Powered by Deep Web Technologies
Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

Philosophy on Vulnerability Assessments  

NLE Websites -- All DOE Office Websites (Extended Search)

capabilities/vat/assess/ capabilities/vat/assess/ ARGONNE NATIONAL LABORATORY, Nuclear Engineering Division, 9700 South Cass Ave., Argonne, IL Philosophy on Vulnerability Assessments Argonne Vulnerability Assessment Team Roger G. Johnston, Ph.D., CPP , 630-252-6168 1. There are a number of conventional tools for finding security vulnerabilities. These include security surveys, risk management, design basis threat, CARVER Method, Delphi Method, software vulnerability assessment tools, infrastructure modeling, etc. 2. These tools have some value, and indeed we have used them all. 3. Experience has shown, however, that these methods do not usually result in dramatic improvements to security, nor do they reliably predict catastrophic security incidents that

2

Ecosystem Vulnerability Assessment - Patterns of Climate Change...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the Southwest Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the...

3

Plutonium Vulnerability Management Plan  

SciTech Connect

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

4

Knowledge Management and Visualization in Support of Vulnerability Assessment of Electricity Production  

SciTech Connect

With the rapid growth in demand of electricity, vulnerability assessment of electricity production and its availability has become essential to our economy, national defense, and quality of life. The main focus to date has generally been on protecting power plants and energy transmission systems. However, the extraction and delivery of fuels is also a critical component of the value chain for electricity production. A disruption at any point in the infrastructure could result in lost power production and delivery. The need for better analysis of fuel delivery vulnerabilities is pressing. Therefore, the purpose of this paper is to present the preliminary results of a research project that aims to analyze the vulnerability associated with delivery of fuels and to ensure availability of fuel supplies, by providing insight into likely vulnerability problems so that solutions and preventative methods may be devised. In this research project, a framework for electricity production vulnerability assessment was proposed. Different data sources were integrated into a data warehouse to allow interactive analysis of enormous historical datasets for coal transactions and coal transportation. By summarizing and slicing the historical datasets into different data cubes, the enormous datasets were able to be analyzed and visualized. An interactive GIS interface allows users to interact with it to perform different queries and then visualize the results. The analyses help decision makers understand the impact of fuel delivery disruption and the vulnerabilities in the coal transportation system. Thus, solutions and policies might be advised to avoid disruptions.

Dodrill, Keith; Garrett, J.H. (Carnegie Mellon); Matthews, S. (Carnegie Mellon); Shih, C-Y. (Carnegie Mellon); Soibelman, L. (Carnegie Mellon); McSurdy, S.

2007-01-01T23:59:59.000Z

5

Threat Insight Quarterly Vulnerability Management  

E-Print Network (OSTI)

X-Force ® Threat Insight Quarterly Vulnerability Management July 2006 #12;X - F O R C E T H R E.................. 7 X-Force Catastrophic Risk Index.............................. 10 Future X-Force Threat Insight Introduction There is a wide range of threats that can exist in any network. The presence of unpatched

6

T-731:Symantec IM Manager Code Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code Injection Vulnerability. PLATFORM: IM Manager versions prior to 8.4.18 are affected. ABSTRACT: Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. referecnce LINKS: Symantec Security Advisory SYM11-012 Symantec Security Updates Bugtraq ID: 49742 IMPACT ASSESSMENT: High Discussion: Symantec was notified of Cross-Site Scripting and Code injection/execution issues present in the Symantec IM Manager management console. The management console fails to properly filter/validate external inputs. Successful exploitation of SQL Injection or Remote Code execution might

7

Vulnerability Assessment Team (VAT) - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability Assessment Team Vulnerability Assessment Team VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

8

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

9

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

10

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

11

Useful Resources- Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Publications Selected Publications VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

12

Definitions, Seals - Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Definitions Definitions VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

13

Safety - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety Safety VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

14

CDKN-Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Cartagena Vulnerability Assessment Cartagena Vulnerability Assessment Jump to: navigation, search Name CDKN-Colombia-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] CDKN-Colombia-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=CDKN-Colombia-Cartagena_Vulnerability_Assessment&oldid=407543

15

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-214: HP Network Node Manager Java JDK / JRE Multiple U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

16

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager Java JDK / JRE Multiple 4: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

17

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Colombia-Cartagena Vulnerability Assessment Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] Colombia-CDKN-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=Colombia-Cartagena_Vulnerability_Assessment&oldid=699760"

18

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

19

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

20

Antioch University and EPA Webinar: Assessing Vulnerability of...  

