able to brute-force guess a valid sequence number to inject a packet into a

199

V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: EMC AlphaStor Command Injection and Format String Flaws Let 5: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code January 23, 2013 - 12:26am Addthis PROBLEM: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code PLATFORM: EMC AlphaStor 4.0 prior to build 800 (All platforms) ABSTRACT: Two vulnerabilities were reported in EMC AlphaStor. REFERENCE LINKS: ESA-2013-008: SecurityTracker Alert ID: 1028020 Secunia Advisory SA51930 CVE-2013-0928 CVE-2013-0929 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send a specially crafted DCP run command to inject commands and cause the Device Manager (rrobotd.exe) to execute arbitrary code on the target system [CVE-2013-0928].

200

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

27: Adobe InDesign Server SOAP Interface Lets Remote Users 27: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands November 19, 2012 - 2:30am Addthis PROBLEM: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands PLATFORM: CS5.5 7.5.0.142; possibly other versions ABSTRACT: Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability REFERENCE LINKS: Secunia Advisory SA48572 SecurityTracker Alert ID: 1027783 Adobe IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system. A remote user can send a specially crafted "RunScript" SOAP message to

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

U-277: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Google Chrome Multiple Flaws Let Remote Users Execute 7: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-277: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code October 9, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: SecurityTracker Alert ID: 1027617 Stable Channel Update CVE-2012-2900 CVE-2012-5108 CVE-2012-5109 CVE-2012-5110 CVE-2012-5111 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A crash may occur in Skia text rendering [CVE-2012-2900].

202

U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

60: Google Chrome Multiple Flaws Let Remote Users Execute 60: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code May 2, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Prior to 18.0.1025.168 ABSTRACT: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system reference LINKS: SecurityTracker Alert ID: 1027001 CVE-2011-3078 CVE-2011-3079 CVE-2011-3080 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will

203

T-712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement  

NLE Websites -- All DOE Office Websites (Extended Search)

712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and 712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update T-712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update September 8, 2011 - 10:30am Addthis PROBLEM: A flaw was discovered in Cumin where it would log broker authentication credentials to the Cumin log file. A vulnerability was reported in Red Hat Enterprise MRG Grid. A local user can access the broker password. PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5) ABSTRACT: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update. reference LINKS: RHSA-2011:1249-1 SecurityTracker Alert ID: 1026021 CVE-2011-2925 IMPACT ASSESSMENT: Medium Discussion: A local user exploiting this flaw could connect to the broker outside of Cumin's control and perform certain operations such as scheduling jobs,

204

U-003:RPM Package Manager security update | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

03:RPM Package Manager security update 03:RPM Package Manager security update U-003:RPM Package Manager security update October 4, 2011 - 1:30pm Addthis PROBLEM: A vulnerability was reported in RPM Package Manager. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): 4.9.1.1 and prior versions. ABSTRACT: RPM Package Manager Header Validation Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: RPM Package Manager Advisory RHSA-2011:1349-1 SecurityTracker Alert ID: 1026134 CVE-2011-3378 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted RPM package that, when queried or installed by the target user, will trigger a buffer overflow or memory corruption error and execute arbitrary code on the target system. The code

205

U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9:Apache Struts ParameterInterceptor() Flaw Lets Remote Users 9:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands January 26, 2012 - 6:45am Addthis PROBLEM: Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands PLATFORM: Struts 2.0.0 - Struts 2.3.1.1 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: CVE-2011-3923 SecurityTracker Alert ID: 1026575 Apache Struts 2 Documentation S2-009 blog.o0o.nu IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache Struts. The vulnerability allows a malicious user to bypass all the protections (regex pattern, deny method invocation) built into the ParametersInterceptor, thus being able to inject

206

T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users 7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information August 31, 2011 - 12:00pm Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user can bypass authentication or obtain potentially sensitive information. PLATFORM: Apache Tomcat 5.5.0 to 5.5.33, 6.0.0 to 6.0.33, 7.0.0 to 7.0.20 ABSTRACT: Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information. reference LINKS: SecurityTracker Alert ID: 1025993 CVE-2011-3190 (under review) Apache Tomcat Security Updates IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A remote user can bypass

207

T-721:Mac OS X Directory Services Lets Local Users View User Password  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

21:Mac OS X Directory Services Lets Local Users View User 21:Mac OS X Directory Services Lets Local Users View User Password Hashes T-721:Mac OS X Directory Services Lets Local Users View User Password Hashes September 20, 2011 - 8:45am Addthis PROBLEM: Mac OS X Directory Services Lets Local Users View User Password Hashes. PLATFORM: Mac OS X Lion (10.7) ABSTRACT: A local user can view user password hashes. reference LINKS: SecurityTracker Alert ID: 1026067 Apple Support Downloads Apple Security Updates Apple OS X Lion v10.7.1 Update IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Mac OS X. A local user can view user password hashes. A local user can invoke the following Directory Services command line command to view the password hash for the target user: dscl localhost -read /Search/Users/[target user] A local user can change their

208

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

84: Cisco Digital Media Manager Lets Remote Authenticated Users 84: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

209

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

210

U-001:Symantec IM Manager Input Validation Flaws | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-001:Symantec IM Manager Input Validation Flaws U-001:Symantec IM Manager Input Validation Flaws U-001:Symantec IM Manager Input Validation Flaws October 3, 2011 - 12:45pm Addthis PROBLEM: Symantec IM Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Code Execution Attacks. PLATFORM: Version(s): prior to 8.4.18 ABSTRACT: Symantec IM Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Code Execution Attacks. reference LINKS: Security Advisory: SYM11-012 SecurityTracker Alert ID: 1026130 IMPACT ASSESSMENT: Medium Discussion: Several vulnerabilities were reported in Symantec IM Manager. A remote user can conduct cross-site scripting attacks. A remote user can inject SQL commands. Several scripts do not properly filter HTML code from user-supplied input before displaying the input [CVE-2011-0552]. A remote user can create a

211

U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

70: Apple QuickTime Multiple Flaws Let Remote Users Execute 70: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code May 16, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: prior to 7.7.2 ABSTRACT: Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. Reference LINKS: SecurityTracker Alert ID: 1027065 CVE-2012-0265 CVE-2012-0663 CVE-2012-0664 CVE-2012-0665 CVE-2012-0666 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Only Windows-based systems

212

V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

09: Adobe Shockwave Player Buffer Overflows and Array Error Lets 09: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code October 24, 2012 - 6:00am Addthis PROBLEM: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh ABSTRACT: Several vulnerabilities were reported in Adobe Shockwave. REFERENCE LINKS: Adobe Security bulletin SecurityTracker Alert ID: 1027692 CVE-2012-4172 CVE-2012-4173 CVE-2012-4174 CVE-2012-4175 CVE-2012-4176 CVE-2012-5273 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on

213

V-109: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

09: Google Chrome WebKit Type Confusion Error Lets Remote Users 09: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code V-109: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code March 12, 2013 - 12:11am Addthis PROBLEM: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 25.0.1364.160 ABSTRACT: A vulnerability was reported in Google Chrome. REFERENCE LINKS: Stable Channel Update SecurityTracker Alert ID: 1028266 CVE-2013-0912 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a type confusion error in WebKit and execute arbitrary code on the target system. The code will run with the privileges

214

U-194: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Symantec LiveUpdate Administrator Lets Local Users Gain 4: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privledges U-194: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privledges June 19, 2012 - 7:00am Addthis PROBLEM: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privileges . PLATFORM: Version(s): 2.3 and prior versions Abstract: Users Gain Elevated Privileges reference LINKS: Vendor Advisory SecurityTracker Alert ID: 1027182 CVE-2012-0304 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Symantec LiveUpdate Administrator. A local user can obtain elevated privileges on the target system.The default installation of Symantec LiveUpdate Administrator installs files with full control privileges granted to the 'Everyone' group.A local user can exploit

215

T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: HP Diagnostics Input Validation Hole Permits Cross-Site 0: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks March 29, 2011 - 3:05pm Addthis PROBLEM: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: HP Diagnostics software: version(s) 7.5, 8.0 prior to 8.05.54.225 ABSTRACT: A potential security vulnerability has been identified in HP Diagnostics. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). reference LINKS: HP Document ID: c02770512 SecurityTracker Alert ID: 1025255 CVE-2011-0892 Security Focus Document ID: c02770512 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP Diagnostics. A remote user can conduct

216

U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 5: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code December 8, 2011 - 8:30am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code . PLATFORM: Adobe Flash Player 11.1.102.55 on Windows and Mac OS X and prior versions ABSTRACT: Two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead were reported in Adobe Flash Player. reference LINKS: Secunia Advisory: SA47161 SecurityTracker Alert ID: 1026392 CVE-2011-4693 CVE-2011-4694 IMPACT ASSESSMENT: High Discussion: A remote or local user can obtain potentially sensitive information. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted SWF file that, when

217

V-179: Blackberry Z10 Flaw Lets Physically Local Users Access the Device |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Blackberry Z10 Flaw Lets Physically Local Users Access the 9: Blackberry Z10 Flaw Lets Physically Local Users Access the Device V-179: Blackberry Z10 Flaw Lets Physically Local Users Access the Device June 17, 2013 - 1:09am Addthis PROBLEM: Blackberry Z10 Flaw Lets Physically Local Users Access the Device PLATFORM: BlackBerry 10 OS version 10.0.10.261 and earlier, except version 10.0.9.2743 ABSTRACT: A vulnerability was reported in Blackberry Z10 Smartphones. REFERENCE LINKS: BlackBerry Security Advisory KB34458 SecurityTracker Alert ID: 1028669 CVE-2013-3692 IMPACT ASSESSMENT: Medium DISCUSSION: On systems with BlackBerry Protect enabled, if the user resets the device password via BlackBerry Protect and downloads a specifically crafted applications, then a physically local user can access or modify data on the device. The vulnerability is due to unsafe permissions on a BlackBerry Protect

218

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

219

U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-025: HP OpenView Network Node Manager Bugs Let Remote Users U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code November 2, 2011 - 8:00am Addthis PROBLEM: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: HP OpenView Network Node Manager (OV NNM) v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Support Center Document ID: c03054052 SecurityTracker Alert ID: 1026260 CVE-2011-1365 CVE-2011-1366 CVE-2011-1367 IMPACT ASSESSMENT: Medium Discussion: Several vulnerabilities were reported in HP OpenView Network Node Manager. A remote user can execute arbitrary code on the target system.

220

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

204: HP Network Node Manager i Input Validation Hole Permits 204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution,  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, 3: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks February 1, 2012 - 5:51am Addthis PROBLEM: Multiple vulnerabilities were reported in Mozilla Firefox. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) Version(s): prior to 3.2.26; prior to 10.0 ABSTRACT: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting. reference LINKS: SecurityTracker Alert ID: 1026605 CVE-2011-3659, CVE-2012-0442 CVE-2012-0443, CVE-2012-0444 CVE-2012-0445, CVE-2012-0446 CVE-2012-0447, CVE-2012-0449 CVE-2012-0450 Vendor Site IMPACT ASSESSMENT:

222

T-671: Red Hat system-config-firewall Lets Local Users Gain Root Privileges  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Red Hat system-config-firewall Lets Local Users Gain Root 1: Red Hat system-config-firewall Lets Local Users Gain Root Privileges T-671: Red Hat system-config-firewall Lets Local Users Gain Root Privileges July 19, 2011 - 2:42pm Addthis PROBLEM: A vulnerability was reported in Red Hat system-config-firewall. A local user can obtain root privileges on the target system. PLATFORM Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.1.z) Red Hat Enterprise Linux Workstation (v. 6) ABSTRACT: Red Hat system-config-firewall Lets Local Users Gain Root Privileges reference LINKS: RHSA-2011:0953-1 SecurityTracker Alert ID: 1025793 CVE-2011-2520 Red hat Article ID: 11259 IMPACT ASSESSMENT: Medium Discussion: The system-config-firewall utility uses the Python pickle module in an

223

U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Flaws Let Remote Users Execute 0: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code May 2, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Prior to 18.0.1025.168 ABSTRACT: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system reference LINKS: SecurityTracker Alert ID: 1027001 CVE-2011-3078 CVE-2011-3079 CVE-2011-3080 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will

224

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: HP IBRIX X9000 Storage Discloses Information to Remote Users 5: HP IBRIX X9000 Storage Discloses Information to Remote Users U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users October 5, 2012 - 6:00am Addthis PROBLEM: HP IBRIX X9000 Storage Discloses Information to Remote Users PLATFORM: Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251 ABSTRACT: A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information. reference LINKS: HP Security Bulletin: c03510876 SecurityTracker Alert ID: 1027590 CVE-2012-3266 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the

225

V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

20: Apple QuickTime Multiple Flaws Let Remote Users Execute 20: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista and XP. ABSTRACT: Multiple vulnerabilities were reported in Apple QuickTime. REFERENCE LINKS: Apple Security Article: HT5581 SecurityTracker Alert ID: 1027737 Bugtraq ID: 56438 Secunia Advisory SA51226 CVE-2011-1374 CVE-2012-3751 CVE-2012-3752 CVE-2012-3753 CVE-2012-3754 CVE-2012-3755 CVE-2012-3756 CVE-2012-3757 CVE-2012-3758 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Apple QuickTime, which can

226

U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

26: Cisco Adaptive Security Appliances Port Forwarder ActiveX 26: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability March 16, 2012 - 7:00am Addthis PROBLEM: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability PLATFORM: Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Secunia Advisory SA48422 SecurityTracker Alert ID: 1026799 CVE-2012-0358 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted HTML that, when loaded by the

227

U-090: RSA enVision Discloses Environment Variable Information to Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: RSA enVision Discloses Environment Variable Information to 0: RSA enVision Discloses Environment Variable Information to Remote Users U-090: RSA enVision Discloses Environment Variable Information to Remote Users January 27, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in RSA enVision PLATFORM: Version(s): 4.0 prior to 4.0 SP4 P5, 4.1 prior to 4.1 P3 ABSTRACT: A remote user can view potentially sensitive data on the target system. reference LINKS: CVE-2011-4143 SecurityTracker Alert ID: 1026591 Secunia Advisory IMPACT ASSESSMENT: Medium Discussion: The security issue is caused due to the application disclosing certain environment variables containing web system setup information via the web interface. Further information about this resolution and other fixes can be found in the Release Notes associated with RSA enVision 4.1, Patch 3 and

228

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Cisco Digital Media Manager Lets Remote Authenticated Users 4: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

229

U-071:HP Database Archiving Software Bugs Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1:HP Database Archiving Software Bugs Let Remote Users Execute 1:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code U-071:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code December 29, 2011 - 8:15am Addthis PROBLEM: HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Database Archiving Software v6.31 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Database Document ID: c03128302 SecurityTracker Alert ID: 1026467 CVE-2011-4163 CVE-2011-4164 CVE-2011-4165 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Database Archiving Software. A remote user can execute arbitrary code on the target system. Impact: A remote user can execute arbitrary code on the target system. Solution:

230

V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, 5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information November 2, 2012 - 6:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information PLATFORM: Apple iOS prior to 6.0.1 ABSTRACT: Three vulnerabilities were reported in Apple iOS. REFERENCE LINKS: Apple Article: HT5567 SecurityTracker Alert ID: 1027716 Bugtraq ID: 56363 CVE-2012-3748 CVE-2012-3749 CVE-2012-3750 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the

231

U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: RSA Adaptive Authentication Bugs Let Remote Users Bypass 1: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls December 14, 2011 - 8:17am Addthis PROBLEM: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3 6.0.2.1 SP2 and SP2 Patch 1 6.0.2.1 SP3 ABSTRACT: A remote user may be able to bypass certain security controls. reference LINKS: SecurityTracker Alert ID: 1026420 Security Focus: ESA-2011-036 IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA Adaptive Authentication (On-Premise). A remote user may be able to bypass certain security controls. A remote user can send specially crafted data elements to affect the Device

232

U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass 7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access August 29, 2012 - 6:00am Addthis PROBLEM: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access PLATFORM: EMC Cloud Tiering Appliance (CTA) 7.4 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 7.4 and prior EMC Cloud Tiering Appliance (CTA) 9.0 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and prior ABSTRACT: A vulnerability was reported in EMC Cloud Tiering Appliance. reference LINKS: SecurityTracker Alert ID: 1027448 Bugtraq ID: 55250 EMC.com CVE-2012-2285 IMPACT ASSESSMENT:

233

V-078: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: WordPress Bugs Permit Cross-Site Scripting and Port Scanning 8: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks V-078: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks January 28, 2013 - 12:32am Addthis PROBLEM: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks PLATFORM: WordPress all versions are affected prior to 3.5.1 ABSTRACT: WordPress 3.5.1 Maintenance and Security Release REFERENCE LINKS: WordPress News SecurityTracker Alert ID: 1028045 Secunia Advisory SA51967 IMPACT ASSESSMENT: Medium DISCUSSION: Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the WordPress software and will run in the security

234

T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Google Chrome Multiple Flaws Let Remote Users Execute 74: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 10, 2011 - 3:05pm Addthis PROBLEM: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass the pop-up blocker. PLATFORM: Google Chrome prior to 10.0.648.127 ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system. reference LINKS: Secunia Advisory: SA43683 Google Chrome Support Chrome Stable Release SecurityTracker Alert ID:1025181

235

V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated 1: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges V-101: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges February 28, 2013 - 12:05am Addthis PROBLEM: McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges PLATFORM: VSE 8.8 Patch 2 with Access Protection, including Self Protection, turned off ABSTRACT: A vulnerability was reported in McAfee VirusScan Enterprise. REFERENCE LINKS: McAfee Security Bulletins ID: SB10038 SecurityTracker Alert ID: 1028209 IMPACT ASSESSMENT: Medium DISCUSSION: When Access Protection has been disabled, a local user can gain full control of the target application IMPACT: A local user can obtain elevated privileges on the target system. SOLUTION: The vendor has issued a fix (8.8 Patch 2 with HF778101, 8.8 Patch 3)

236

T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Linux Kernel dns_resolver Key Processing Error Lets Local 1: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services March 7, 2011 - 3:05pm Addthis PROBLEM: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services. PLATFORM: Linux Kernel 2.6.37 and prior versions ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID:1025162 Latest Stable Kernel CVE-2011-1076 IMPACT ASSESSMENT: High Discussion: When a DNS resolver key is instantiated with an error indication, a local user can attempt to read the key to trigger a null pointer dereference and cause a kernel crash. A local user can cause the target system to crash.