Energy Savers (EERE)

Antioch University and EPA Webinar: Assessing Vulnerability of Water Conveyance Infrastructure from a Changing Climate in the Context of a Changing Landscape Antioch University and...

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Agency/Company /Organization Swiss Agency for Development and Cooperation Sector Energy, Land, Water Focus Area Agriculture Topics Co-benefits assessment, Background analysis Resource Type Lessons learned/best practices Website http://www.intercooperation.or Country India Southern Asia References India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change[1] India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Screenshot Contents 1 Introduction [1] 2 Community-based Institutions [2] 3 Pasture Land Development [3]

22

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM Maximo Asset Management Products Java Multiple 61: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

23

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple 1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

24

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-180: IBM Application Manager For Smart Business Multiple V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin 1640752 Secunia Advisory SA53844 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

25

Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of  

Open Energy Info (EERE)

Impacts, Vulnerability and Adaptation: The Case of Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Agency/Company /Organization World Agroforestry Centre Sector Land Focus Area Forestry Topics Adaptation, Background analysis, Co-benefits assessment Resource Type Publications Website http://www.worldagroforestry.o Country Philippines UN Region South-Eastern Asia References Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed[1] Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Screenshot This article is a stub. You can help OpenEI by expanding it.

26

New Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

More Information More Information VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

27

Insanely Fast Microprocessor Shop - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Insanely Fast Microprocessor Shop Insanely Fast Microprocessor Shop VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

28

About Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Seals Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

29

Findings and Lessons, Seals - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Findings and Lessons Learned Findings and Lessons Learned VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

30

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

31

Common Myths about Tamper Indicating Seals - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Common Myths about Tamper Common Myths about Tamper Indicating Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

32

V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

177: VMware vCenter Chargeback Manager File Upload Handling 177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability June 13, 2013 - 6:00am Addthis PROBLEM: vCenter Chargeback Manager Remote Code Execution PLATFORM: VMware vCenter Chargeback Manager 2.x ABSTRACT: The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution REFERENCE LINKS: Secunia Advisory SA53798 VMWare Security Advisory VMSA-2013-0008 CVE-2013-3520 IMPACT ASSESSMENT: Medium DISCUSSION: The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely. IMPACT: System Access SOLUTION: Vendor recommends updating to version 2.5.1

33

Rapid Sampling from Sealed Containers - Vulnerability Assessment Team -  

NLE Websites -- All DOE Office Websites (Extended Search)

Nonproliferation and Nonproliferation and National Security > VAT > Current Projects > Rapid Sampling Tools > ... from Sealed Containers VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Tamper & Intrusion Detection Rapid Sampling from Sealed Containers Demo video Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned

34

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure  

SciTech Connect

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

Suski, N; Wuest, C

2011-02-04T23:59:59.000Z

35

The Journal of Physical Security - Vulnerability Assessment Team - Argonne  

NLE Websites -- All DOE Office Websites (Extended Search)

Current Projects > The Journal of Physical Current Projects > The Journal of Physical Security VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

36

Developing new methodology for nuclear power plants vulnerability assessment  

Science Journals Connector (OSTI)

The fundamental aim of an efficient regulatory emergency preparedness and response system is to provide sustained emergency readiness and to prevent emergency situations and accidents. But when an event occurs, the regulatory mission is to mitigate consequences and to protect people and the environment against nuclear and radiological damage. The regulatory emergency response system, which would be activated in the case of a nuclear and/or radiological emergency and release of radioactivity to the environment, is an important element of a comprehensive national regulatory system of nuclear and radiation safety. In the past, national emergency systems explicitly did not include vulnerability assessments of the critical nuclear infrastructure as an important part of a comprehensive preparedness framework. But after the huge terrorist attack on 11/09/2001, decision-makers became aware that critical nuclear infrastructure could also be an attractive target to terrorism, with the purpose of using the physical and radioactive properties of the nuclear material to cause mass casualties, property damage, and detrimental economic and/or environmental impacts. The necessity to evaluate critical nuclear infrastructure vulnerability to threats like human errors, terrorist attacks and natural disasters, as well as preparation of emergency response plans with estimation of optimized costs, are of vital importance for assurance of safe nuclear facilities operation and national security. In this paper presented new methodology and solution methods for vulnerability assessment can help the overall national energy sector to identify and understand the terrorist threats to and vulnerabilities of its critical infrastructure. Moreover, adopted methodology could help national regulators and agencies to develop and implement a vulnerability awareness and education programs for their critical assets to enhance the security and a safe operation of the entire energy infrastructure. New methods can also assist nuclear power plants to develop, validate, and disseminate assessment and surveys of new efficient countermeasures. Consequently, concise description of developed new quantitative method and adapted new methodology for nuclear regulatory vulnerability assessment of nuclear power plants are presented.

Venceslav Kostadinov

2011-01-01T23:59:59.000Z

37

Seismic vulnerability assessment through explicit consideration of uncertainties in structural capacities and structural demands  

Science Journals Connector (OSTI)

Earthquakes are among the most important natural hazards confronting engineers, regulatory authorities, and the public at large. The assessment of structural seismic vulnerability has become the subject of intensive research. In this paper, a mathematical framework for seismic vulnerability assessment of building structures is presented, and the concept of vulnerability function is introduced and mathematically described, which is integrally related to the fragility assessment and reflects the susceptibility of a system to serious consequences. The limit state of a building structure is stated as the structural demand exceeding the structural capacity, so the methodology is developed based on a systematic treatment of uncertainties in seismic hazard, structural demands due to seismic hazard, and capacities of building structures in resisting limit states. The methods and assessment procedures are illustrated through a steel building frame, showing the presented methodology is an efficient tool in support of seismic vulnerability assessment. The explicit consideration of uncertainty is an integral part of the engineering risk management and decision process, and the methodology can also be applied to other buildings, bridges or civil infrastructure systems.

Quanwang Li; Jiankang Sun; Jiansheng Fan

2012-01-01T23:59:59.000Z

38

An assessment of fire vulnerability for aged electrical relays  

SciTech Connect

There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

1995-03-01T23:59:59.000Z

39

TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity for  

E-Print Network (OSTI)

TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity Govindarasu, Member, IEEE Abstract--Vulnerability assessment is a requirement of NERC's cybersecurity within the substation networks. Countermeasures are identified for improvement of the cybersecurity

Manimaran, Govindarasu

40

Climate Change Vulnerability Assessment for Idaho National Laboratory  

SciTech Connect

The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

2014-10-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

ISS-011, Vulnerability Assessment Standard 1/3 UCIT INFORMATION SECURITY STANDARDS  

E-Print Network (OSTI)

ISS-011, Vulnerability Assessment Standard 1/3 UCIT INFORMATION SECURITY STANDARDS Vulnerability Assessment Standard Rationale 1 To enable timely identification and mitigation of vulnerabilities and security flaws affecting computing devices within UofC's computing environment. Scope 2 2.1 This standard

Habib, Ayman

42

NSTB Summarizes Vulnerable Areas  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Commonly Found in Energy Control Systems Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. The paper "Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems" describes the vulnerabilities and recommended strategies for mitigating them. It should be of use to asset owners and operators, control system vendors, system integrators, and third-party vendors interested in enhancing the security characteristics of current and future products.

43

SP 800-40 Version 2.0. Creating a Patch and Vulnerability Management Program  

Science Journals Connector (OSTI)

This document provides guidance on creating a security patch and vulnerability management program and testing the effectiveness of that program. The primary audience is security managers who are responsible for designing and implementing the program. ... Keywords: Computer security, security patches, vulnerability management

Peter M. Mell; Tiffany Bergeron; David Henning

2005-11-01T23:59:59.000Z

44

Fuzzy integrated vulnerability assessment model for critical facilities in combating the terrorism  

Science Journals Connector (OSTI)

Critical facility vulnerability assessment is a highly complex strategic activity in combating the terrorism and necessitates a structured quantified methodology to support the decision-making process in defense planning. In the system perspective, the critical facility, such as airport, dam, governmental facility, harbor, nuclear power plant, oil plant etc., can be defined as a system that relies on a group of different interdependent logical and physical entities as system functions and system components. The aim of this paper is to present a realistic approach to determine the vulnerability of such a system defended against the terrorist attack under multiple criteria which can be both qualitative and quantitative by considering these interdependencies. The proposed approach, called fuzzy integrated vulnerability assessment model (FIVAM), is based on fuzzy set theory, Simple Multi-Attribute Rating Technique (SMART) and Fuzzy Cognitive Maps (FCM) methodology in a group decision-making environment. The FIVAM approach is presented step-by-step and applied to a simple case study on airport vulnerability assessment. The results of the application are compared to those observed through a classical vulnerability assessment model to illustrate the effectiveness of the FIVAM. Furthermore, FIVAM provides a framework to identify the hidden vulnerabilities caused by the functional interdependencies within the system. The results also show that FIVAM quantifies the vulnerability of the system, system functions and system components, and determines the most critical functions and components by simulating the system behavior.