237

U-044: HP Operations Agent and Performance Agent Lets Local Users Access a  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

44: HP Operations Agent and Performance Agent Lets Local Users 44: HP Operations Agent and Performance Agent Lets Local Users Access a Restricted Directory U-044: HP Operations Agent and Performance Agent Lets Local Users Access a Restricted Directory November 23, 2011 - 8:00am Addthis PROBLEM: HP Operations Agent and Performance Agent Lets Local Users Access a Restricted Directory. PLATFORM: HP Operations Agent v11.00 and Performance Agent v4.73, v5.0 for AIX, HP-UX, Linux, and Solaris ABSTRACT: A local user can access a directory on the target system. reference LINKS: HP Security Bulletin Document ID: c03091656 CVE-2011-4160 SecurityTracker Alert ID: 1026345 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Operations Agent and Performance Agent. A local user can access data on the target system. A local user can gain

238

U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root 6: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges U-056: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges December 9, 2011 - 8:00am Addthis PROBLEM: Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges. PLATFORM: Linux kernel ABSTRACT: A vulnerability was reported in the Linux Kernel. reference LINKS: The Linux Kernel Archives SecurityTracker Alert ID: 1026395 CVE-2011-4330 IMPACT ASSESSMENT: Medium Discussion: When a specially crafted Hierarchical File System (HFS) file system is mounted, a local user can to trigger a buffer overflow and execute arbitrary code on the target system with root privileges. The vulnerability resides in the hfs_mac2asc() function. Impact: A local user can obtain root privileges on the target system.

239

V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Firefly Media Server Null Pointer Dereference Lets Remote 5: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service December 26, 2012 - 9:00am Addthis PROBLEM: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service PLATFORM: Version(s): 1.0.0.1359 and prior ABSTRACT: A vulnerability was reported in Firefly Media Server REFERENCE LINKS: SecurityTracker Alert ID: 1027917 HTB Advisory ID: HTB23129 CVE-2012-5875 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to trigger a null pointer dereference and cause the target service to crash. IMPACT: A remote user can cause denial of service conditions. SOLUTION: No solution was available at the time of this entry. Addthis

240

U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-213: Google Chrome Multiple Flaws Let Remote Users Execute U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code July 16, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 20.0.1132.57 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: Stable Channel Update SecurityTracker Alert ID: 1027249 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

242

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

243

V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP-UX Directory Server Discloses Passwords to Remote 6: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users May 29, 2013 - 12:32am Addthis PROBLEM: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users PLATFORM: Directory Server B.08.10.04 ABSTRACT: Two vulnerabilities were reported in HP-UX Directory Server. REFERENCE LINKS: HP Document ID: c03772083 SecurityTracker Alert ID: 1028593 CVE-2012-2678 CVE-2012-2746 IMPACT ASSESSMENT: High DISCUSSION: A local user can access the plaintext password in certain cases [CVE-2012-2678]. A remote authenticated user can can view the password for a target LDAP user when audit logging is enabled by reading the audit log [CVE-2012-2678].

244

U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

08: Symantec Data Loss Prevention Bugs in KeyView Filter Lets 08: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service October 11, 2011 - 8:00am Addthis PROBLEM: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service PLATFORM: Symantec Data Loss Prevention Enforce/Detection Servers for Windows 10.x, 11.x ABSTRACT: A remote user can create a file that, when processed by the target filter, will cause partial denial of service conditions. reference LINKS: Symantec Security Advisory SYM11-013 SecurityTracker Alert ID: 1026157 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities were reported in Symantec Data Loss Prevention. A remote user can cause denial of service conditions on the target system.A

245

U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Red Hat Certificate System Bugs Let Remote Users Conduct 7: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks July 20, 2012 - 7:00am Addthis PROBLEM: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks PLATFORM: Red Hat Certificate System v8 ABSTRACT: Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate. reference LINKS: Advisory: RHSA-2012:1103-1 SecurityTracker Alert ID: 1027284 CVE-2012-2662 CVE-2012-3367 IMPACT ASSESSMENT: Medium Discussion: The Agent and End Entity pages do not properly filter HTML code from

246

T-588: HP Virtual SAN Appliance Stack Overflow | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-588: HP Virtual SAN Appliance Stack Overflow T-588: HP Virtual SAN Appliance Stack Overflow T-588: HP Virtual SAN Appliance Stack Overflow March 25, 2011 - 5:05pm Addthis PROBLEM: HP Virtual SAN Appliance Stack Overflow in 'hydra.exe' Lets Remote Users Execute Arbitrary Code. PLATFORM: HP StorageWorks P4000 Virtual SAN Appliance Software ABSTRACT: A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Secunia advisory 34782 SecurityTracker Alert ID: 1025249 ZDI-11-111 Bugtraq ID: 47005 IMPACT ASSESSMENT: High Discussion: Hewlett-Packard Virtual SAN Appliance is prone to a remote buffer-overflow vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in

247

U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: RSA SecurID Software Token for Windows DLL Loading Error 3: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code December 16, 2011 - 8:00am Addthis PROBLEM: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code. PLATFORM: RSA SecurID Software Token 4.1 for Microsoft Windows ABSTRACT: A remote user can cause the target application to execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026426 ESA-2011-039 Secunia Advisory: SA45665 Securityfocus Advisory CVE-2011-4141 RSA Online Fraud Resource Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in RSA SecurID Software Token. A remote user

248

U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Symantec Web Gateway Input Validation Flaws Lets Remote 19: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords July 24, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords PLATFORM: Symantec Web Gateway 5.0.x.x ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. REFERENCE LINKS: Security Advisories Relating to Symantec Products SecurityTracker Alert ID: 1027289 Bugtraq ID: 54424 Bugtraq ID: 54425 Bugtraq ID: 54426 Bugtraq ID: 54427 Bugtraq ID: 54429 Bugtraq ID: 54430

249

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP StorageWorks File Migration Agent Buffer Overflows Let 6: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. 1. (ZDI-12-127) The specific flaw exists within the HsmCfgSvc.exe service

250

U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny 07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. PLATFORM: Nexus 1000v, 5000, and 7000 Series Switches ABSTRACT: A remote user can send a specially crafted IP packet to cause the target device to reload. reference LINKS: Cisco Advisory SecurityTracker Alert ID:1026692 CVE-2012-0352 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. A remote user can send a specially crafted IP packet to cause the target device to reload. The vulnerability occurs when the device attepts to obtain Layer 4 (e.g.,

251

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

252

U-168: EMC Documentum Information Rights Management Server Bugs Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

168: EMC Documentum Information Rights Management Server Bugs Let 168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service May 14, 2012 - 7:00am Addthis PROBLEM: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service PLATFORM: Information Rights Management Server 4.x, 5.x ABSTRACT: Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions. Reference links: SecurityTracker Alert ID: 1027058 CVE-2012-2276 CVE-2012-2277 IMPACT ASSESSMENT: High Discussion: A remote authenticated user can send specially crafted data to trigger a NULL pointer dereference and cause the target service to crash. A remote

253

U-030: Apache Tomcat Lets Untrusted Web Applications Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

30: Apache Tomcat Lets Untrusted Web Applications Gain Elevated 30: Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges U-030: Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges November 9, 2011 - 8:30am Addthis PROBLEM: Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges. PLATFORM: Apache Tomcat 7.0.0-7.0.21. ABSTRACT: An untrusted web application can access Manager application functions. reference LINKS: Apache Tomcat 7.x vulnerabilities SecurityTracker Alert ID: 1026295 CVE-2011-3376 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A local user (application) can obtain elevated privileges on the target system. A local web application (that is not trusted) can access Manager application functions without being marked as privileged. This can be exploited to obtain

254

U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

63: RSA SecurID Software Token for Windows DLL Loading Error 63: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code December 16, 2011 - 8:00am Addthis PROBLEM: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code. PLATFORM: RSA SecurID Software Token 4.1 for Microsoft Windows ABSTRACT: A remote user can cause the target application to execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026426 ESA-2011-039 Secunia Advisory: SA45665 Securityfocus Advisory CVE-2011-4141 RSA Online Fraud Resource Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in RSA SecurID Software Token. A remote user

255

U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: JBoss Operations Network LDAP Authentication Bug Lets Remote 0: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication March 21, 2012 - 7:00am Addthis PROBLEM: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication PLATFORM: JBoss Operations Network 2.x ABSTRACT: A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases. reference LINKS: SecurityTracker Alert ID: 1026826 Secunia Advisory SA48471 CVE-2012-1100 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based

256

T-591: VMware vmrun Utility Lets Local Users Gain Elevated Privileges |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: VMware vmrun Utility Lets Local Users Gain Elevated 1: VMware vmrun Utility Lets Local Users Gain Elevated Privileges T-591: VMware vmrun Utility Lets Local Users Gain Elevated Privileges March 30, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware. A local user can obtain elevated privileges on the target system. PLATFORM: VMware Workstation 6.5.5 and 7.1.3 and prior; VIX API for Linux 1.10.2 and prior ABSTRACT: The VMware vmrun utility is susceptible to a local privilege escalation in non-standard configurations. reference LINKS: VM Advisory ID:VMSA-2011-0006 Secunia Advisory: SA43885 SecurityTracker Alert ID: 1025270 CVE-2011-1126 VM Post IMPACT ASSESSMENT: Medium Discussion: A security issue has been reported in VMware Workstation, which can be exploited by malicious, local users to gain potentially escalated

257

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

258

T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

650: Microsoft Word Unspecified Flaw Lets Remote Users Execute 650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code June 20, 2011 - 3:35pm Addthis PROBLEM: A vulnerability was reported in Microsoft Word. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Office XP; possibly other versions ABSTRACT: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code. reference LINKS: Secunia Advisory: SA44923 SecurityTracker Alert ID: 1025675 Bugtraq ID: 48261 TSL ID: TSL20110614-02 PRL: 2011-07 IMPACT ASSESSMENT: High Discussion: A code execution vulnerability has been reported in Microsoft Office Word. The vulnerability is due to memory corruption when parsing a specially crafted Word file.

259

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability.

260

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

T-669: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Linux Kernel GFS2 Allocation Error Lets Local Users Deny 69: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service T-669: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service July 15, 2011 - 2:14am Addthis PROBLEM: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. PLATFORM: 2.6.39 and prior versions ABSTRACT: Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service. references LINKS: SecurityTracker Alert ID: 1025776 Linux Kernel Updates CVE-2011-2689 IMPACT ASSESSMENT: Medium Discussion: A local user can invoke the gfs2_fallocate() function in 'fs/gfs2/file.c' in certain cases to allocate a non-blksize aligned amount, resulting in an error in subsequent code that requires blksize aligned offsets. Impact: A local user can cause denial of service conditions on the target system.

262

T-720: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Blue Coat Director HTTP Trace Processing Flaw Permits 0: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks T-720: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks September 19, 2011 - 8:45am Addthis PROBLEM Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks. PLATFORM: All versions of Director prior to 5.5.2.3 are vulnerable. ABSTRACT: A vulnerability was reported in Blue Coat Director. A remote user can conduct cross-site scripting attacks. reference LINKS: Blue Coat Advisories ID: SA62 SecurityTracker Alert ID: 1026061 Blue Coat Director 510 Blue Coat SGME 5 IMPACT ASSESSMENT: Medium Discussion: An attacker can use the HTTP TRACE method to echo malicious script back to the client as part of a Cross Site Scripting (XSS) attack. No

263

V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

10: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 10: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB13-09 SecurityTracker Alert ID: 1028277 CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

264

V-124: Splunk Web Input Validation Flaw Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Splunk Web Input Validation Flaw Permits Cross-Site 4: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-124: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks April 2, 2013 - 1:13am Addthis PROBLEM: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 4.3.0 through 4.3.5 ABSTRACT: A vulnerability was reported in Splunk Web. REFERENCE LINKS: SecurityTracker Alert ID: 1028371 Splunk IMPACT ASSESSMENT: High DISCUSSION: Splunk Web does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Splunk Web software and will run in the security context of that site. As a result, the code will be able to access the

265

T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Windows Remote Desktop Client DLL Loading Error Lets Remote 3: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code March 9, 2011 - 3:05pm Addthis PROBLEM: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution. PLATFORM: Remote Desktop Connection Client Version(s): 5.2, 6.0, 6.1, 7.0 ABSTRACT: A vulnerability was reported in Windows Remote Desktop Client. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Microsoft Security Bulletin MS11-017 SecurityTracker Alert ID:1025172 CVE-2011-0029 IMPACT ASSESSMENT: Moderate Discussion: A remote user can create a specially crafted DLL file on a remote share (e.g., WebDAV, SMB share). When the target user opens a valid Remote

266

U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain 9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication May 1, 2012 - 7:00am Addthis PROBLEM: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6) ABSTRACT: A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration. reference LINKS: SecurityTracker Alert ID: 1026990 CVE-2011-3620 Red Hat advisory IMPACT ASSESSMENT: High Discussion: Qpid may accept arbitrary passwords and SASL mechanims. A remote user on the local private interconnect network with knowledge of a valid cluster

267

V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP Performance Insight Bugs with Sybase Database Let Remote 6: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System November 5, 2012 - 6:00am Addthis PROBLEM: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System PLATFORM: HP Performance Insight v5.31, v5.40 and v5.41 running on HP-UX, Solaris, Linux, and Windows and using Sybase as the database ABSTRACT: Two vulnerabilities were reported in HP Performance Insight. REFERENCE LINKS: HP Support Document ID: c03555488 SecurityTracker Alert ID: 1027719 CVE-2012-3269 CVE-2012-3270 IMPACT ASSESSMENT: High DISCUSSION:

268

V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Red Hat Network Satellite Server Inter-Satellite Sync Remote 3: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass May 24, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Red Hat Network Satellite Server PLATFORM: Red Hat Network Satellite (v. 5.3 for RHEL 5) Red Hat Network Satellite (v. 5.4 for RHEL 5) Red Hat Network Satellite (v. 5.4 for RHEL 6) Red Hat Network Satellite (v. 5.5 for RHEL 5) Red Hat Network Satellite (v. 5.5 for RHEL 6) ABSTRACT: The system does not properly validate all Inter-Satellite Sync operations REFERENCE LINKS: SecurityTracker Alert ID: 1028587 RHSA-2013:0848-1 CVE-2013-2056 IMPACT ASSESSMENT: Medium DISCUSSION: It was discovered that Red Hat Network Satellite did not fully check the

269

V-068: Citrix CloudPlatform Logs Potentially Sensitive Information in the  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Citrix CloudPlatform Logs Potentially Sensitive Information 8: Citrix CloudPlatform Logs Potentially Sensitive Information in the Log File V-068: Citrix CloudPlatform Logs Potentially Sensitive Information in the Log File January 14, 2013 - 12:15am Addthis PROBLEM: Citrix CloudPlatform Logs Potentially Sensitive Information in the Log File PLATFORM: Citrix CloudStack and CloudPlatform up to and including 3.0.5. ABSTRACT: A vulnerability was reported in Citrix CloudPlatform. REFERENCE LINKS: Document ID: CTX136163 SecurityTracker Alert ID: 1027978 CVE-2012-5616 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability has been identified in Citrix CloudPlatform, formerly known as Citrix CloudStack, that could result in security-sensitive information being logged during the normal operation of the CloudPlatform server. IMPACT:

270

V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users  

NLE Websites -- All DOE Office Websites (Extended Search)

5: Cisco Mobility Services Engine Configuration Error Lets 5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously September 5, 2013 - 12:33am Addthis PROBLEM: A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously. PLATFORM: Cisco Mobility Services Engine ABSTRACT: A vulnerability in Cisco Mobility Services Engine could allow an unauthenticated, remote attacker to connect to a database replication port anonymously via Secure Sockets Layer (SSL). REFERENCE LINKS: SecurityTracker Alert ID: 1028972 CVE-2013-3469 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is due to the misconfiguration of the Oracle SSL service. An attacker could exploit this vulnerability by connecting to an

271

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe InDesign Server SOAP Interface Lets Remote Users 7: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands November 19, 2012 - 2:30am Addthis PROBLEM: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands PLATFORM: CS5.5 7.5.0.142; possibly other versions ABSTRACT: Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability REFERENCE LINKS: Secunia Advisory SA48572 SecurityTracker Alert ID: 1027783 Adobe IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system. A remote user can send a specially crafted "RunScript" SOAP message to

272

V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw 8: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code December 31, 2012 - 6:58am Addthis PROBLEM: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 6, 7, 8 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027930 Secunia Advisory SA51695 CVE-2012-4792 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary

273

V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Flaws Let Remote Users Execute 5: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code November 28, 2012 - 1:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 23.0.1271.91 ABSTRACT: Several vulnerabilities were reported in Google Chrome. REFERENCE LINKS: Release updates from the Chrome team SecurityTracker Alert ID: 1027815 Secunia Advisory SA51437 CVE-2012-5130 CVE-2012-5131 CVE-2012-5132 CVE-2012-5133 CVE-2012-5134 CVE-2012-5135 CVE-2012-5136 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted content that, when loaded by the

274

V-117: Symantec Enterprise Vault for File System Archiving Unquoted Search  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Symantec Enterprise Vault for File System Archiving Unquoted 7: Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges V-117: Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges March 22, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Symantec Enterprise Vault PLATFORM: Versions prior to Enterprise Vault 9.0.4 and 10.0.1 are vulnerable. ABSTRACT: Symantec Enterprise Vault (EV) for File System Archiving has an unquoted search path in the File Collector and File PlaceHolder services REFERENCE LINKS: SecurityTracker Alert ID: 1028330 Symantec Security Advisories SYM13-003 SecurityFocus ID: 58617 CVE-2013-1609 IMPACT ASSESSMENT: Medium DISCUSSION: This could potentially allow an authorized but non-privileged local user to

275

V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Splunk Web Input Validation Flaw Permits Cross-Site 8: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks May 31, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Splunk Web PLATFORM: Version(s) prior to 5.0.3 ABSTRACT: A reflected cross-site scripting vulnerability was identified in Splunk Web REFERENCE LINKS: SecurityTracker Alert ID: 1028605 Splunk Security Advisory SPL-59895 CVE-2012-6447 IMPACT ASSESSMENT: Medium DISCUSSION: The web interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will

276

T-643: HP OpenView Storage Data Protector Unspecified Code Execution  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

643: HP OpenView Storage Data Protector Unspecified Code 643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability June 9, 2011 - 3:45pm Addthis PROBLEM: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability PLATFORM: Versions 6.0, 6.10, and 6.11 running on HP-UX, Solaris, Linux and Windows. ABSTRACT: A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Secunia Advisory SA44884 CVE-2011-1864 SecurityTracker Alert ID: 1025620 HP Document ID: c02712867 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system.