Ilker Akgun; Ahmet Kandakoglu; Ahmet Fahri Ozok

2010-01-01T23:59:59.000Z

45

A comparison of threats, vulnerabilities and management approaches in global seagrass bioregions  

Science Journals Connector (OSTI)

Global seagrass habitats are threatened by multiple anthropogenic factors. Effective management of seagrasses requires information on the relative impacts of threats; however, this information is rarely available. Our goal was to use the knowledge of experts to assess the relative impacts of anthropogenic activities in six global seagrass bioregions. The activities that threaten seagrasses were identified at an international seagrass workshop and followed with a web-based survey to collect seagrass vulnerability information. There was a global consensus that urban/industrial runoff, urban/port infrastructure development, agricultural runoff and dredging had the greatest impact on seagrasses, though the order of relative impacts varied by bioregion. These activities are largely terrestrially based, highlighting the need for marine planning initiatives to be co-ordinated with adjacent watershed planning. Sea level rise and increases in the severity of cyclones were ranked highest relative to other climate change related activities, but overall the five climate change activities were ranked low and experts were uncertain of their effects on seagrasses. The experts' preferred mechanism of delivering management outcomes were processes such as policy development, planning and consultation rather than prescriptive management tools. Our approach to collecting expert opinion provides the required data to prioritize seagrass management actions at bioregional scales.

Alana Grech; Katie Chartrand-Miller; Paul Erftemeijer; Mark Fonseca; Len McKenzie; Michael Rasheed; Helen Taylor; Rob Coles

2012-01-01T23:59:59.000Z

46

Department of Energy Plutonium ES&H Vulnerability Assessment Savannah River Site interim compensatory measures  

SciTech Connect

The Savannah River Site (SRS) has recently completed a self-assessment of potential vulnerabilities associated with plutonium and other transuranic materials stored at the site. An independent Working Group Assessment Team (WGAT) appointed by DOE/ES&H also performed an independent assessment, and reviewed and validated the site self-assessment. The purpose of this report is to provide a status of interim compensatory measures at SRS to address hazards in advance of any corrective actions. ES&H has requested this status for all vulnerabilities ranked medium or higher with respect to potential consequences to workers, environment, and the public.

Bickford, W.E.

1994-09-15T23:59:59.000Z

47

Seismic vulnerability assessment of a high voltage disconnect switch  

Science Journals Connector (OSTI)

Abstract This paper deals with the seismic vulnerability of high voltage equipment typically installed in electric substations. In particular, the seismic response of a 380kV vertical disconnect switch has been investigated based on the results of an experimental campaign carried out at Roma Tre University. According to a series of non-linear analyses, the influence of the most significant parameters on the seismic behavior of this apparatus has been analyzed and the corresponding fragility curves have been evaluated by using the Effective Fragility Analysis method. The results showed a limited vulnerability of the disconnect switch, whose most critical parts are the bottom joint of the ceramic support column and the steel column base.

Fabrizio Paolacci; Renato Giannini; Silvia Alessandri; Gianmarco De Felice

2014-01-01T23:59:59.000Z

48

Using vulnerability assessments to design facility safeguards and security systems  

SciTech Connect

The Weapons Complex Reconfiguration (WCR) Program is meant to prepare the Department of Energy (DOE) weapons complex to meet the needs of the next century through construction of now facilities or upgrades-in-place at existing facilities. This paper describes how a vulnerability (VA) was used to identify potential S&S features for the conceptual design for a plutonium storage facility as part of the WCR Program. We distinguish those features of the design that need to be investigated at the conceptual stage from those that can be evaluated later. We also examined what protection features may allow reduced S&S operating costs, with the main focus on protective force costs. While some of these concepts hold the promise for significantly reducing life-cycle protective force costs, their use depends on resolving long-standing tradeoffs between S&S and safety, which are discussed in the study.

Snell, M.; Jaeger, C.

1994-08-01T23:59:59.000Z

49

Performing Energy Security Assessments- A How-To Guide for Federal Facility Managers  

Energy.gov (U.S. Department of Energy (DOE))

Guide describes the best practices and recommended process for federal facility managers to prepare for the following sections of a facilitys energy security plan: vulnerability assessments, energy preparedness and operations plans, and remedial action plans.