277

V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: IBM Tivoli Federated Identity Manager Signature Verification 3: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes January 21, 2013 - 12:15am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes PLATFORM: Tivoli Federated Identity Manager versions 6.2.0, 6.2.1, 6.2.2 ABSTRACT: A vulnerability was reported in IBM Tivoli Federated Identity Manager. REFERENCE LINKS: IBM Security Bulletin: 1615744 SecurityTracker Alert ID: 1028011 CVE-2012-6359 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not check that all attributes have been signed. A remote user with the ability to conduct a man-in-the-middle attack can modify

278

U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

57: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 57: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe ColdFusion is prone to a remote denial-of-service vulnerability. reference LINKS: Adobe Security bulletins and advisories Adobe Vulnerability identifier: APSB12-21 SecurityTracker Alert ID: 1027516 Bugtraq ID: 55499 CVE-2012-2048 IMPACT ASSESSMENT: Medium Discussion: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which

279

V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: EMC NetWorker Module for Microsoft Applications Lets Remote 2: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords October 15, 2012 - 6:00am Addthis PROBLEM: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords PLATFORM: EMC NetWorker Module for Microsoft Applications 2.2.1, 2.3 prior to build 122, 2.4 prior to build 375 ABSTRACT: EMC NetWorker Module for Microsoft Applications Two Vulnerabilities REFERENCE LINKS: EMC Identifier: ESA-2012-025 Secunia Advisory SA50957 SecurityTracker Alert ID: 1027647 CVE-2012-2284 CVE-2012-2290 IMPACT ASSESSMENT: Medium DISCUSSION:

280

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager i Input Validation Hole Permits 4: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support 1: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information October 26, 2012 - 6:00am Addthis PROBLEM: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information PLATFORM: Software version: 6.2.3, 6.2.3.1 ABSTRACT: A vulnerability was reported in IBM Tivoli Monitoring. REFERENCE LINKS: IBM Support Document: 1614003 IBM Support Portal SecurityTracker Alert ID: 1027692 IMPACT ASSESSMENT: High DISCUSSION: A remote user may be able to conduct HTTP TRACE and HTTP TRACK attacks to access sensitive information from the HTTP headers.

282

V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP Service Manager Bugs Permit Cross-Site Scripting and 6: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks May 1, 2013 - 12:43am Addthis PROBLEM: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks PLATFORM: Service Manager v9.31 Web Tier ABSTRACT: Two vulnerabilities were reported in HP Service Manager REFERENCE LINKS: HP Document ID: c03748875 SecurityTracker Alert ID: 1028496 CVE-2012-5222 CVE-2013-2321 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can obtain potentially sensitive information [CVE-2012-5222]. Service Manager Web Tier does not properly filter HTML code from user-supplied input before displaying the input [CVE-2013-2321]. A remote

283

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

284

T-623: HP Business Availability Center Input Validation Hole Permits  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Business Availability Center Input Validation Hole 3: HP Business Availability Center Input Validation Hole Permits Cross-Site Scripting Attacks T-623: HP Business Availability Center Input Validation Hole Permits Cross-Site Scripting Attacks May 16, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in HP Business Availability Center. A remote user can conduct cross-site scripting attacks. PLATFORM: HP Business Availability Center software 8.06 and prior versions ABSTRACT: The software does not properly filter HTML code from user-supplied input before displaying the input. reference LINKS: SecurityTracker Alert ID:1025535 HP Knowledge Base CVE-2011-1856 Secunia ID: SA44569 HP Document ID:c02823184 | ESB-2011.0525 IMPACT ASSESSMENT: High Discussion: A remote user can cause arbitrary scripting code to be executed by the

285

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

286

U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

79: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute 79: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code January 11, 2012 - 8:00am Addthis PROBLEM: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat/Reader Version(s): 9.x prior to 9.5, 10.x prior to 10.1.2 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026496 Adobe Security Bulletin APSB12-01 CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373. IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Adobe Acrobat/Reader. A remote

287

T-703: Cisco Unified Communications Manager Open Query Interface Lets  

NLE Websites -- All DOE Office Websites (Extended Search)

703: Cisco Unified Communications Manager Open Query Interface 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5 ABSTRACT: A remote user can obtain database contents, including authentication credentials. reference LINKS: SecurityTracker Alert ID: 1025971 Cisco Document ID: 113190 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents. A remote user can access an open

288

U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update  

NLE Websites -- All DOE Office Websites (Extended Search)

8: HP LaserJet Printers Unspecified Flaw Lets Remote Users 8: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code November 30, 2011 - 8:15am Addthis PROBLEM: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code . PLATFORM: HP LaserJet Printers manufactured prior to 2009 ABSTRACT A remote user can upgrade the printer's firmware with arbitrary code. reference LINKS: SecurityTracker Alert ID:1026357 HP Security for Imaging and Printing HP Clarifies on Printer Security IMPACT ASSESSMENT: Low Discussion: A vulnerability was reported in some HP LaserJet Printers. A remote user can update the firmware with arbitrary code. A remote user can send a specially crafted print job or specially crafted data to the

289

U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

21: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, 21: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information March 9, 2012 - 7:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Apple iOS Version(s): prior to 5.1 ABSTRACT: Multiple vulnerabilities were reported in Apple iOS. reference LINKS: SecurityTracker Alert ID: 1026774 Apple Security Updates About the security content of iOS 5.1 Software Update CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644,

290

U-092: Sudo Format String Bug Lets Local Users Gain Elevated Privileges |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Sudo Format String Bug Lets Local Users Gain Elevated 2: Sudo Format String Bug Lets Local Users Gain Elevated Privileges U-092: Sudo Format String Bug Lets Local Users Gain Elevated Privileges January 31, 2012 - 5:45am Addthis PROBLEM: A vulnerability was reported in Sudo. A local user can obtain elevated privileges on the target system. PLATFORM: Linux (Any) Version(s): 1.8.0 - 1.8.3p1 ABSTRACT: A local user can supply a specially crafted command line argument to trigger a format string flaw and execute arbitrary commands on the target system with root privileges. reference LINKS: CVE-2012-0809 SecurityTracker Alert ID: 1026600 Vendor Site IMPACT ASSESSMENT: Medium Discussion: The vulnerability resides in the sudo_debug() function in 'src/sudo.c'. This can be exploited by local users, regardless of whether they are listed

291

V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: VLC Media Player Buffer Overflow in HTML Subtitle Parser 0: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code January 2, 2013 - 1:00am Addthis PROBLEM: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code PLATFORM: VLC Media Player 2.0.4, possibly earlier versions ABSTRACT: Some vulnerabilities have been reported in VLC Media Player REFERENCE LINKS: SecurityTracker Alert ID: 1027929 Secunia Advisory SA51692 IMPACT ASSESSMENT: Medium DISCUSSION: Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors when parsing HTML subtitles in

292

U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users 131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code March 22, 2012 - 3:47am Addthis PROBLEM: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Photoshop CS5 12.x ABSTRACT: Successful exploitation may allow execution of arbitrary code reference LINKS: SecurityTracker Alert ID: 1026831 Secunia Advisory: SA48457 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted TIFF file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target

293

V-220: Juniper Security Threat Response Manager Lets Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Juniper Security Threat Response Manager Lets Remote 0: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands August 17, 2013 - 4:01am Addthis PROBLEM: A remote authenticated user can execute arbitrary commands on the target system. PLATFORM: 2010.0, 2012.0, 2012.1, 2013.1 ABSTRACT: A vulnerability was reported in Juniper Security Threat Response Manager (STRM) REFERENCE LINKS: SecurityTracker Alert ID: 1028921 CVE-2013-2970 IMPACT ASSESSMENT: High DISCUSSION: A remote authenticated user can inject commands to execute arbitrary operating system commands with the privileges of the target web service. This can be exploited to gain shell access on the target device.

294

U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Cisco Small Business SRP500 Series Bug Lets Remote Users 6: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands November 3, 2011 - 8:15am Addthis PROBLEM: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands. PLATFORM: The following models are affected when running firmware prior to version 1.1.24: Cisco SRP521W Cisco SRP526W Cisco SRP527W The following models are affected when running firmware prior to version 1.2.1: Cisco SRP541W Cisco SRP546W Cisco SRP547W ABSTRACT: A remote user can create a URL that, when loaded by the target authenticated administrative user, will execute arbitrary commands on the target system. reference LINKS: Advisory ID: cisco-sa-20111102-srp500 SecurityTracker Alert ID: 1026266

295

V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec PGP Desktop Buffer Overflows Let Local Users Gain 3: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges February 18, 2013 - 12:53am Addthis PROBLEM: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges PLATFORM: Symantec PGP Desktop 10.2.x,10.1.x,10.0.x Symantec Encryption Desktop 10.3.0 ABSTRACT: Two vulnerabilities were reported in Symantec PGP Desktop. REFERENCE LINKS: Symantec Security Advisory SYM13-001 Bugtraq ID: 57170 SecurityTracker Alert ID: 1028145 CVE-2012-4351 CVE-2012-4352 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can trigger an integer overflow in 'pgpwded.sys' to execute arbitrary code on the target system [CVE-2012-4351]. On Windows XP and Windows Sever 2003, a local user can trigger a buffer

296

T-713: Blue Coat Reporter Directory Traversal Flaw | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Blue Coat Reporter Directory Traversal Flaw 3: Blue Coat Reporter Directory Traversal Flaw T-713: Blue Coat Reporter Directory Traversal Flaw September 9, 2011 - 10:47am Addthis PROBLEM: A vulnerability was reported in Blue Coat Reporter. A remote user can view files on the target system and gain full control of the target application. PLATFORM: All pre-9.3 versions of Reporter installed on a Windows server are vulnerable. ABSTRACT: Blue Coat Reporter Directory Traversal Flaw Lets Remote Users Gain Full Control. reference LINKS: Blue Coat Security Advisory ID: SA60 SecurityTracker Alert ID: 1026023 About Path Traversal IMPACT ASSESSMENT: High Discussion: Reporter installed on a Windows server is vulnerable to an HTTP directory traversal attack. An unauthenticated user can browse the file system and read any file. Data from these files can be used by an attacker to gain

297

U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: WebCalendar Access Control and File Inclusion Bugs Let 5: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code April 25, 2012 - 7:00am Addthis PROBLEM: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code PLATFORM: 1.2.4 and prior versions ABSTRACT: Two vulnerabilities were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system. reference links: SecurityTracker Alert ID: 1026966 CVE-2012-1495 CVE-2012-1496 IMPACT ASSESSMENT: Medium Discussion: A remote user can access '/install/index.php' to potentially modify '/includes/settings/' with arbitrary values or PHP code. A remote

298

U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

91: cURL Lets Remote Users Decrypt SSL/TLS Traffic 91: cURL Lets Remote Users Decrypt SSL/TLS Traffic U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic January 30, 2012 - 6:45am Addthis PROBLEM: A vulnerability was reported in cURL. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) : Version(s): 7.10.6 through 7.23.1 ABSTRACT: A remote user can decrypt SSL/TLS sessions in certain cases. reference LINKS: CVE-2011-3389 SecurityTracker Alert ID: 1026587 Vendor Advisory IMPACT ASSESSMENT: Moderate Discussion: A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions. The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows

299

T-603: Mac OS X Includes Some Invalid Comodo Certificates | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

03: Mac OS X Includes Some Invalid Comodo Certificates 03: Mac OS X Includes Some Invalid Comodo Certificates T-603: Mac OS X Includes Some Invalid Comodo Certificates April 15, 2011 - 1:46am Addthis PROBLEM: Mac OS X Includes Some Invalid Comodo Certificates PLATFORM: For Mac OS X Server v10.5.8, Mac OS X v10.5.8, Mac OS X v10.6.7 and Mac OS X Server v10.6.7 ABSTRACT: The operating system includes some invalid certificates. The vulnerability is due to the invalid certificates and not the operating system itself. Other browsers, applications, and operating systems are affected. reference LINKS: SecurityTracker Alert ID: 1025362 APPLE-SA-2011-04-14-4 Security Update 2011-002 Apple Support Downloads IMPACT ASSESSMENT: High Discussion: A partner of Comodo with Registration Authority capabilities suffered an internal security breach and the attacker caused seven certificates to be

300

V-128: Xen Event Channel Tracking Pointer Bug Local Privilege Escalation |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Xen Event Channel Tracking Pointer Bug Local Privilege 8: Xen Event Channel Tracking Pointer Bug Local Privilege Escalation V-128: Xen Event Channel Tracking Pointer Bug Local Privilege Escalation April 8, 2013 - 12:28am Addthis PLATFORM: Version(s): 3.2 and later ABSTRACT: A vulnerability was reported in Xen. REFERENCE LINKS: SecurityTracker Alert ID: 1028388 CVE-2013-1920 IMPACT ASSESSMENT: Medium DISCUSSION: A local user with kernel level privileges on the guest operating system can exploit a memory pointer error when the hypervisor is under memory pressure and Xen Security Module (XSM) is enabled to execute arbitrary code on the target host system IMPACT: A local user on the guest operating system can obtain elevated privileges on the target host system. SOLUTION: The vendor has issued a fix (xsa47-4.1.patch, xsa47-4.2-unstable.patch).

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

U-252: Barracuda Web Filter Input Validation Flaws Permit Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Barracuda Web Filter Input Validation Flaws Permit 2: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks U-252: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks September 6, 2012 - 6:00am Addthis PROBLEM: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks PLATFORM: Barracuda Web Filter 5.0.015 is vulnerable; other versions may also be affected. ABSTRACT: Barracuda Web Filter Authentication Module Multiple HTML Injection Vulnerabilities reference LINKS: Barracuda Networks Barracuda Networks Security ID: BNSEC-279/BNYF-5533 SecurityTracker Alert ID: 1027500 Bugtraq ID: 55394 seclists.org IMPACT ASSESSMENT: Medium Discussion: Two scripts not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to

302

V-037: Wireshark Multiple Bugs Let Remote Users Deny Service | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Bugs Let Remote Users Deny Service 7: Wireshark Multiple Bugs Let Remote Users Deny Service V-037: Wireshark Multiple Bugs Let Remote Users Deny Service November 30, 2012 - 3:30am Addthis PROBLEM: Wireshark Multiple Bugs Let Remote Users Deny Service PLATFORM: Version(s): prior to 1.6.12, 1.8.4 ABSTRACT: Several vulnerabilities were reported in Wireshark. REFERENCE LINKS: Wireshark Security Advisories Secunia Advisory SA51422 Seclists SecurityTracker Alert ID: 1027822 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 IMPACT ASSESSMENT: Medium DISCUSSION: Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions. A user can obtain potentially sensitive information.

303

T-651: Blue Coat ProxySG Discloses Potentially Sensitive Information in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Blue Coat ProxySG Discloses Potentially Sensitive 51: Blue Coat ProxySG Discloses Potentially Sensitive Information in Core Files T-651: Blue Coat ProxySG Discloses Potentially Sensitive Information in Core Files June 21, 2011 - 3:28pm Addthis PROBLEM: Core files produced by ProxySG include unencrypted sensitive data such as keys and end user authentication data. PLATFORM: Version(s): 6.1, 6.2 ABSTRACT: A vulnerability was reported in Blue Coat ProxySG. A local user can obtain potentially sensitive information. reference LINKS: SecurityTracker Alert ID: 1025679 Security Advisories ID: SA56 ProxySG SA56 TSL ID: TSL20110614-02 IM PACT ASSESSMENT: High Discussion: In version 6.1 and 6.2, the software includes information from the secure heap when writing core files. A user with access to the core file can obtain potentially sensitive information, including keys and HTTP

304

U-263: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Trend Micro InterScan Messaging Security Flaws Permit 3: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks U-263: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks September 19, 2012 - 6:00am Addthis PROBLEM: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks PLATFORM: 7.1-Build_Win32_1394; possibly other versions ABSTRACT: A vulnerability was reported in Trend Micro InterScan Messaging Security. reference LINKS: US CERT Vulnerability Note VU#471364 SecurityTracker Alert ID: 1027544 CVE-2012-2995 CVE-2012-2996 Micro Trend IMPACT ASSESSMENT: Medium Discussion: Several scripts do not properly filter HTML code from user-supplied input

305

U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: PHP Command Parameter Bug Lets Remote Users Obtain 3: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code May 7, 2012 - 7:00am Addthis PROBLEM: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code PLATFORM: Prior to 5.3.12 and 5.4.2 ABSTRACT: A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1027022 CVE-2012-1823 CVE-2012-2311 IMPACT ASSESSMENT: High Discussion: A remote user can submit a specially crafted request containing a command

306

V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 1: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks June 5, 2013 - 1:05am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks PLATFORM: Apple Safari prior to 6.0.5 ABSTRACT: Several vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple Article: HT5785 SecurityTracker Alert ID: 1028627 CVE-2013-0926 CVE-2013-1009 CVE-2013-1012 CVE-2013-1013 CVE-2013-1023 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary

307

V-139: Cisco Network Admission Control Input Validation Flaw Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Cisco Network Admission Control Input Validation Flaw Lets 9: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands V-139: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands April 21, 2013 - 11:50pm Addthis PROBLEM: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands PLATFORM: Cisco NAC Manager versions prior to 4.8.3.1 and 4.9.2 ABSTRACT: A vulnerability was reported in Cisco Network Admission Control. REFERENCE LINKS: SecurityTracker Alert ID: 1028451 Cisco Advisory ID: cisco-sa-20130417-nac CVE-2013-1177 IMPACT ASSESSMENT: High DISCUSSION: The Cisco Network Admission Control (NAC) Manager does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

308

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: HP IBRIX X9000 Storage Discloses Information to Remote Users 5: HP IBRIX X9000 Storage Discloses Information to Remote Users U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users October 5, 2012 - 6:00am Addthis PROBLEM: HP IBRIX X9000 Storage Discloses Information to Remote Users PLATFORM: Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251 ABSTRACT: A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information. reference LINKS: HP Security Bulletin: c03510876 SecurityTracker Alert ID: 1027590 CVE-2012-3266 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the

309

V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets 4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges April 15, 2013 - 1:30am Addthis PROBLEM: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges PLATFORM: Cisco AnyConnect Secure Mobility Client Cisco Secure Desktop ABSTRACT: Some vulnerabilities were reported in Cisco AnyConnect Secure Mobility Client. REFERENCE LINKS: Cisco Security Notice CVE-2013-1172 Cisco Security Notice CVE-2013-1173 SecurityTracker Alert ID: 1028425 CVE-2013-1172 CVE-2013-1173 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can trigger a heap overflow in the Cisco Host Scan component to execute arbitrary code on the target system with System privileges

310

U-144:Juniper Secure Access Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4:Juniper Secure Access Input Validation Flaw Permits 4:Juniper Secure Access Input Validation Flaw Permits Cross-Site Scripting Attacks U-144:Juniper Secure Access Input Validation Flaw Permits Cross-Site Scripting Attacks April 10, 2012 - 7:30am Addthis PROBLEM: A vulnerability was reported in Juniper Secure Access/Instant Virtual Extranet (IVE). A remote user can conduct cross-site scripting attacks. PLATFORM: Version(s): prior to 7.0R9 and 7.1R ABSTRACT: The VPN management interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. reference LINKS: Vendor URL SecurityTracker Alert ID: 1026893 IMPACT ASSESSMENT: High Discussion: The code will originate from the interface and will run in the security

311

U-076: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

76: OpenSSL Bugs Let Remote Users Deny Service, Obtain 76: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code U-076: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code January 6, 2012 - 8:15am Addthis PROBLEM: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code PLATFORM: OpenSSL prior to 0.9.8s; 1.x prior to 1.0.0f ABSTRACT: A remote user may be able to execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1026485 OpenSSL Security Advisory IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can obtain sensitive information. A remote user may be able to execute arbitrary code on the

312

V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco ASA Multiple Bugs Let Remote Users Deny Service 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected versions of Cisco ASA Software will vary depending on the specific vulnerability. ABSTRACT: Several vulnerabilities were reported in Cisco ASA. REFERENCE LINKS: Cisco Security Advisory Secunia Advisory SA52989 SecurityTracker Alert ID: 1028415 CVE-2013-1149 CVE-2013-1150 CVE-2013-1151 CVE-2013-1152

313

T-606: Sun Java System Access Manager Lets Remote Users Partially Modify  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

06: Sun Java System Access Manager Lets Remote Users Partially 06: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data April 20, 2011 - 3:58am Addthis PROBLEM: Two vulnerabilities were reported in Sun Java System Access Manager. A remote authenticated user can partially access data on the target system. A remote user can partially modify data on the target system. PLATFORM: Sun Java versions 7.1, 8.0 ABSTRACT: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data. reference LINKS: SecurityTracker Alert ID: 1025408 CVE-2011-0844 CVE-2011-0847 Oracle Critical Patch Update Advisory

314

V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site 0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information April 23, 2013 - 12:26am Addthis PROBLEM: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information PLATFORM: Apache ActiveMQ versions prior to 5.8.0 ABSTRACT: Several vulnerabilities were reported in Apache ActiveMQ. REFERENCE LINKS: Apache ActiveMQ SecurityTracker Alert ID: 1028457 CVE-2012-6092 CVE-2012-6551 CVE-2013-3060 IMPACT ASSESSMENT: High DISCUSSION: Several web demos do not properly filter HTML code from user-supplied input

315

T-701: Citrix Access Gateway Enterprise Edition Input Validation Flaw in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Citrix Access Gateway Enterprise Edition Input Validation 1: Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks T-701: Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks August 25, 2011 - 3:33pm Addthis PROBLEM: A vulnerability was reported in Citrix Access Gateway Enterprise Edition. A remote user can conduct cross-site scripting attacks. PLATFORM: Citrix Access Gateway Enterprise Edition 9.2-49.8 and prior. Citrix Access Gateway Enterprise Edition version 9.3 is not affected by this vulnerability. ABSTRACT: Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks. reference LINKS: SecurityTracker Alert ID: 1025973 Citrix Document ID: CTX129971

316

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Apache Traffic Server Host Header Processing Flaw Lets 4: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service March 27, 2012 - 7:00am Addthis PROBLEM: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service PLATFORM: Versions prior to 3.0.4 and 3.1.3 ABSTRACT: A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID: 1026847 CVE-2012-0256 Secunia Advisory SA48509 IMPACT ASSESSMENT: High Discussion: A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash. Impact: A remote user can cause the target service to crash.

317

T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

48: Avaya IP Office Manager TFTP Server Lets Remote Users 48: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory June 16, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Avaya IP Office Manager. A remote user can view files on the target system. PLATFORM: Versions 5.0.x - 6.1.x ABSTRACT: The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software. reference LINKS: ASA-2011-156 SecurityTracker Alert ID: 1025664 Secunia Advisory: SA43884 Avaya Support IMPACT ASSESSMENT: Medium Discussion: Avaya IP Office Manager is an application for viewing and editing an IP Office system's configuration. It can be used to securely connect to and

318

T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

70: Skype Input Validation Flaw in 'mobile phone' Profile Entry 70: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks T-670: Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks July 18, 2011 - 7:09am Addthis PROBLEM: A vulnerability was reported in Skype. A remote user can conduct cross-site scripting attacks. PLATFORM: 5.3.0.120 and prior versions ABSTRACT: The software does not properly filter HTML code from user-supplied input in the The "mobile phone" profile entry before displaying the input. reference LINKS: SecurityTracker Alert ID: 1025789 Skype Security Advisory KoreSecure News H Security ID: 1279864 IMPACT ASSESSMENT: High Discussion: Skype suffers from a persistent Cross-Site Scripting vulnerability due to a lack of input validation and output sanitization of the "mobile phone"

319

V-036: EMC Smarts Network Configuration Manager Database Authentication  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: EMC Smarts Network Configuration Manager Database 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: EMC Identifier: ESA-2012-057 Secunia Advisory SA51408 SecurityTracker Alert ID: 1027812 CVE-2012-4614 CVE-2012-4615 IMPACT ASSESSMENT: Medium DISCUSSION: The systems uses a hard-coded key to encrypt authentication credentials on the target system [CVE-2012-4615]. A local user with knowledge of the key

320

U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe ColdFusion is prone to a remote denial-of-service vulnerability. reference LINKS: Adobe Security bulletins and advisories Adobe Vulnerability identifier: APSB12-21 SecurityTracker Alert ID: 1027516 Bugtraq ID: 55499 CVE-2012-2048 IMPACT ASSESSMENT: Medium Discussion: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Adobe Shockwave Player Memory Corruption Flaws Let Remote 6: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code May 10, 2012 - 7:00am Addthis PROBLEM: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code PLATFORM: 11.6.4.634 and prior ABSTRACT: Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1027037 CVE-2012-2029 CVE-2012-2030 CVE-2012-2031 CVE-2012-2032 CVE-2012-2033 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Shockwave content that, when loaded by the target user, will trigger a memory corruption error and

322

V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: EMC AlphaStor Command Injection and Format String Flaws Let 5: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code January 23, 2013 - 12:26am Addthis PROBLEM: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code PLATFORM: EMC AlphaStor 4.0 prior to build 800 (All platforms) ABSTRACT: Two vulnerabilities were reported in EMC AlphaStor. REFERENCE LINKS: ESA-2013-008: SecurityTracker Alert ID: 1028020 Secunia Advisory SA51930 CVE-2013-0928 CVE-2013-0929 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send a specially crafted DCP run command to inject commands and cause the Device Manager (rrobotd.exe) to execute arbitrary code on the target system [CVE-2013-0928].

323

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

324

U-027: RSA Key Manager Appliance Session Logout Bug Fails to Terminate  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: RSA Key Manager Appliance Session Logout Bug Fails to 7: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions U-027: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions November 4, 2011 - 8:00am Addthis PROBLEM: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions. PLATFORM: RSA Key Manager Appliance 2.7 Service Pack 1 ABSTRACT: A remote authenticated user session may not terminate properly. reference LINKS: SecurityTracker Alert ID: 1026276 SecurityFocus Bug Traq Seclists: ESA-2011-035 CVE-2011-2740 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in RSA Key Manager Appliance. A remote authenticated user session may not terminate properly. When using Firefox 4 and 5, an authenticated user session is not terminated properly when logging out.

325

V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute 5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code January 9, 2013 - 12:10am Addthis PROBLEM: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.5.502.135 and earlier versions for Windows Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh Adobe Flash Player 11.2.202.258 and earlier versions for Linux Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. ABSTRACT: Security updates available for Adobe Flash Player REFERENCE LINKS: Adobe Security Bulletin APSB13-01 SecurityTracker Alert ID: 1027950

326

V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code December 13, 2012 - 3:30am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 11.5.502.110 and prior for Windows/Mac; 11.2.202.251 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-27 SecurityTracker Alert ID: 1027854 Secunia Advisory SA51560 RHSA-2012:1569-1 CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 IMPACT ASSESSMENT: High DISCUSSION: A buffer overflow can trigger code execution [CVE-2012-5676]. An integer overflow can trigger code execution [CVE-2012-5677]. A memory corruption flaw can trigger code execution [CVE-2012-5678].

327

V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Cisco Wireless Lan Controller Cross-Site Request Forgery 8: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability December 17, 2012 - 1:00am Addthis PROBLEM: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability PLATFORM: Cisco Wireless LAN Controller (WLC) ABSTRACT: A vulnerability was reported in Cisco Wireless LAN Controller. REFERENCE LINKS: SecurityTracker Alert ID: 1027886 Secunia Advisory SA51546 CVE-2012-5991 CVE-2012-5992 CVE-2012-6007 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Cisco Wireless LAN Controller. A remote user can conduct cross-site request forgery attacks. A remote user can create specially crafted HTML that, when loaded by a target user, will cause arbitrary scripting code to be executed by the

328

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

329

T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: BIND RPZ Processing Flaw Lets Remote Users Deny Service 7: BIND RPZ Processing Flaw Lets Remote Users Deny Service T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service May 6, 2011 - 7:00am Addthis PROBLEM: A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: ISC BIND version 9.8.0. ABSTRACT: When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash. REFERENCE LINKS: ISC Advisory: CVE-2011-1907 Secunia Advisory: SA44416 Vulnerability Report: ISC BIND CVE-2011-1907 SecurityTracker Alert ID: 1025503 IMPACT ASSESSMENT: High Discussion: This advisory only affects BIND users who are using the RPZ feature configured for RRset replacement. BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for modifying DNS responses returned by a

330

V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote  

NLE Websites -- All DOE Office Websites (Extended Search)

71: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets 71: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service January 17, 2013 - 12:00am Addthis PROBLEM: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service PLATFORM: The vulnerability is reported in versions 8.7.1 and 8.7.1.1. ABSTRACT: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall REFERENCE LINKS: Cisco Advisory ID: cisco-sa-20130116-asa1000v SecurityTracker Alert ID: 1028005 Secunia Advisory SA51897 CVE-2012-5419 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability has been reported in Cisco ASA 1000V Cloud Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service).

331

T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code September 1, 2011 - 12:00pm Addthis PROBLEM: gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. PLATFORM: Pidgin before 2.10.0 on Windows ABSTRACT: Pidgin bugs let remote users deny service and potentially execute arbitrary code. reference LINKS: CVE-2011-3185 CVE-2011-2943 CVE-2011-3184 SecurityTracker Alert ID: 1025961 Pidgin Security Advisories IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Pidgin. A remote user can cause denial of service conditions. A remote user can cause arbitrary code to be

332

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

333

T-675: Apple Laptop Battery Interface Lets Local Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3:15pm 3:15pm Addthis PROBLEM: A vulnerability was reported in the battery interface used in Apple laptop models. A local user can cause denial of service conditions. PLATFORM: Mac OS X ABSTRACT: Apple Laptop Battery Interface Lets Local Users Deny Service reference LINKS: SecurityTracker Alert ID: 1025831 Apple Article: HT1222 Forbes Article IMPACT ASSESSMENT: Medium Discussion: The battery microcontroller interfaces uses common API keys. A local user with knowledge of the keys can control the microcontroller functions. This can be exploited to prevent the battery from being charged, interfere with battery heat regulation, or cause the battery to stop functioning. Impact: A local user can prevent the battery from charging, interfere with the battery heat regulation, or cause the battery to become unusable. Modern

334

U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:HP Onboard Administrator Unspecified Flaw Lets Remote Users 0:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access October 13, 2011 - 8:15am Addthis PROBLEM: HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access PLATFORM: Onboard Administrator (OA) 3.21 through 3.31 ABSTRACT: A remote user can gain access to the target system reference LINKS: HP Support document ID: c03048779 SecurityTracker Alert ID: 1026158 CVE-2011-3155 IMPACT ASSESSMENT: Medium Discussion: A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely to gain unauthorized access. Impact: A remote user can gain access to the target system. Solution: Onboard Administrator (OA) v3.32 is available.

335

V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Oracle Java Reflection API Flaw Lets Remote Users Execute 2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am Addthis PROBLEM: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 7 Update 21; possibly other versions (1.7.0_21-b11) Java Server JRE is also affected. ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: SecurityTracker Alert ID: 1028466 Oracle IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create a specially crafted Java application that, when loaded and approved by the target user, will trigger a flaw in the Reflection API to bypass the security sandbox. IMPACT: A remote user can create a Java file that, when loaded by the target user,

336

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

337

U-059: Blackberry PlayBook File Sharing Option Lets Local Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Blackberry PlayBook File Sharing Option Lets Local Users 9: Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges U-059: Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges December 13, 2011 - 6:00am Addthis PROBLEM: Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges. PLATFORM: BlackBerry PlayBook tablet software version 1.0.8.4985 and earlier ABSTRACT: A local user can obtain root privileges on the target tablet system. reference LINKS: SecurityTracker Alert ID:1026386 Vulnerability Summary for CVE-2011-0291 BlackBerry Technical Solution Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Blackberry PlayBook. A local user can obtain elevated privileges on the target system. On a tablet with File Sharing enabled and connected via USB to a system running BlackBerry

338

V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Linux Kernel Extended Verification Module Bug Lets Local 8: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service February 25, 2013 - 12:12am Addthis PROBLEM: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service PLATFORM: The Linux Kernel prior to 3.7.5 ABSTRACT: A vulnerability was reported in the Linux Kernel. REFERENCE LINKS: The Linux Kernel Archives Linux Kernel Red Hat Bugzilla - Bug 913266 SecurityTracker Alert ID: 1028196 CVE-2013-0313 IMPACT ASSESSMENT: Medium DISCUSSION: A local user can exploit a null pointer dereference in the evm_update_evmxattr() function in 'security/integrity/evm/evm_crypto.c' to cause the target system to crash. IMPACT: A local user can cause denial of service conditions.