50

Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. To address the facility-specific and site-specific vulnerabilities, responsible DOE and site-contractor line organizations have developed initial site response plans. These plans, presented as Volume 2 of this Management Response Plan, describe the actions needed to mitigate or eliminate the facility- and site-specific vulnerabilities identified by the CSV Working Group field verification teams. Initial site response plans are described for: Brookhaven National Lab., Hanford Site, Idaho National Engineering Lab., Lawrence Livermore National Lab., Los Alamos National Lab., Oak Ridge Reservation, Rocky Flats Plant, Sandia National Laboratories, and Savannah River Site.

Not Available

1994-09-01T23:59:59.000Z

51

A METHOD FOR RAPID VULNERABILITY ASSESSMENT OF STRUCTURES LOADED BY OUTSIDE BLASTS  

E-Print Network (OSTI)

the structural reliability information for the vulnerability analysis. 1 Corresponding Author: Jamova 39, SI-1000 , Matjaz Leskovar, Marko Cepin, Borut Mavko "Jozef Stefan" Institute, Reactor Engineering Division Keywords blast loads, buildings, rapid assessment, structural reliability ABSTRACT The blast loads have in most

Cizelj, Leon

52

Assessment of U.S. Agriculture Sector and Human Vulnerability to a Rift Valley Fever Outbreak  

E-Print Network (OSTI)

on the assessment of the U.S. agricultural sector and human vulnerability to a Rift Valley Fever (RVF) outbreak and the value of a select set of alternative disease control strategies. RVF is a vector-borne, zoonotic disease that affects both livestock and humans...

Hughes, Randi Catherine

2011-08-08T23:59:59.000Z

53

Guidelines for conducting vulnerability assessments. [Susceptibility of programs to unauthorized use of resources  

SciTech Connect

The US General Accounting Office and executive agency Inspectors General have reported losses of millions of dollars in government funds resulting from fraud, waste and error. The Administration and the Congress have initiated determined efforts to eliminate such losses from government programs and activities. Primary emphasis in this effort is on the strengthening of accounting and administrative controls. Accordingly, the Office of Management and Budget (OMB) issued Circular No. A-123, Internal Control Systems, on October 28, 1981. The campaign to improve internal controls was endorsed by the Secretary of Energy in a memorandum to Heads of Departmental Components, dated March 13, 1981, Subject: Internal Control as a Deterrent to Fraud, Waste and Error. A vulnerability assessment is a review of the susceptibility of a program or function to unauthorized use of resources, errors in reports and information, and illegal or unethical acts. It is based on considerations of the environment in which the program or function is carried out, the inherent riskiness of the program or function, and a preliminary evaluation as to whether adequate safeguards exist and are functioning.

Not Available

1982-06-01T23:59:59.000Z

54

Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2  

SciTech Connect

The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

Fesharaki, F.; Rizer, J.P.; Greer, L.S.

1994-05-01T23:59:59.000Z

55

Assessment of Project Management Experience  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Assessment of Project Management Experience PMCDP for CEG Competency 1.12.2 Assessment of Project Management Experience PMCDP for CEG Competency 1.12.2 Applicant Name: Applicant Supervisor: Date (mm/dd/yyyy): Directions: Step 1: Use this template to show project management experience for CEG competency 1.12.2. Rate your experience (0 - 5) in the following project management related activities using the scale below. Step 2: Sign the completed form and have your supervisor review and sign it. Step 3: Once approved by your supervisor, submit the form as part of your Level I certification package. Note: Project management experience is distinguished from FPD experience and applies to general project management activities and experience. Positions that do not count towards experience in project management include: program manager, property manager, health, safety and security (HSS) positions, and

56

A watershed-based method for environmental vulnerability assessment with a case study of the Mid-Atlantic region  

SciTech Connect

The paper presents a method for environmental vulnerability assessment with a case study of the Mid-Atlantic region. The method is based on the concept of 'self-/peer-appraisal' of a watershed in term of vulnerability. The self-/peer-appraisal process is facilitated by two separate linear optimization programs. The analysis provided insights on the environmental conditions, in general, and the relative vulnerability pattern, in particular, of the Mid-Atlantic region. The suggested method offers a simple but effective and objective way to perform a regional environmental vulnerability assessment. Consequently the method can be used in various steps in environmental assessment and planning. - Highlights: Black-Right-Pointing-Pointer We present a method for regional environmental vulnerability assessment. Black-Right-Pointing-Pointer It is based on the self-/peer-appraisal concept in term of vulnerability. Black-Right-Pointing-Pointer The analysis is facilitated by two separate linear optimization programs. Black-Right-Pointing-Pointer The method provides insights on the regional relative vulnerability pattern.