339

U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA®  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: RSA® Authentication Agent 7.1 for Microsoft Windows® and 7: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability September 25, 2012 - 6:00am Addthis PROBLEM: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability PLATFORM: Product: RSA Authentication Agent for Microsoft Windows version 7.1 Platforms: Windows XP and Windows 2003 Product: RSA Authentication Client 3.5 Platforms: Windows XP and Windows 2003 ABSTRACT: RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662

340

U-095: HP Data Protector Media Operations Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: HP Data Protector Media Operations Lets Remote Users Execute 5: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code U-095: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code February 3, 2012 - 1:33am Addthis PROBLEM: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code PLATFORM: Windows (2003, XP, 2008), HP Data Protector Media Operations version 6.11 and earlier ABSTRACT: Remote execution of arbitrary code reference LINKS: SecurityTracker Alert ID: 1026626 HP Support Center Document ID: c03179046 CVE-2011-4791 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP Data Protector Media Operations. A remote user can execute arbitrary code on the target system. Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. Impact:

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

342

U-047: Siemens Automation License Manager Bugs Let Remote Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Siemens Automation License Manager Bugs Let Remote Users 7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code November 29, 2011 - 9:00am Addthis PROBLEM: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code. PLATFORM: Siemens Automation License Manager 500.0.122.1 ABSTRACT: Several vulnerabilities were reported in Siemens Automation License Manager. reference LINKS: SecurityTracker Alert ID: 1026354 Bugtraq Siemens Advisory Services IMPACT ASSESSMENT: Medium Discussion: A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can send specially crafted *_licensekey commands to trigger a

343

V-198: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Red Hat Enterprise MRG Messaging Qpid Python Certificate 8: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks V-198: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks July 12, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Red Hat Enterprise MRG Messaging. PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6) ABSTRACT: A remote user can conduct a man-in-the-middle attack to access potentially sensitive information REFERENCE LINKS: SecurityTracker Alert ID: 1028774 Redhat Advisory RHSA-2013:1024-1 CVE-2013-1909 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not properly validate the remote server's TLS/SSL certificates. A remote user can conduct a man-in-the-middle attack to

344

U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apple Remote Desktop Encryption Failure Lets Remote Users 0: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information August 21, 2012 - 7:00am Addthis PROBLEM: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information PLATFORM: Apple Remote Desktop after 3.5.1 and prior to 3.6.1 ABSTRACT: A remote user can monitor potentially sensitive information. reference LINKS: Apple.com Apple Article: HT5433 SecurityTracker Alert ID: 1027420 CVE-2012-0681 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apple Remote Desktop. When a user connects to a third-party VNC server with the 'Encrypt all network data' setting enabled, network data is not encrypted. A remote user monitoring the

345

U-051: Skype Discloses IP Addresses to Remote Users | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Skype Discloses IP Addresses to Remote Users 51: Skype Discloses IP Addresses to Remote Users U-051: Skype Discloses IP Addresses to Remote Users December 5, 2011 - 7:00am Addthis PROBLEM: A remote user can determine the IP address of a Skype user. PLATFORM: Skype application ABSTRACT: Skype Discloses IP Addresses to Remote Users reference LINKS: SecurityTracker Alert ID: 1026370 Forbes: Skype Flaw IMPACT ASSESSMENT: High Discussion: A remote user can initiate a Skype call to a target user to determine the target user's IP address and then terminate the call before the target user's Skype application has indicated an incoming call. The remote user does not need to be on the target user's contact list. Armed with an IP address, hackers can uncover specific information about victims, including who they chat with, what they download while online, and

346

V-053: Adobe Shockwave player installs Xtras without prompting | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Adobe Shockwave player installs Xtras without prompting 3: Adobe Shockwave player installs Xtras without prompting V-053: Adobe Shockwave player installs Xtras without prompting December 24, 2012 - 12:15am Addthis PROBLEM: Adobe Shockwave player installs Xtras without prompting PLATFORM: Adobe Shockwave Player ABSTRACT: A vulnerability was reported in Adobe Shockwave. REFERENCE LINKS: Vulnerability Note VU#519137 SecurityTracker Alert ID: 1027903 Bugtraq ID: 56972 CVE-2012-6271 IMPACT ASSESSMENT: Medium DISCUSSION: Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra. IMPACT: By convincing a user to view a specially crafted Shockwave content, an attacker may be able to execute arbitrary code with the privileges of the

347

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

34: Apache Traffic Server Host Header Processing Flaw Lets 34: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service March 27, 2012 - 7:00am Addthis PROBLEM: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service PLATFORM: Versions prior to 3.0.4 and 3.1.3 ABSTRACT: A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID: 1026847 CVE-2012-0256 Secunia Advisory SA48509 IMPACT ASSESSMENT: High Discussion: A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash. Impact: A remote user can cause the target service to crash.

348

V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache VCL Input Validation Flaw Lets Remote Authenticated 0: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges May 7, 2013 - 12:01am Addthis PROBLEM: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges PLATFORM: Apache VCL Versions: 2.1, 2.2, 2.2.1, 2.3, 2.3.1 ABSTRACT: A vulnerability was reported in Apache VCL. REFERENCE LINKS: Apache Securelist SecurityTracker Alert ID: 1028515 CVE-2013-0267 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated administrative user with minimal administrative privileges (i.e., nodeAdmin, manageGroup, resourceGrant, or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges.

349

U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

33: Google Chrome Multiple Flaws Let Remote Users Execute 33: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 26, 2012 - 3:35am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 17.0.963.83 ABSTRACT: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026841 CVE-2011-3049 Secunia Advisory SA48512 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A use-after-free may occur

350

U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: WordPress Flaws Permit Cross-Site Scripting, Cross-Site 6: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks July 6, 2012 - 7:00am Addthis PROBLEM: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks PLATFORM: Version(s): prior to 3.4.1 ABSTRACT: Several vulnerabilities were reported in WordPress. A remote authenticated user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information. reference LINKS: The Vendor's Advisory WordPress 3.4.1 Maintenance and Security Release SecurityTracker Alert ID: 1027219

351

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

352

U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Symantec Web Gateway Input Validation Flaws Lets Remote 19: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords July 24, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords PLATFORM: Symantec Web Gateway 5.0.x.x ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. REFERENCE LINKS: Security Advisories Relating to Symantec Products SecurityTracker Alert ID: 1027289 Bugtraq ID: 54424 Bugtraq ID: 54425 Bugtraq ID: 54426 Bugtraq ID: 54427 Bugtraq ID: 54429 Bugtraq ID: 54430

353

U-075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

075: Apache Struts Bug Lets Remote Users Overwrite Files and 075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code U-075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code January 5, 2012 - 8:15am Addthis PROBLEM: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code PLATFORM: Version(s): 2.1.0 - 2.3.1 ABSTRACT: A remote user can execute arbitrary Java code on the target system. reference LINKS: SecurityTracker Alert ID: 1026484 Secunia Advisory SA47393 Bugtraq ID: 51257 Apache Struts 2 Documentation S2-008 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache Struts. A remote user can execute arbitrary Java code on the target system. A remote user can overwrite arbitrary files on the target system. A remote user can send specially

354

T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Red Hat Enterprise Virtualization Hypervisor VLAN Packet 8: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service July 28, 2011 - 3:47pm Addthis PROBLEM: A vulnerability was reported in Red Hat Enterprise Virtualization Hypervisor. A remote user can cause denial of service conditions. PLATFORM: Red Hat Enterprise Virtualization-hypervisor package. ABSTRACT: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service. reference LINKS: RHSA-2011:1090-1 SecurityTracker Alert ID: 1025853 CVE-2011-1576 RHBA-2011:1068-1,Hypervisor is based on KVM - Bug Fix Advisory IMPACT ASSESSMENT: Medium Discussion: A flaw was found that allowed napi_reuse_skb() to be called on VLAN

355

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

356

U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: HP Network Node Manager i Input Validation Flaw Permits 9: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks August 7, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: HP Network Node Manager I (NNMi) v8.x, v9.0x, v9.1x, v9.20 for HP-UX, Linux, Solaris, and Windows ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Reference LINKS: HP Document ID: c03405705 SecurityTracker Alert ID: 1027345 Bugtraq ID: 54815 CVE-2012-2022 IMPACT ASSESSMENT:

357

V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary 6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2012 - 6:00am Addthis PROBLEM: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: CA ARCserve Backup for Windows r12.5, r15, r16 ABSTRACT: Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. REFERENCE LINKS: SecurityTracker Alert ID: 1027683 CA Technologies Support CVE-2012-2971 CVE-2012-2972 IMPACT ASSESSMENT: High DISCUSSION: A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the

358

V-030: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

30: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 30: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service V-030: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service November 21, 2012 - 3:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10 Update 1 and above for Windows ABSTRACT: Adobe ColdFusion Denial of Service Vulnerability REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-25 SecurityTracker Alert ID: 1027787 Secunia Advisory SA51335 CVE-2012-5674 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in Adobe ColdFusion. A remote user can cause denial of service conditions. A remote user can send specially crafted data to cause unspecified denial of service conditions on the target ColdFusion service on Windows Internet

359

U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Google Chrome Multiple Flaws Let Remote Users Execute 3: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code April 9, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 18.0.1025.151 ABSTRACT: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026892 CVE-2011-3066 Secunia Advisory SA48732 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. An out-of-bounds memory

360

T-683:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

83:Google Chrome Multiple Flaws Let Remote Users Execute 83:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-683:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code August 3, 2011 - 3:45pm Addthis PROBLEM: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Google Chrome prior to 13.0.782.107 ABSTRACT: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: Google Chrome advisory Update Chromium Security SecurityTracker Alert ID: 1025882 CVE-2011-2819 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

362

V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users 5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service August 23, 2013 - 1:26am Addthis PROBLEM: A vulnerability was reported in McAfee Email Gateway. A remote user can cause denial of service conditions. PLATFORM: McAfee Email Gateway (MEG) 7.5 ABSTRACT: A remote user can cause the SMTP proxy to stop responding. REFERENCE LINKS: SecurityTracker Alert ID: 1028941 GENERIC-MAP-NOMATCH IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in McAfee Email Gateway. A remote user can cause denial of service conditions.A remote user can send a specially crafted e-mail to cause the ws_inv-smtp process to enter an infinite loop and cause the target SMTP proxy to stop responding.

363

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

364

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

365

U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: libvirt virTypedParameterArrayClear() Memory Access Error 3: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service August 24, 2012 - 7:00am Addthis PROBLEM: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service PLATFORM: Version(s): 0.9.13 and prior ABSTRACT: A vulnerability was reported in libvirt. reference LINKS: libvirt SecurityTracker Alert ID: 1027437 Secunia Advisory SA50118 Bugtraq ID: 54748 CVE-2012-3445 IMPACT ASSESSMENT: Medium Discussion A remote user can send a specially crafted RPC call with the number of parameters set to zero to libvirtd to trigger a memory access error in virTypedParameterArrayClear() and cause the target service to crash. Impact:

366

U-045: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service  

NLE Websites -- All DOE Office Websites (Extended Search)

5: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny 5: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service U-045: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service November 25, 2011 - 9:00am Addthis PROBLEM: A vulnerability was reported in the Windows Kernel. A local user can cause denial of service conditions. PLATFORM: Windows Win32k.sys ABSTRACT: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny reference LINKS: SecurityTracker Alert ID: 1026347 Secunia ID: SA46919 IMPACT ASSESSMENT: Low Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an indexing error in the win32k.sys driver when loading a keyboard layout file. This can be exploited to access

367

U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Novell GroupWise Internet Agent "Content-Length" Integer 1: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability September 17, 2012 - 6:00am Addthis PROBLEM: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability PLATFORM: The vulnerability is confirmed in version 8.0.2 HP3 and reported in version 2012. Other versions may also be affected. ABSTRACT: A vulnerability was reported in Novell GroupWise Internet Agent reference LINKS: Novell SecurityTracker Alert ID: 1027536 Secunia Advisory SA50622 CVE-2012-0271 IMPACT ASSESSMENT: Medium Discussion: A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via

368

V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: RSA Authentication Manager Writes Operating System, SNMP, 4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files June 10, 2013 - 12:47am Addthis PROBLEM: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files PLATFORM: RSA Authentication Manager 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: RSA SecurityTracker Alert ID: 1028638 CVE-2013-0947 IMPACT ASSESSMENT: Medium DISCUSSION: The system may write operating system, SNMP, and HTTP plug-in proxy passwords in clear text to log and configuration files. IMPACT: A local user can obtain operating system, SNMP, and HTTP plug-in proxy

369

V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 6.0.3 ABSTRACT: Two vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple security update, Article: HT1222 SecurityTracker Alert ID: 1028292 CVE-2013-0960 CVE-2013-0961 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. IMPACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

370

V-193: Barracuda SSL VPN Input Validation Hole Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

93: Barracuda SSL VPN Input Validation Hole Permits Cross-Site 93: Barracuda SSL VPN Input Validation Hole Permits Cross-Site Scripting Attacks V-193: Barracuda SSL VPN Input Validation Hole Permits Cross-Site Scripting Attacks July 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Barracuda SSL VPN PLATFORM: Version(s) prior to 2.3.3.216 ABSTRACT: Several scripts do not properly filter HTML code from user-supplied input before displaying the input via several parameters REFERENCE LINKS: SecurityTracker Alert ID: 1028736 Barracuda SSL VPN Release Notes Zero Science Lab IMPACT ASSESSMENT: Medium DISCUSSION: The code will originate from the Barracuda SSL VPN interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if

371

U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code 136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code March 29, 2012 - 7:00am Addthis PROBLEM: Adobe Flash Player Lets Remote Users Execute Arbitrary Code PLATFORM: 11.1.102.63 and prior versions ABSTRACT: Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. rEFERENCE LINKS: SecurityTracker Alert ID: 1026859 CVE-2012-0772 Security update available for Adobe Flash Player IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A memory corruption

372

T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: HP Diagnostics Input Validation Hole Permits Cross-Site 0: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks March 29, 2011 - 3:05pm Addthis PROBLEM: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks in ActiveSync Lets Remote Users Execute Arbitrary Code. PLATFORM: HP Diagnostics software: version(s) 7.5, 8.0 prior to 8.05.54.225 ABSTRACT: A potential security vulnerability has been identified in HP Diagnostics. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). reference LINKS: HP Document ID: c02770512 SecurityTracker Alert ID: 1025255 CVE-2011-0892 Security Focus Document ID: c02770512 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP Diagnostics. A remote user can conduct

373

U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Cisco Unified Communications Manager Directory Traversal 1: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files October 27, 2011 - 7:45am Addthis PROBLEM: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files. PLATFORM: Cisco Unified Communications Manager 6.x, 7.x and 8.x ABSTRACT: A vulnerability was reported in Cisco Unified Communications Manager. reference LINKS: Cisco Advisory ID: cisco-sa-20111026-cucm Cisco Security Advisories and Response SecurityTracker Alert ID: 1026243 CVE-2011-3315 IMPACT ASSESSMENT: Medium Discussion: A remote user can view files on the target system. The software does not properly validate user-supplied input. A remote user can supply a specially

374

T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Apple QuickTime Buffer Overflows Let Remote Users Execute 4: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code August 4, 2011 - 3:33pm Addthis PROBLEM: Multiple vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Apple Quick Time prior to 7.7 ABSTRACT: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code. reference LINKS: Apple security updates SecurityTracker Alert ID: 1025884 Mac OS X: Updating your software Support Downloads QuickTime 7.7 IMPACT ASSESSMENT: High Discussion: A specially crafted PICT file can trigger a buffer overflow [CVE-2011-0245]. Mac OS X version 10.7 is not affected. A specially crafted GIF image can trigger a heap overflow [CVE-2011-0246].

375

U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, 2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information July 27, 2012 - 7:00am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Version(s):Apple Safari prior to 6.0 ABSTRACT: Multiple vulnerabilities were reported in Apple Safari. reference LINKS: The Vendor's Advisory Bugtraq ID: 54683 SecurityTracker Alert ID: 1027307 IMPACT ASSESSMENT:

376

V-192: Symantec Security Information Manager Input Validation Flaws Permit  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

92: Symantec Security Information Manager Input Validation Flaws 92: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks V-192: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks July 4, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in Symantec Security Information Manager PLATFORM: Symantec Security Information Manager Appliance Version 4.7.x and 4.8.0 ABSTRACT: Symantec was notified of multiple security issues impacting the SSIM management console REFERENCE LINKS: SecurityTracker Alert ID: 1028727 Symantec Security Advisory SYM13-006 CVE-2013-1613 CVE-2013-1614 CVE-2013-1615 IMPACT ASSESSMENT: Medium DISCUSSION: The console does not properly filter HTML code from user-supplied input

377

V-231: Cisco Identity Services Engine Discloses Authentication Credentials  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Cisco Identity Services Engine Discloses Authentication 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services Engine REFERENCE LINKS: SecurityTracker Alert ID: 1028965 CVE-2013-3471 IMPACT ASSESSMENT: Meduim DISCUSSION: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials.The system stores the username and password of an authenticated user within hidden HTML form fields. A

378

U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

53: Linux kexec Bugs Let Local and Remote Users Obtain 53: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information December 7, 2011 - 7:30am Addthis PROBLEM: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) ABSTRACT: Several vulnerabilities were reported in Linux kexec. A remote or local user can obtain potentially sensitive information. reference LINKS: Red Hat Security Advisory: RHSA-2011:1532-3 SecurityTracker Alert ID: 1026375 IMPACT ASSESSMENT: Medium Discussion: Kdump uses the SSH "StrictHostKeyChecking=no" option when dumping to SSH

379

U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary 208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code July 10, 2012 - 7:00am Addthis PROBLEM: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows prior to v11.03.12. ABSTRACT: Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027225 CVE-2012-2019 CVE-2012-2020 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities have been identified with HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code.

380

V-194: Citrix XenServer Memory Management Error Lets Local Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Citrix XenServer Memory Management Error Lets Local 4: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host V-194: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host July 8, 2013 - 12:24am Addthis PROBLEM: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host PLATFORM: Citrix XenServer 5.0 - 6.2 ABSTRACT: A vulnerability was reported in Citrix XenServer. REFERENCE LINKS: CTX138134 SecurityTracker Alert ID: 1028740 CVE-2013-1432 IMPACT ASSESSMENT: Medium DISCUSSION: A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. IMPACT: A local user on the guest operating system can obtain access on the target

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Adobe Flash Player Buffer Overflows and Memory Corruption 8: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code November 7, 2012 - 6:00am Addthis PROBLEM: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.4.402.287 and prior for Windows and OS X; 11.2.202.243 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-24 SecurityTracker Alert ID: 1027730 CVE-2012-5274 CVE-2012-5275 CVE-2012-5276 CVE-2012-5277 CVE-2012-5278 CVE-2012-5279 CVE-2012-5280 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Adobe Flash Player. A remote user

382

T-649: Red Hat Network Satellite Server Request Validation Flaw Permits  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Red Hat Network Satellite Server Request Validation Flaw 9: Red Hat Network Satellite Server Request Validation Flaw Permits Cross-Site Request Forgery Attacks T-649: Red Hat Network Satellite Server Request Validation Flaw Permits Cross-Site Request Forgery Attacks June 17, 2011 - 3:43pm Addthis PROBLEM: A vulnerability was reported in Red Hat Network Satellite Server. A remote user can conduct cross-site request forgery attacks. PLATFORM: Versions 5.4.x ABSTRACT: The Red Hat Network (RHN) Satellite and Spacewalk services do not properly validate user-supplied. A remote user can create specially crafted HTML that, when loaded by a target authenticated user, will take actions on the target site acting as the target user. reference LINKS: SecurityTracker Alert ID: 1025674 RHSA-2011:0879-1 RHN Support CVE-2009-4139 IMPACT ASSESSMENT:

383

V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting 6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions November 16, 2012 - 6:00am Addthis PROBLEM: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions. PLATFORM: RSA Data Protection Manager Appliance versions 2.7.x and 3.x ABSTRACT: Two vulnerabilities were reported in RSA Data Protection Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1027781 EMC Identifier: ESA-2012-055 RSA Worldwide Customer Support CVE-2012-4612 CVE-2012-4613 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities were reported in RSA Data Protection Manager. A remote

384

T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: IBM Rational System Architect ActiveBar ActiveX Control Lets 5: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code May 4, 2011 - 7:15am Addthis PROBLEM: A vulnerability was reported in IBM Rational System Architect. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: IBM Rational System 11.4 and prior versions ABSTRACT: There is a high risk security vulnerability with the ActiveBar ActiveX controls used by IBM Rational System Architect. reference LINKS: IBM Advisory: 21497689 SecurityTracker Alert ID: 1025464 CVE-2011-1207 Secunia Advisory: SA43399 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted HTML that, when loaded by the

385

V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: VLC Media Player Buffer Overflow in HTML Subtitle Parser 0: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code January 2, 2013 - 1:00am Addthis PROBLEM: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code PLATFORM: VLC Media Player 2.0.4, possibly earlier versions ABSTRACT: Some vulnerabilities have been reported in VLC Media Player REFERENCE LINKS: SecurityTracker Alert ID: 1027929 Secunia Advisory SA51692 IMPACT ASSESSMENT: Medium DISCUSSION: Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors when parsing HTML subtitles in

386

U-050: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Adobe Flex SDK Input Validation Flaw Permits Cross-Site 0: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting Attacks U-050: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting Attacks December 2, 2011 - 5:24am Addthis PROBLEM: Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting Attacks. PLATFORM: Adobe Flex SDK 4.5.1 and earlier 4.x versions for Windows, Macintosh and Linux Adobe Flex SDK 3.6 and earlier 3.x versions for Windows, Macintosh and Linux ABSTRACT: Flex applications created using the Flex SDK may not properly filter HTML code from user-supplied input before displaying the input. reference LINKS: Adobe Security Bulletin CVE-2011-2461 SecurityTracker Alert ID: 1026361 IMPACT ASSESSMENT: High Discussion: A remote user may be able to cause arbitrary scripting code to be executed

387

U-017: HP MFP Digital Sending Software Lets Local Users Obtain Potentially  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: HP MFP Digital Sending Software Lets Local Users Obtain 7: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information U-017: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information October 24, 2011 - 12:30pm Addthis PROBLEM: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information . PLATFORM: HP MFP Digital Sending Software v4.91.21 and all previous 4.9x versions ABSTRACT: A vulnerability was reported in HP MFP Digital Sending Software. A local user can obtain potentially sensitive information. reference LINKS: HP Advisory ID: c03052686 SecurityTracker Alert ID: 1026228 CVE-2011-3163 IMPACT ASSESSMENT: Medium Discussion: A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could result in

388

T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

21: Citrix XenServer Lets Local Administrative Users on the 21: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service T-621: Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service May 12, 2011 - 3:00pm Addthis PROBLEM: A vulnerability was reported in Citrix XenServer. A local administrative user on the guest operating system can cause denial of service conditions. PLATFORM: Citrix XenServer 5.6 Feature Pack 1 and prior ABSTRACT: A local administrative user on a guest operating system can interrupt the normal operation of the target hypervisor. reference LINKS: Document ID: CTX129208 SecurityTracker Alert ID: 1025524 Document ID: CTX129103 Document ID: CTX129102 Document ID: CTX128844 Document ID: CTX129101 Document ID: CTX129100 Citrix Support IMPACT ASSESSMENT Medium Discussion:

389

T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-538: HP OpenView Storage Data Protector Bug Lets Remote Users T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code January 20, 2011 - 6:39am Addthis PROBLEM: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code. PLATFORM: HP OpenView Storage Data Protector v6.11 ABSTRACT: A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Bulletin SecurityTracker Alert ID: 1024983 CVE-2011-0273 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code.

390

U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS 39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20, 2012 - 7:00am Addthis PROBLEM: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses PLATFORM: Version(s): 6 beta 4 and prior versions ABSTRACT: A remote user can spoof SMS source addresses. Reference LINKS: SecurityTracker Alert ID: 1027410 Apple.com PCMag.com The original advisory IMPACT ASSESSMENT: Medum Discussion: A vulnerability was reported in Apple iPhone. A remote user can send an SMS message with a specially crafted User Data Header (UDH) value that specifies an alternate reply address. The recipient's iPhone will display the reply address as the source of the SMS.

391

V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: RSA Authentication Agent Lets Remote Users Bypass 3: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements March 4, 2013 - 12:27am Addthis PROBLEM: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements PLATFORM: RSA Authentication Agent 7.1, 7.1.1 for Microsoft Windows ABSTRACT: A vulnerability was reported in RSA Authentication Agent. REFERENCE LINKS: RSA SecurCare SecurityTracker Alert ID: 1028230 CVE-2013-0931 IMPACT ASSESSMENT: Medium DISCUSSION: On systems configured for Quick PIN Unlock, the system will request a PIN instead of a full Passcode when the session is activated from an active screensaver after the Quick PIN Unlock timeout has expired. RSA Authentication Agent on Windows Vista, Windows 7, Windows 2008, and

392

V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Flaws Let Remote Users Execute 5: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code November 28, 2012 - 1:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 23.0.1271.91 ABSTRACT: Several vulnerabilities were reported in Google Chrome. REFERENCE LINKS: Release updates from the Chrome team SecurityTracker Alert ID: 1027815 Secunia Advisory SA51437 CVE-2012-5130 CVE-2012-5131 CVE-2012-5132 CVE-2012-5133 CVE-2012-5134 CVE-2012-5135 CVE-2012-5136 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted content that, when loaded by the

393

U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Out-of-Bounds Write Error Lets Remote Users 1: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code November 18, 2011 - 9:00am Addthis PROBLEM: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Version(s) prior to 15.0.874.121 ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Stable Channel Update CVE-2011-3900 SecurityTracker Alert ID: 1026338 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user,

394

U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny 6: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service February 6, 2012 - 7:00am Addthis PROBLEM: Vulnerability in AIX TCP stack PLATFORM: Version(s): 5.3, 6.1, 7.1 ABSTRACT: A remote user can send a series of specially crafted TCP packets to trigger a kernel panic on the target system. reference LINKS: SecurityTracker Alert ID: 1026640 IBM Security Advisory CVE-2012-0194 IMPACT ASSESSMENT: Medium Discussion: AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially-crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic.

395

V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Flash Plug-in Lets Remote Users Conduct 4: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks June 24, 2013 - 12:56am Addthis PROBLEM: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks PLATFORM: Google Chrome prior to 27.0.1453.116 ABSTRACT: A vulnerability was reported in Google Chrome. REFERENCE LINKS: Stable Channel Update SecurityTracker Alert ID: 1028694 CVE-2013-2866 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted Flash content that, when loaded by the target user, will display the Flash settings in a transparent manner, which may allow the remote user to cause the target user to modify their Flash settings. This may allow the remote user to obtain potentially

396

V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Barracuda SSL VPN Bug Lets Remote Users Bypass 7: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication January 25, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Barracuda SSL VPN. PLATFORM: The vulnerability has been verified to exist in Barracuda SSL VPN version 2.2.2.203 ABSTRACT: A remote user can gain administrative access to the target system. REFERENCE LINKS: SecurityTracker Alert ID: 1028039 Barracuda Networks Advisory IMPACT ASSESSMENT: High DISCUSSION: A remote user can set a specially crafted Java system property (via 'setSysProp.jsp') to bypass access restrictions and gain access to the API functionality. This can be exploited to download configuration files, download database dumps, shutdown the system, and set new administrative

397

V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct 5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks May 14, 2013 - 12:08am Addthis PROBLEM: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks PLATFORM: Tomcat 6.0.21 to 6.0.36, 7.0.0 to 7.0.32 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat SecurityTracker Alert ID: 1028534 CVE-2013-2067 IMPACT ASSESSMENT: High DISCUSSION: A remote user can repeatedly send a specially crafted request for a resource requiring authentication while the target user is completing the login form to cause the FORM authentication process to execute the remote user's request with the privileges of the target user.

398

U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Cisco Firewall Services Module Bugs Let Remote Users Execute 9: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service October 11, 2012 - 6:00am Addthis PROBLEM: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: Version(s): prior to 4.1(9) ABSTRACT: Several vulnerabilities were reported in Cisco Firewall Services Module. reference LINKS: Cisco Advisory ID: cisco-sa-20121010-fwsm SecurityTracker Alert ID: 1027640 CVE-2012-4661 CVE-2012-4662 CVE-2012-4663 IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted DCERPC data through the target device to trigger a stack overflow in the DCERPC inspection engine and execute arbitrary code on the target device or cause the target device to

399

U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Android DNS Resolver Randomization Flaw Lets Remote 0: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache July 25, 2012 - 7:00am Addthis PROBLEM: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache PLATFORM: Version(s): 4.0.4 and prior versions ABSTRACT: A remote user can poison the DNS cache. reference LINKS: IBM Application Security Research Group SecurityTracker Alert ID: 1027291 Bugtraq ID: 523624 CVE-2012-2808 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Google Android. The res_randomid() function, which bases a return value on the process ID and the current time, is called twice in quick succession. As a result, the effective

400

U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: HP-UX System Administration Manager Lets Local Users Gain 0: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges November 17, 2011 - 8:00am Addthis PROBLEM: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31; running Enterprise Mobility Suite (EMS) prior to A.04.20.11.04_01 ABSTRACT: A local user can obtain elevated privileges on the target system. reference LINKS: HP Support Center Document ID: c03089106 CVE-2011-4159 SecurityTracker Alert ID: 1026331 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP-UX System Administration Manager. A local user can obtain elevated privileges on the target system. A local user can gain full control of the target system.

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

V-194: Citrix XenServer Memory Management Error Lets Local Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Citrix XenServer Memory Management Error Lets Local 4: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host V-194: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host July 8, 2013 - 12:24am Addthis PROBLEM: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host PLATFORM: Citrix XenServer 5.0 - 6.2 ABSTRACT: A vulnerability was reported in Citrix XenServer. REFERENCE LINKS: CTX138134 SecurityTracker Alert ID: 1028740 CVE-2013-1432 IMPACT ASSESSMENT: Medium DISCUSSION: A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. IMPACT: A local user on the guest operating system can obtain access on the target

402

V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Microsoft Internet Explorer Object Access Bug Lets Remote 9: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code May 6, 2013 - 12:07am Addthis PROBLEM: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code PLATFORM: Internet Explorer 8 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. REFERENCE LINKS: SecurityTracker Alert ID: 1028514 Microsoft Security Advisory (2847140) CVE-2013-1347 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will access and object that has been deleted or not properly allocated and execute arbitrary code on the target system. The code will run with the privileges of the target user.

403

U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Cisco IOS Intrusion Prevention System DNS Processing Bug 9: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service September 27, 2012 - 4:07am Addthis PROBLEM: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service PLATFORM: Devices configured with Cisco IOS IPS are affected ABSTRACT: A vulnerability was reported in Cisco IOS. reference LINKS: SecurityTracker Alert ID: 1027580 Cisco Security Advisory CVE-2012-3950 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can send specially crafted (but legitimate) DNS packets through the target device to cause the device to

404

V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 6.0.3 ABSTRACT: Two vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple security update, Article: HT1222 SecurityTracker Alert ID: 1028292 CVE-2013-0960 CVE-2013-0961 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. IMPACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

405

V-160: Wireshark Multiple Bugs Let Remote Users Deny Service | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

60: Wireshark Multiple Bugs Let Remote Users Deny Service 60: Wireshark Multiple Bugs Let Remote Users Deny Service V-160: Wireshark Multiple Bugs Let Remote Users Deny Service May 21, 2013 - 12:09am Addthis PROBLEM: Wireshark Multiple Bugs Let Remote Users Deny Service PLATFORM: Versions 1.8.0 to 1.8.6 ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark Docid: wnpa-sec-2013-23 Secunia Advisory SA53425 SecurityTracker Alert ID: 1028582 CVE-2013-2486 CVE-2013-2487 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the RELOAD dissector (dissectors/packet-reload.c) can be exploited to trigger infinite loops and consume CPU resources via specially

406

U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, 4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information October 4, 2012 - 6:00am Addthis PROBLEM: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information PLATFORM: HP Network Node Manager I (NNMi) v9.20 for HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. reference LINKS: HP Security Bulletin: c03507708 SecurityTracker Alert ID: 1027605 Security Focus: 524302 CVE-2012-3267 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Network Node

407

T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' 8: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks T-698: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks August 22, 2011 - 3:54pm Addthis PROBLEM: A vulnerability was reported in Adobe ColdFusion. A remote user can conduct cross-site scripting attacks. PLATFORM: Adobe ColdFusion 9.x ABSTRACT: Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks. reference LINKS: Adobe Vulnerability Report Adobe Security Bulletin ColdFusion Support SecurityTracker Alert ID: 1025957 IMPACT ASSESSMENT: Medium Discussion: The 'probe.cfm' script does not properly filter HTML code from user-supplied input in the 'name' parameter before displaying the input. A remote user can create a specially crafted URL that, when loaded by a

408

U-077: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Google Chrome Multiple Flaws Let Remote Users Execute 7: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-077: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code January 9, 2012 - 9:15am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 16.0.912.75 ABSTRACT: A remote user may be able to execute arbitrary code on the target system. reference LINKS: Google Chrome Releases Chromium Security SecurityTracker Alert ID:1026487 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Specially crafted animation frames can trigger a use-after-free memory

409

V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Firefly Media Server Null Pointer Dereference Lets Remote 5: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service December 26, 2012 - 9:00am Addthis PROBLEM: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service PLATFORM: Version(s): 1.0.0.1359 and prior ABSTRACT: A vulnerability was reported in Firefly Media Server REFERENCE LINKS: SecurityTracker Alert ID: 1027917 HTB Advisory ID: HTB23129 CVE-2012-5875 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to trigger a null pointer dereference and cause the target service to crash. IMPACT: A remote user can cause denial of service conditions. SOLUTION: No solution was available at the time of this entry. Addthis

410

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

411

V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

68: Splunk Web Input Validation Flaw Permits Cross-Site 68: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks V-168: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks May 31, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Splunk Web PLATFORM: Version(s) prior to 5.0.3 ABSTRACT: A reflected cross-site scripting vulnerability was identified in Splunk Web REFERENCE LINKS: SecurityTracker Alert ID: 1028605 Splunk Security Advisory SPL-59895 CVE-2012-6447 IMPACT ASSESSMENT: Medium DISCUSSION: The web interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will

412

U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc 0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands September 28, 2012 - 6:00am Addthis PROBLEM: Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands PLATFORM: Control Manager - 3.0, 3.5, 5.0, 5.5, 6.0 ABSTRACT: Trend Micro has been notified of a potential product vulnerability in Control Manager. reference LINKS: Trend Micro Technical Support ID 1061043 SecurityTracker Alert ID: 1027584 Secunia Advisory SA50760 CVE-2012-2998 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in Trend Micro Control Manager, which can