Tran, Liem T., E-mail: ltran1@utk.edu [Department of Geography, University of Tennessee, Knoxville, TN (United States); O& #x27; Neill, Robert V. [OTIE and Associates, Oak Ridge, TN (United States); Smith, Elizabeth R. [U.S. Environmental Protection Agency, Office of Research and Development, National Exposure Research Laboratory, Research Triangle Park, NC (United States)

2012-04-15T23:59:59.000Z

57

Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Department of Energy U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Enhancing control systems security in the energy sector NSTB September 2006 LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS Raymond K. Fink David F. Spencer Rita A. Wells NSTB INL/CON-06-11665 iii ABSTRACT Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems, or components of those systems, were reviewed to identify common problem areas. The common vulnerabilities identified ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and

58

GAO-06-838R Contract Management: DOD Vulnerabilities to Contracting Fraud, Waste, and Abuse  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Accountability Office Accountability Office ington, DC 20548 Wash July 7, 2006 The Honorable John Warner Chairman The Honorable Carl Levin Ranking Member Committee on Armed Services United States Senate The Honorable Duncan Hunter Chairman The Honorable Ike Skelton Ranking Member Committee on Armed Services House of Representatives Subject: Contract Management: DOD Vulnerabilities to Contracting Fraud, Waste, and Abuse In recent years, the Department of Defense (DOD) has increasingly relied on goods and services provided by the private sector under contract. Since fiscal year 2000, DOD's contracting for goods and services has nearly doubled, and this trend is expected to continue. In fiscal year 2005 alone, DOD obligated nearly $270 billion on contracts for goods and services. Given the

59

Climate Change Vulnerability of Native and Alien Freshwater Fishes of California: A Systematic Assessment  

E-Print Network (OSTI)

Climate Change Vulnerability of Native and Alien Freshwater Fishes of California: A Systematic and climate change vulnerability scores were derived for 121 native and 43 alien fish species. The two scores baseline and greater climate change vulnerability than did alien species. Fifty percent of California

60

CRAD, Configuration Management Assessment Plan  

Energy.gov (U.S. Department of Energy (DOE))

The objective of this assessment is to determine whether a Configuration Management Program (CM) is in place which allows for the availability and retrievability of accurate information, improves response to design and operational decisions, enhances worker safety, increases facility safety and reliability, increases efficiency of work efforts, and helps maintain integrity of interfacing orders.

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Argonne's Vulnerability  

NLE Websites -- All DOE Office Websites (Extended Search)

finding finding and fixing security flaws Argonne's Vulnerability assessment Team VAT researchers spend their workdays devising and demonstrating ways to defeat a wide variety of security devices, systems, and programs, ranging from electronic voting machines and global positioning systems (GPS) to nuclear safeguards programs and biometrics-based access control. This involves analyzing the security features, reverse-engineering the technology or

62

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

63

Development of an ASTM standard guide on performing vulnerability assessments for nuclear facilities  

SciTech Connect

This paper describes an effort undertaken by subcommittee C26.12 (Safeguards) of the American Society for Testing and Materials (ASTM) to develop a standard guide for performing vulnerability assessments (VAs). VAs are performed to determine the effectiveness of safeguards and security systems for both domestic and international nuclear facilities. These assessments address a range of threats, including theft of nuclear material and sabotage, and use an array of methods. The approach to performing and documenting VAs is varied and is largely dependent upon the tools used to perform them. This diversity can lead to tools being misused, making validation of VAs more difficult. The development of a standard guide for performing VAs would, if generally accepted, alleviate these concerns. ASTM provides a forum for developing guides that includes a high level of peer review to assure that the result is acceptable to all potential users. Additionally, the ASTM is widely recognized for setting standards, and endorsement by the Society may increase the likelihood of acceptance by the nuclear community. The goal of this work is to develop a guide that is independent of the tools being used to perform the VA and applicable to the spectrum of threats described above.

Wilkey, D.D.