413

T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Microsoft SharePoint Multiple Flaws Permit Cross-Site 5: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks September 13, 2011 - 12:35pm Addthis PROBLEM: Multiple vulnerabilities were reported in Microsoft SharePoint. A remote user can conduct cross-site scripting attacks. PLATFORM: Version(s): SharePoint software ABSTRACT: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks. reference LINKS: MS11-074: Article ID: 2552998 SecurityTracker Alert ID: 1026040 CVE-2011-1893 CVE-2011-1892 CVE-2011-1891 CVE-2011-1890 CVE-2011-0653 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted URL or web site that, when loaded by a target user, will cause arbitrary scripting code to be executed

414

T-675: Apple Laptop Battery Interface Lets Local Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7:03am 7:03am Addthis PROBLEM: A vulnerability was reported in the battery interface used in Apple laptop models. A local user can cause denial of service conditions. PLATFORM: Mac OS X ABSTRACT: Apple Laptop Battery Interface Lets Local Users Deny Service reference LINKS: SecurityTracker Alert ID: 1025831 Apple Article: HT1222 Forbes Article IMPACT ASSESSMENT: Medium Discussion: The battery microcontroller interfaces uses common API keys. A local user with knowledge of the keys can control the microcontroller functions. This can be exploited to prevent the battery from being charged, interfere with battery heat regulation, or cause the battery to stop functioning. Impact: A local user can prevent the battery from charging, interfere with the battery heat regulation, or cause the battery to become unusable. Modern

415

U-094: EMC Documentum Content Server Lets Local Administrative Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: EMC Documentum Content Server Lets Local Administrative 4: EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges U-094: EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges February 2, 2012 - 9:15am Addthis PROBLEM: EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges PLATFORM: EMC Documentum Content Server 6.0, 6.5, 6.6 ABSTRACT: EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an unauthorized user to obtain highest administrative privileges on the system. reference LINKS: SecurityTracker Alert ID: 1026624 EMC Resource Library CVE-2011-4144 bugtraq ESA-2012-009 IMPACT ASSESSMENT: Medium Discussion: EMC Documentum Content Server contains a security vulnerability that may allow a system administrator to elevate their or other users privileges to

416

U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache mod_proxy Pattern Matching Bug Lets Remote Users 5: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers October 6, 2011 - 9:30am Addthis PROBLEM: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers. PLATFORM: Apache HTTP Server 1.3.x, 2.2.21 and prior versions ABSTRACT: A remote user can access internal servers. reference LINKS: The Apache HTTP Server Project SecurityTracker Alert ID: 1026144 CVE-2011-3368 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache mod_proxy. A remote user can access internal servers. When this system is configured in reverse proxy mode and uses the RewriteRule or ProxyPassMatch directives with a pattern match, a remote user can send a specially crafted request to access internal

417

V-085: Cisco Unity Express Input Validation Hole Permits Cross-Site Request  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Unity Express Input Validation Hole Permits Cross-Site 5: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks V-085: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks February 6, 2013 - 1:06am Addthis PROBLEM: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks PLATFORM: Cisco Unity Express prior to 8.0 ABSTRACT: A vulnerability was reported in Cisco Unity Express. REFERENCE LINKS: Cisco Security Notice SecurityTracker Alert ID: 1028075 CVE-2013-1120 IMPACT ASSESSMENT: Medium DISCUSSION: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by

418

U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary 8: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code January 25, 2012 - 6:00am Addthis PROBLEM: A remote user can execute arbitrary code on the target system. PLATFORM: Version(s): 12.5 SP3; pcAnywhere Solutions 7.1 GA, SP 1, and SP 2 ABSTRACT: Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system. reference LINKS: Symantec Advisory Secunia Advisory SecurityTracker Alert ID:102576 IMPACT ASSESSMENT: Medium Discussion: A remote user can send specially crafted data to TCP port 5631 to trigger a but in the validation of authentication data and execute arbitrary code.

419

V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users  

NLE Websites -- All DOE Office Websites (Extended Search)

9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE LINKS: RealPlayer Security Vulnerabilities Secunia Advisory SA51589 SecurityTracker Alert ID: 1027893 CVE-2012-5690 CVE-2012-5691 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. A remote user can create a specially crafted RealAudio file that, when

420

U-011: Cisco Security Response: Cisco TelePresence Video Communication  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Cisco Security Response: Cisco TelePresence Video 1: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability U-011: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability October 14, 2011 - 12:30pm Addthis PROBLEM: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability PLATFORM: Version(s): VCS prior to 7.0 ABSTRACT: A vulnerability was reported in Cisco TelePresence Video Communication Server. A remote user can conduct cross-site scripting attacks. reference LINKS: Cisco Document ID: 113264 SecurityTracker Alert ID: 1026186 CVE-2011-3294 IMPACT ASSESSMENT: Medium Discussion: A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

422

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

423

V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB13-09 SecurityTracker Alert ID: 1028277 CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

424

U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: HP-UX System Administration Manager Lets Local Users Gain 40: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges U-040: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges November 17, 2011 - 8:00am Addthis PROBLEM: HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31; running Enterprise Mobility Suite (EMS) prior to A.04.20.11.04_01 ABSTRACT: A local user can obtain elevated privileges on the target system. reference LINKS: HP Support Center Document ID: c03089106 CVE-2011-4159 SecurityTracker Alert ID: 1026331 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP-UX System Administration Manager. A local user can obtain elevated privileges on the target system. A local user can gain full control of the target system.

425

V-195: RSA Authentication Manager Lets Local Users View the Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

95: RSA Authentication Manager Lets Local Users View the 95: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password July 9, 2013 - 12:51am Addthis PROBLEM: RSA Authentication Manager Lets Local Users View the Administrative Account Password PLATFORM: RSA Authentication Manager 7.1, 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028742 CVE-2013-3273 RSA IMPACT ASSESSMENT: Medium DISCUSSION: When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace

426

U-071:HP Database Archiving Software Bugs Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1:HP Database Archiving Software Bugs Let Remote Users Execute 1:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code U-071:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code December 29, 2011 - 8:15am Addthis PROBLEM: HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Database Archiving Software v6.31 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Database Document ID: c03128302 SecurityTracker Alert ID: 1026467 CVE-2011-4163 CVE-2011-4164 CVE-2011-4165 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Database Archiving Software. A remote user can execute arbitrary code on the target system. Impact: A remote user can execute arbitrary code on the target system. Solution:

427

T-653: Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

53: Linux Kernel sigqueueinfo() Process Lets Local Users Send 53: Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed Signals T-653: Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed Signals June 23, 2011 - 4:49am Addthis PROBLEM: Userland should be able to trust the pid and uid of the sender of a signal if the si_code is SI_TKILL. PLATFORM: Version(s): prior to 2.6.38 ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user can send spoofed signals to other processes in certain cases. reference LINKS: OSVDB ID: 71652 SecurityTracker Alert ID: 1025690 Linux Update CVE-2011-1182 Linux Reference 1 Linux Reference 2 IMPACT ASSESSMENT: High Discussion: A local user with the ability to send signals to a process can spoof the uid and pid of the sending process via the sigqueueinfo() system call.

428

U-223: Bugzilla May Disclose Confidential Information to Remote Users |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Bugzilla May Disclose Confidential Information to Remote 3: Bugzilla May Disclose Confidential Information to Remote Users U-223: Bugzilla May Disclose Confidential Information to Remote Users July 30, 2012 - 7:00am Addthis PROBLEM: Bugzilla May Disclose Confidential Information to Remote Users PLATFORM: Version(s): 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 ABSTRACT: Two vulnerabilities were reported in Bugzilla. reference LINKS: The Vendor's Advisory Security Advisories CVE-2012-1969 CVE-2012-1968 SecurityTracker Alert ID: 1027320 Bug 777586 IMPACT ASSESSMENT: High Discussion: Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and attachments

429

U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets 2: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges August 23, 2012 - 7:00am Addthis PROBLEM: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges PLATFORM: Linux Kernel 3.2.x Linux Kernel 3.4.x Linux Kernel 3.5.x ABSTRACT: A vulnerability was reported in the Linux Kernel. reference LINKS: The Linux Kernel Archives SecurityTracker Alert ID: 1027434 Secunia Advisory SA50323 CVE-2012-3520 IMPACT ASSESSMENT: Medium Discussion: A local user can obtain elevated privileges on the target system. A local user may be able to send specially crafted Netlink messages to spoof SCM_CREDENTIALS and perform actions with elevated privileges.

430

Help:Links | Open Energy Information  

Open Energy Info (EERE)

Links Links Jump to: navigation, search There are four sorts of links in MediaWiki: internal links to other pages in the wiki external links to other websites interwiki links to other websites registered to the wiki in advance Interlanguage links to other websites registered as other language versions of the wiki Contents 1 Internal links 2 External links 2.1 How to avoid auto-links 3 Interwiki links 3.1 Interlanguage links 4 See also Internal links To add an internal link, enclose the name of the page you want to link to in double square brackets. When you save the page, you'll see the new link pointing to your page. If the page exists already it is displayed in blue, if it does not, in red. Selflinks to the current page are not transformed in URLs but displayed in bold. (If you really want to link to the current

431

Cobordisms to weakly splittable links  

E-Print Network (OSTI)

We show that if a link L with non-zero Alexander polynomial admits a locally flat cobordism to a `weakly m-split link', then the cobordism must have genus at least (m-1)/2. This generalises a recent result of J. Pardon.

Friedl, Stefan

2011-01-01T23:59:59.000Z

432

How deep are your links?  

Science Conference Proceedings (OSTI)

"If you operate a Web site and wish to link to this Site, you may link only to the home page of the Site and not to any other page or sub-domain of us…."-- The Dallas Morning News,www.dallasnews.com/registration/termsofservice.html

Aaron Weiss

2002-09-01T23:59:59.000Z

433

Educational Global Climate Change Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Educational Global Climate Change Links Educational Global Climate Change Links Evidence of the importance of global climate change to the future generation is reflected in the increasing number of queries CDIAC receives from students and educators, from a range of educational levels. We have compiled a listing of some sites that we hope will be of interest and of use to those looking for information, fun, ideas, and ways that they can make a difference. These links were chosen because we have found them useful in responding to those with inquiring minds. These links will take the user outside of CDIAC, and are by no means comprehensive. We are not responsible for the content or intent of these outside links. Tools you can use! NOAA's Global Climate Dashboard - The Global Climate Dashboard is

434

Assessment of Load and Energy Reduction Techniques (ALERT) Retrocommissioning Case Study of Two National Renewable Energy Laboratory (NREL) Sites  

E-Print Network (OSTI)

Portland Energy Conservation Incorporated (PECI) in conjunction with the National Renewable Energy Laboratory (NREL) staff performed an Assessment of Load and Energy Reduction Techniques (ALERT) retrocommissioning evaluation on several buildings located at the South Table Mountain site and National Wind Technology Center site located in Golden, Colorado. The retrocommissioning process involved a coordinated effort between PECI and NREL staff and was completed in November of 2002. Retrocommissioning (RCx), or existing building commissioning, is an event in the life of a building that applies a systematic investigation process for improving and optimizing a building's energy-using equipment such as the HVAC and other mechanical equipment, lighting equipment, and related controls. The investigation phase for this project identified 33 findings. This paper gives an overview of the project and discusses a few of the operations and maintenance (O&M) findings as well as capital improvement recommendations that have the greatest potential for energy savings. An update on the progress of implementation will also be discussed. The combined measures recommended for implementation result in an estimated total annual savings of 572,444 kWh, 54,114 therms, and a total utility cost savings of $44,040, which correspond to a 7.0% reduction in annual energy usage and 4.4% reduction in annual utility costs. With the measures already implemented, and those in the process thus far, the total estimated savings are 231,924 kWh, 51,550 therms, and $28,920 annual energy savings. Implementation costs were estimated at $56,380, which would result in a 1.9 year average payback. It cost approximately $0.09 per square foot to perform the ALERT RCx assessment. Of the 33 measures identified, energy savings were not calculated for 14 of them due to insufficient data at the time or they are very general and difficult to estimate. Most of the measures focus on O&M improvements, and many of these measures have been implemented, or under evaluation for implementation. It is not unreasonable to assume that the measures under evaluation, if selected for implementation, could account for an additional 1% energy and cost savings.

Luskay, L.; Haasl, T.; Schwab, J.; Beattie, D.

2003-01-01T23:59:59.000Z

435

Linking Resources and Structures: Increasing the Effectiveness...  

NLE Websites -- All DOE Office Websites (Extended Search)

Linking Resources and Structures: Increasing the Effectiveness of Energy Efficient Government Procurement Programs Title Linking Resources and Structures: Increasing the...

436

Related Links | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Related Links Related Links Related Links November 1, 2013 - 11:40am Addthis Need additional help or more information? DOE's CHP Technical Assistance Partnerships (CHP TAPs) provide local, individualized solutions to customers on specific combined heat and power (CHP) projects. Partners of DOE's CHP Program include federal and state agencies, non-governmental organizations, international entities, private clean energy companies, technology developers, and commercial builders and developers. Partners American Council for an Energy-Efficient Economy (ACEEE) Argonne National Laboratory (ANL) CHP Association International District Energy Association (IDEA) International Energy Agency (IEA) National Energy Technology Laboratory (NETL) New York State Energy Research and Development Authority (NYSERDA)

437

NREL: Energy Analysis - Related Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Related Links Related Links Here you'll find links to other programs, organizations, and information resources concerning other analysis capabilities, energy-modeling, and technology expertise related to renewable energy. International Applications NREL's International Program in its effort to promote the use of renewable energy as a tool for sustainable development, applies world-class expertise in technology development and deployment, economic analysis, resource assessment, project design and implementation, and policy formulation. Assisting State and Local Governments Using renewable energy and being energy efficient is smart. Not only does it protect the environment, it benefits the economy. Many mayors, governors, city/county commissioners, state legislators, state energy

438

Marine Animal Alert System -- Task 2.1.5.3: Development of Monitoring Technologies -- FY 2011 Progress Report  

SciTech Connect

The Marine Animal Alert System (MAAS) in development by the Pacific Northwest National Laboratory is focused on providing elements of compliance monitoring to support deployment of marine hydrokinetic energy devices. An initial focus is prototype tidal turbines to be deployed in Puget Sound in Washington State. The MAAS will help manage the risk of injury or mortality to marine animals from blade strike or contact with tidal turbines. In particular, development has focused on detection, classification, and localization of listed Southern Resident killer whales within 200 m of prototype turbines using both active and passive acoustic approaches. At the close of FY 2011, a passive acoustic system consisting of a pair of four-element star arrays and parallel processing of eight channels of acoustic receptions has been designed and built. Field tests of the prototype system are scheduled for the fourth quarter of calendar year 2011. Field deployment and testing of the passive acoustic prototype is scheduled for the first quarter of FY 2012. The design of an active acoustic system that could be built using commercially available off-the-shelf components from active acoustic system vendors is also in the final stages of design and specification.

Carlson, Thomas J.; Deng, Zhiqun; Myers, Joshua R.; Matzner, Shari; Copping, Andrea E.

2011-09-30T23:59:59.000Z

439

Plug-in Hybrid Links  

NLE Websites -- All DOE Office Websites (Extended Search)

Plug-in Hybrid Links Plug-in Hybrid Links Exit Fueleconomy.gov The links below are to pages that are not part of the fueleconomy.gov Web site. We offer these external links for your convenience in accessing additional information that may be useful or interesting to you. Plug-in Hybrid Vehicles and Manufacturers Chevrolet Volt Official site for the Chevrolet Volt Cadillac ELR Official site for the Cadillac ELR (arriving early 2014) Ford C-MAX Energi Plug-in Hybrid Official site for the C-MAX Energi Plug-in Hybrid Ford Fusion Energi Plug-in Hybrid Official site for the Fusion Energi Plug-in Hybrid Honda Accord Plug-in Official site for the Honda Accord Plug-in Hybrid Toyota Prius Plug-in Official site for the Toyota Prius Plug-in Hybrid Plug-in-Related Information and Tools

440

Linked Deposit Loan Program (Kentucky)  

Energy.gov (U.S. Department of Energy (DOE))

The Linked Deposit Program provides loan financing for small businesses of up to $100,000 for up to 7 years. The State Investment Commission invests funds from the state's Abandoned Property Cash...

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

Analytical Chemistry Databases and Links  

Science Conference Proceedings (OSTI)

Analytical chemistry websites, humor, Material Safety Data Sheets,Patent Information, and references. Analytical Chemistry Databases and Links Analytical Chemistry acid analysis Analytical Chemistry aocs applicants april articles atomic)FluorometryDiffer

442

Pages that link to "Principle Power Inc" | Open Energy Information  

Open Energy Info (EERE)

Northwest Area ( links) Washington's 7th congressional district ( links) Seattle, Washington ( links) King County, Washington ( links) Category:Energy...

443

Pages that link to "3TIER" | Open Energy Information  

Open Energy Info (EERE)

Northwest Area ( links) Washington's 7th congressional district ( links) Seattle, Washington ( links) King County, Washington ( links) Map of Clean...

444

Pages that link to "Ridgeline Energy LLC" | Open Energy Information  

Open Energy Info (EERE)

Northwest Area ( links) Washington's 7th congressional district ( links) Seattle, Washington ( links) King County, Washington ( links) Category:Energy...

445

Pages that link to "Apps for Energy Challenge Participant" |...  

Open Energy Info (EERE)

Energy Forecaster ( links) Energy Monitoring Made Simple (EMMS) ( links) Energy Usage Analytics ( links) Exploring Background Energy Usage ( links)...

446

Pages that link to "Property:Language" | Open Energy Information  

Open Energy Info (EERE)

7.0 ( links) Electricity Market Complex Adaptive System ( links) Retrofit Energy Savings Estimation Model ( links) RETFinance ( links) Benchmarking...