1995-09-01T23:59:59.000Z

64

Putting vulnerability to climate change on the map: a review of approaches, benefits, and risks  

SciTech Connect

There is growing demand among stakeholders across public and private institutions for spatially-explicit information regarding vulnerability to climate change at the local scale. However, the challenges associated with mapping the geography of climate change vulnerability are non-trivial, both conceptually and technically, suggesting the need for more critical evaluation of this practice. Here, we review climate change vulnerability mapping in the context of four key questions that are fundamental to assessment design. First, what are the goals of the assessment? A review of published assessments yields a range of objective statements that emphasize problem orientation or decision-making about adaptation actions. Second, how is the assessment of vulnerability framed? Assessments vary with respect to what values are assessed (vulnerability of what) and the underlying determinants of vulnerability that are considered (vulnerability to what). The selected frame ultimately influences perceptions of the primary driving forces of vulnerability as well as preferences regarding management alternatives. Third, what are the technical methods by which an assessment is conducted? The integration of vulnerability determinants into a common map remains an emergent and subjective practice associated with a number of methodological challenges. Fourth, who participates in the assessment and how will it be used to facilitate change? Assessments are often conducted under the auspices of benefiting stakeholders, yet many lack direct engagement with stakeholders. Each of these questions is reviewed in turn by drawing on an illustrative set of 45 vulnerability mapping studies appearing in the literature. A number of pathways for placing vulnerability

Preston, Benjamin L [ORNL

2011-01-01T23:59:59.000Z

65

Vulnerability Analysis of Energy Delivery Control Systems  

Energy Savers (EERE)

services and applications * Known vulnerabilities are mitigated through effective patch management and removal of unneeded applications and services. New vulnerabilities in...

66

Bureau of Land Management's Environmental Assessment | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Management's Environmental Assessment - T G Power LLC Hot Sulphur Springs Transmission Line, 120 kV Electric Power Line, Northern Independence Valley, Elko County, Nevada Bureau...

67

Manager's Signature Log Privacy Impact Assessment, Office of...  

Energy Savers (EERE)

Manager's Signature Log Privacy Impact Assessment, Office of Science Chicago Office Manager's Signature Log Privacy Impact Assessment, Office of Science Chicago Office Manager's...

68

Management Assessment and Independent Assessment Guide  

Directives, Delegations, and Requirements

The revision to this Guide reflects current assessment practices, international standards, and changes in the Department of Energy expectations. Cancels DOE G 414.1-1. Canceled by DOE G 414.1-1B.

2001-05-31T23:59:59.000Z

69

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Attachmate Reflection Products Java Multiple Vulnerabilities 2: Attachmate Reflection Products Java Multiple Vulnerabilities V-022: Attachmate Reflection Products Java Multiple Vulnerabilities November 13, 2012 - 1:00am Addthis PROBLEM: Attachmate Reflection Products Java Multiple Vulnerabilities PLATFORM: Reflection X 2011 Reflection Suite for X 2011 Reflection for Secure IT Server for Windows Reflection for Secure IT Client and Server for UNIX ABSTRACT: Security issues related to Reflection PKI Services Manager REFERENCE LINKS: PKI Services Manager Technical Note 2560 Secunia Advisory SA51256 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 IMPACT ASSESSMENT: High DISCUSSION: Attachmate has acknowledged multiple vulnerabilities in some Reflection

70

Senior Technical Safety Manager Qualification Program Self-Assessment...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Senior Technical Safety Manager Qualification Program Self-Assessment - Chief of Nuclear Safety Senior Technical Safety Manager Qualification Program Self-Assessment - Chief of...

71

Management and Independent Assessments Guide  

Directives, Delegations, and Requirements

The Guide reflects updated standards for assessment practices, international standards, and changes in DOE expectations related to quality assurance (QA). Cancels DOE G 414.1-1B.

2014-03-27T23:59:59.000Z

72

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

73

Cognitive decision errors and organization vulnerabilities in nuclear power plant safety management: Modeling using the TOGA meta-theory framework  

SciTech Connect

In the field of nuclear power plant (NPP) safety modeling, the perception of the role of socio-cognitive engineering (SCE) is continuously increasing. Today, the focus is especially on the identification of human and organization decisional errors caused by operators and managers under high-risk conditions, as evident by analyzing reports on nuclear incidents occurred in the past. At present, the engineering and social safety requirements need to enlarge their domain of interest in such a way to include all possible losses generating events that could be the consequences of an abnormal state of a NPP. Socio-cognitive modeling of Integrated Nuclear Safety Management (INSM) using the TOGA meta-theory has been discussed during the ICCAP 2011 Conference. In this paper, more detailed aspects of the cognitive decision-making and its possible human errors and organizational vulnerability are presented. The formal TOGA-based network model for cognitive decision-making enables to indicate and analyze nodes and arcs in which plant operators and managers errors may appear. The TOGA's multi-level IPK (Information, Preferences, Knowledge) model of abstract intelligent agents (AIAs) is applied. In the NPP context, super-safety approach is also discussed, by taking under consideration unexpected events and managing them from a systemic perspective. As the nature of human errors depends on the specific properties of the decision-maker and the decisional context of operation, a classification of decision-making using IPK is suggested. Several types of initial situations of decision-making useful for the diagnosis of NPP operators and managers errors are considered. The developed models can be used as a basis for applications to NPP educational or engineering simulators to be used for training the NPP executive staff. (authors)