447

Links  

Energy.gov (U.S. Department of Energy (DOE))

More Legal Research ResourcesEnergy Law NetLegal Citation Style GuideNuclear Regulatory LegislationOpen CRSPublic Library of LawTreatiesU.S. Code Classification TablesU.S. Congressional Documents...

448

Links  

Science Conference Proceedings (OSTI)

Aug 23, 2012 ... Materials for Nuclear Power ... at my first Sandia job while working on weapons actually gave me the opportunity to systematize a broad range ...

449

Links  

Science Conference Proceedings (OSTI)

... SPIE 1663, 443–446, 1992. ... Wrobel, JJ, Ramp profiles for optical disc incubation , SPIE vol. 2338, optical data storage, p. 191-202, 1994. ...

450

Alternative Fuels Data Center: Electricity Related Links  

Alternative Fuels and Advanced Vehicles Data Center (EERE)

Electricity Electricity Printable Version Share this resource Send a link to Alternative Fuels Data Center: Electricity Related Links to someone by E-mail Share Alternative Fuels Data Center: Electricity Related Links on Facebook Tweet about Alternative Fuels Data Center: Electricity Related Links on Twitter Bookmark Alternative Fuels Data Center: Electricity Related Links on Google Bookmark Alternative Fuels Data Center: Electricity Related Links on Delicious Rank Alternative Fuels Data Center: Electricity Related Links on Digg Find More places to share Alternative Fuels Data Center: Electricity Related Links on AddThis.com... More in this section... Electricity Basics Production & Distribution Research & Development Related Links Benefits & Considerations Stations

451

Alternative Fuels Data Center: Biodiesel Related Links  

Alternative Fuels and Advanced Vehicles Data Center (EERE)

Biodiesel Biodiesel Printable Version Share this resource Send a link to Alternative Fuels Data Center: Biodiesel Related Links to someone by E-mail Share Alternative Fuels Data Center: Biodiesel Related Links on Facebook Tweet about Alternative Fuels Data Center: Biodiesel Related Links on Twitter Bookmark Alternative Fuels Data Center: Biodiesel Related Links on Google Bookmark Alternative Fuels Data Center: Biodiesel Related Links on Delicious Rank Alternative Fuels Data Center: Biodiesel Related Links on Digg Find More places to share Alternative Fuels Data Center: Biodiesel Related Links on AddThis.com... More in this section... Biodiesel Basics Blends Production & Distribution Specifications Related Links Benefits & Considerations Stations Vehicles Laws & Incentives

452

Alternative Fuels Data Center: Hydrogen Related Links  

Alternative Fuels and Advanced Vehicles Data Center (EERE)

Hydrogen Hydrogen Printable Version Share this resource Send a link to Alternative Fuels Data Center: Hydrogen Related Links to someone by E-mail Share Alternative Fuels Data Center: Hydrogen Related Links on Facebook Tweet about Alternative Fuels Data Center: Hydrogen Related Links on Twitter Bookmark Alternative Fuels Data Center: Hydrogen Related Links on Google Bookmark Alternative Fuels Data Center: Hydrogen Related Links on Delicious Rank Alternative Fuels Data Center: Hydrogen Related Links on Digg Find More places to share Alternative Fuels Data Center: Hydrogen Related Links on AddThis.com... More in this section... Hydrogen Basics Production & Distribution Research & Development Related Links Benefits & Considerations Stations Vehicles Laws & Incentives

453

Alternative Fuels Data Center: Ethanol Related Links  

Alternative Fuels and Advanced Vehicles Data Center (EERE)

Ethanol Ethanol Printable Version Share this resource Send a link to Alternative Fuels Data Center: Ethanol Related Links to someone by E-mail Share Alternative Fuels Data Center: Ethanol Related Links on Facebook Tweet about Alternative Fuels Data Center: Ethanol Related Links on Twitter Bookmark Alternative Fuels Data Center: Ethanol Related Links on Google Bookmark Alternative Fuels Data Center: Ethanol Related Links on Delicious Rank Alternative Fuels Data Center: Ethanol Related Links on Digg Find More places to share Alternative Fuels Data Center: Ethanol Related Links on AddThis.com... More in this section... Ethanol Basics Blends Specifications Production & Distribution Feedstocks Related Links Benefits & Considerations Stations Vehicles Laws & Incentives

454

Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Home > Field Offices > Welcome to the NNSA Production Office > Links Home > Field Offices > Welcome to the NNSA Production Office > Links Links NNSA HQ National Nuclear Security Administration Advanced Simulation & Computing NNSA Graduate Program NNSA Small Business Program Office of Defense Nuclear Nonproliferation Field Offices NNSA Albuquerque Complex Kansas City Field Office Livermore Field Office Los Alamos Field Office Naval Reactors Idaho Branch Office Nevada Field Office Sandia Field Office DOE Oak Ridge Sites Oak Ridge Office Oak Ridge National Laboratory UCOR Oak Ridge Institute for Science and Education Oak Ridge Site Specific Advisory Board American Museum of Science and Energy City of Oak Ridge Plants Laboratories Bechtel Nevada Bettis Laboratory Kansas City Plant Knolls Atomic Power Laboratory Lawrence Livermore National Laboratory

455

EIA - Related Links for Transportation  

U.S. Energy Information Administration (EIA) Indexed Site

Transportation Related Links Transportation Related Links Transportation Related Links government reports, data, and web sites (sorted alphabetically by primary agency) Date Last Updated/Reviewed: December 2006 Next Update/Review: April 2007 Federal and International Agencies and Institutes International Energy Agency (IEA) Dealing with Climate Change The International Energy Agency's »Dealing with Climate Change« database of policies and measures now features 2005 revisions and developments. The database has expanded to include more than 1400 records of the climate policy process in the IEA's 26 Member Countries since 1999. Member country governments have reviewed and endorsed the policies listed, reinforcing the informative value and authority of the database. The database is freely accessible online.

456

Related Links | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Related Links Related Links Related Links Private, public, and nonprofit organizations around the country offer a wide range of courses and other services to help you either improve your current skills or learn new ones. The sites featured here can help you find courses of specific interest as well as other information about training requirements for certain energy jobs. DOE Related Advanced Manufacturing Office: Training Find training sessions in your area and learn how to save energy in your manufacturing plant or commercial building. American Museum of Science & Energy Learn more about the American Museum of Science & Energy (AMSE), a DOE-sponsored museum in Oak Ridge, TN, that provides cultural, educational, and scientific programs and exhibits, as well as summer camps for kids.

457

Pages that link to "Glossary" | Open Energy Information  

Open Energy Info (EERE)

links) Property:Term ( links) Definition:Biofuels ( links) Definition:Algae fuel ( links) Definition:Algae ( links) Definition:Biodiesel (...

458

Energy Citations Database (ECD) - Site Map  

Office of Scientific and Technical Information (OSTI)

Site Map Home Basic Search Fielded Search Document Availability About ECD Help FAQ Contact Us Website Policies and Important Links Alerts Log On Alerts Registration Alerts Help...

459

EEO Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Jobs Working at NNSA Blog EEO Links Home > About Us > Our Operations > Management and Budget > Office of Civil Rights > EEO Links EEO Links DOE Office of Civil Rights (weblink)...

460

Prediction accuracy of link-quality estimators  

Science Conference Proceedings (OSTI)

The accuracy of link-quality estimators (LQE) is missioncritical in many application scenarios in wireless sensor networks (WSN), since the link-quality metric is used for routing decisions or neighborhood formation. Link-quality estimation must offer ...

Christian Renner; Sebastian Ernst; Christoph Weyer; Volker Turau

2011-02-01T23:59:59.000Z

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

BizLink Technology | Open Energy Information  

Open Energy Info (EERE)

BizLink Technology Jump to: navigation, search Name BizLink Technology Place Fremont, California Zip 94538 Sector Solar Product California-based manufacturer of solar modules,...

462

Related Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

Livermore Field Office > Related Links Related Links NNSA FOIA DOENNSA Telephone Directory U.S. Department of Energy Lawrence Livermore National Laboratory Printer-friendly...

463

Related Links | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

& Technology Programs > Office of Advanced Simulation and Computing and Institutional R&D Programs > Related Links Related Links NNSA Lab Directed Research and Development...

464

Linked Energy Data | OpenEI  

Open Energy Info (EERE)

Help Here are some outside resources to learn more about Linked Data technologies: Linked Data Guides and Tutorials SPARQL Tutorial About us Disclaimers Energy blogs Developer...

465

Tank alerting system  

SciTech Connect

An armored vehicle warning and defensive system against missile and warhead attack is described comprising: a plurality of sensor means, each sensor means including a plurality of infrared and millimeter wave detectors all of which detectors are connected to a single low power local transmitter associated respectively and located within each said sensor means, said local transmitter generating coded signals in response to an output from any detector in said respective sensor means; means within the armored vehicle to receive any of said coded signals from any of said sensor means local transmitters; and means to process and initiate warning to launch screening grenades against an incoming attacking missile or warhead in response to such receipt of any of said coded signals.

Schabdach, P.G.; Barditch, I.F.

1993-07-20T23:59:59.000Z

466

Bachelor Project Proximity Alert  

E-Print Network (OSTI)

is a set of data structures containing meaningful data about the project, packages and classes; moreover.3 Structure of the Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 Software Analysis 3 2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2.2 Plug-in structure

Lanza, Michele

467

Alternative Fuels Data Center: Propane Related Links  

Alternative Fuels and Advanced Vehicles Data Center (EERE)

Propane Propane Printable Version Share this resource Send a link to Alternative Fuels Data Center: Propane Related Links to someone by E-mail Share Alternative Fuels Data Center: Propane Related Links on Facebook Tweet about Alternative Fuels Data Center: Propane Related Links on Twitter Bookmark Alternative Fuels Data Center: Propane Related Links on Google Bookmark Alternative Fuels Data Center: Propane Related Links on Delicious Rank Alternative Fuels Data Center: Propane Related Links on Digg Find More places to share Alternative Fuels Data Center: Propane Related Links on AddThis.com... More in this section... Propane Basics Production & Distribution Related Links Benefits & Considerations Stations Vehicles Laws & Incentives Propane Related Links This list includes links related to propane. The Alternative Fuels Data

468

Utilising linked open data in applications  

Science Conference Proceedings (OSTI)

Over the past years, the Linked Data principles have successfully been applied, resulting in the Linked Open Data (LOD) cloud with over 200 datasets containing 26 billion statements, connected by 400 million typed links. Publishing into the LOD cloud ... Keywords: applications, consumption, linked data, web of data

Michael Hausenblas

2011-05-01T23:59:59.000Z

469

The case for anomalous link discovery  

Science Conference Proceedings (OSTI)

In this paper, we describe the challenges inherent to the task of link prediction, and we analyze one reason why many link prediction models perform poorly. Specifically, we demonstrate the effects of the extremely large class skew associated ... Keywords: anomalous link discovery, link prediction, relational learning

Matthew J. Rattigan; David Jensen

2005-12-01T23:59:59.000Z

470

Data Linking with Ontology Alignment Zhengjie Fan  

E-Print Network (OSTI)

Data Linking with Ontology Alignment Zhengjie Fan INRIA & LIG 655, avenue de l'Europe, Montbonnot data on the web, so that users can share information semantically. Then, linking isolated data sets to to be compared, so that it enhances the accuracy of the linking process. I propose a data linking method

471

INFORMATION: Management Alert on Environmental Management's Select Strategy for Disposition of Savannah River Site Depleted Uranium Oxides  

SciTech Connect

The Administration and the Congress, through policy statements and passage of the American Recovery and Reinvestment Act of 2009 (Recovery Act), have signaled that they hope that proactive actions by agency Inspectors General will help ensure that Federal Recovery Act activities are transparent, effective and efficient. In that context, the purpose of this management alert is to share with you concerns that have been raised to the Office of Inspector General regarding the planned disposition of the Savannah River Site's (SRS) inventory of Depleted Uranium (DU) oxides. This inventory, generated as a by-product of the nuclear weapons production process and amounting to approximately 15,600 drums of DU oxides, has been stored at SRS for decades. A Department source we deem reliable and credible recently came to the Office of Inspector General expressing concern that imminent actions are planned that may not provide for the most cost effective disposition of these materials. During April 2009, the Department chose to use funds provided under the Recovery Act to accelerate final disposition of the SRS inventory of DU oxides. After coordination with State of Utah regulators, elected officials and the U.S. Nuclear Regulatory Commission, the Department initiated a campaign to ship the material to a facility operated by EnergySolutions in Clive, Utah. Although one shipment of a portion of the material has already been sent to the EnergySolutions facility, the majority of the product remains at SRS. As had been planned, both for the shipment already made and those planned in the near term, the EnergySolutions facility was to have been the final disposal location for the material. Recently, a member of Congress and various Utah State officials raised questions regarding the radioactive and other constituents present in the DU oxides to be disposed of at the Clive, Utah, facility. These concerns revolved around the characterization of the material and its acceptability under existing licensing criteria. As a consequence, the Governor of Utah met with Department officials to voice concerns regarding further shipments of the material and to seek return of the initial shipment of DU oxides to SRS. Utah's objections and the Department's agreement to accede to the State's demands effectively prohibit the transfer of the remaining material from South Carolina to Utah. In response, the Department evaluated its options and issued a draft decision paper on March 1, 2010, which outlined an alternative for temporary storage until the final disposition issue could be resolved. Under the terms of the proposed option, the remaining shipments from SRS are to be sent on an interim basis to a facility owned by Waste Control Specialists (WCS) in Andrews, Texas. Clearly, this choice carries with it a number of significant logistical burdens, including substantial additional costs for, among several items, repackaging at SRS, transportation to Texas, storage at the interim site, and, repackaging and transportation to the yet-to-be-determined final disposition point. The Department source expressed the concern that the proposal to store the material on an interim basis in Texas was inefficient and unnecessary, asserting: (1) that the materials could remain at SRS until a final disposition path is identified, and that this could be done safely, securely and cost effectively; and, (2) that the nature of the material was not subject to existing compliance agreements with the State of South Carolina, suggesting the viability of keeping the material in storage at SRS until a permanent disposal site is definitively established. We noted that, while the Department's decision paper referred to 'numerous project and programmatic factors that make it impractical to retain the remaining inventory at Savannah River,' it did not outline the specific issues involved nor did it provide any substantive economic or environmental analysis supporting the need for the planned interim storage action. The only apparent driver in this case was a Recovery Act-related goal esta

None

2010-04-01T23:59:59.000Z

472

Pages that link to "Property:ProgramResources" | Open Energy...  

Open Energy Info (EERE)

Wind Energy Resource Assessment (SWERA) ( links) Power Technologies Energy Data Book ( links) Geospatial Toolkit ( links) Long range Energy Alternatives...

473

Pages that link to "United States Department of Energy" | Open...  

Open Energy Info (EERE)

Technology Cost and Performance Data ( links) Power Technologies Energy Data Book ( links) Geospatial Toolkit ( links) US Climate Change Technology Program...

474

Pages that link to "Property:Abstract" | Open Energy Information  

Open Energy Info (EERE)

Wind Energy Resource Assessment (SWERA) ( links) Power Technologies Energy Data Book ( links) Geospatial Toolkit ( links) Long range Energy Alternatives...

475

Pages that link to "Concentrating solar power" | Open Energy...  

Open Energy Info (EERE)

links) Participating Loan Program (Connecticut) ( links) Qualified Small Business Job Creation Tax Credit (Connecticut) ( links) Reduction of Greenhouse Gas Emissions...

476

Pages that link to "California Public Utilities Commission" ...  

Open Energy Info (EERE)

( links) GRRSection 8-CA-b - CPUC Process ( links) GRRSection 7 - Power Plant Siting, Construction, and Regulation Overview ( links) GRRSection...

477

Alternative Fuels Data Center: Related Links  

Alternative Fuels and Advanced Vehicles Data Center (EERE)

Related Links to Related Links to someone by E-mail Share Alternative Fuels Data Center: Related Links on Facebook Tweet about Alternative Fuels Data Center: Related Links on Twitter Bookmark Alternative Fuels Data Center: Related Links on Google Bookmark Alternative Fuels Data Center: Related Links on Delicious Rank Alternative Fuels Data Center: Related Links on Digg Find More places to share Alternative Fuels Data Center: Related Links on AddThis.com... Related Links For a list of additional resources about alternative fuels and advanced vehicles, select one or more categories below. All organizations are provided as suggested resources. The Alternative Fuels Data Center does not endorse these companies or the products and services listed on their websites (see disclaimer).

478

Pages that link to "Transportation" | Open Energy Information  

Open Energy Info (EERE)

( links) Israel-NREL Cooperation ( links) Transportation Energy Data Book ( links) OpenEI:Requested Pages ( links) User:TwongSandbox (...

479

Pages that link to "Oak Ridge National Laboratory" | Open Energy...  

Open Energy Info (EERE)

About ( links) User:GregZieboldLab Cloud ( links) Biomass Energy Data Book ( links) Transportation Energy Data Book ( links) U.S. DOE Hydropower...

480

Pages that link to "International Energy Agency (IEA)" | Open...  

Open Energy Info (EERE)

IEA Implementing Agreements ( links) Indonesia-IEA Activities ( links) Thailand-IEA Activities ( links) ASEAN-IEA Activities ( links) Asia Pacific...

Note: This page contains sample records for the topic "links securitytracker alert" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


481

Pages that link to "Pacific Northwest National Laboratory" |...  

Open Energy Info (EERE)

NREL ( links) Commercial Building National Accounts ( links) Water and energy studies ( links) Gateway:U.S. OpenLabs ( links) United States Department...

482