Cappelli, M. [UTFISST, ENEA Casaccia, via Anguillarese 301, Rome (Italy); Gadomski, A. M. [ECONA, Centro Interuniversitario Elaborazione Cognitiva Sistemi Naturali e Artificiali, via dei Marsi 47, Rome (Italy); Sepiellis, M. [UTFISST, ENEA Casaccia, via Anguillarese 301, Rome (Italy); Wronikowska, M. W. [UTFISST, ENEA Casaccia, via Anguillarese 301, Rome (Italy); Poznan School of Social Sciences (Poland)

2012-07-01T23:59:59.000Z

74

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

75

Assessment and Management of Ecological Integrity  

E-Print Network (OSTI)

12.1 INTRODUCTION Assessing and understanding the impacts of human activities on aquatic ecosystems, and resilient to disturbance. Aquatic ecosystem level objectives may focus on management for habitat quality of restoration ecology. The term ecosystem health is often raised in discussions of ecological integrity. Per

Kwak, Thomas J.

76

PRIVACY IMPACT ASSESSMENT: Integrated Safety Management Workshop  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Integrated Integrated Safety Management Workshop Registration PIA Template Version 3 - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/o2061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Departmental Element&·Slte 16/Jun/09 Idaho National Laboratory Engineering Research Office Building (EROB) Name of-Information System or IT Project Integrated Safety Management Workshop Registration Exhibit Project UID 207765 NewPIA D Update 0 DOE PIA - ISMS Workshop Finallxw.doc N T "tl I

77

Numerical simulation of dynamic response of a long-span bridge to assess its vulnerability to non-synoptic wind  

Science Journals Connector (OSTI)

Abstract Winds generated by non-synoptic events such as those from tornadoes, microbursts or gust fronts, that are non-stationary or transient in nature and extreme in magnitude, can cause major damage to flexible structures. In this paper, a time-domain method is used to simulate the response of a long-span bridge subject to winds generated by a particular type of non-synoptic wind phenomenon such as a microburst to assess the vulnerability of the bridge to such winds. The self-excited or motion-induced and buffeting or turbulence-induced wind loads on the structure were modeled and simulated by Rational Functions and buffeting indicial functions, respectively. Wind from a translating microburst was simulated using empirical relationships that were derived from measurements of a laboratory-simulated microburst and the bridge response calculated to compare it with those induced by an equivalent straight-line wind that is used for structural design. It is shown that microburst induced structural vibration could be larger or smaller than the vibration induced by straight-line wind of equivalent magnitude depending on the relative size of the microburst with respect to the bridge span.

Bochao Cao; Partha P. Sarkar

2015-01-01T23:59:59.000Z

78

Seamless Energy Management Systems Part I: Assessment of Energy  

E-Print Network (OSTI)

Seamless Energy Management Systems Part I: Assessment of Energy Management Systems and Key to Engineer the Future Electric Energy System #12;#12;Seamless Energy Management Systems Part I: Assessment of Energy Management Systems and Key Technological Requirements Final Project Report Project Faculty Team

79

Privacy Impact Assessment OFEO Facilities Management System Facilities Center  

E-Print Network (OSTI)

Privacy Impact Assessment OFEO Facilities Management System ­ Facilities Center I. System Identification 1. IT System Name: Facilities Management System - FacilityCenter 2. IT System Sponsor: Office. IT System Manager: Michelle T. Gooch, Facilities Management Systems Manager 5. PIA Author: Michelle T. Gooch

Mathis, Wayne N.

80

Bonneville - Hood River Vegetation Management Environmental Assessment  

SciTech Connect

To maintain the reliability of its electrical system, BPA, in cooperation with the U.S. Forest Service, needs to expand the range of vegetation management options used to clear unwanted vegetation on about 20 miles of BPA transmission line right-of-way between Bonneville Dam and Hood River; Oregon, within the Columbia Gorge National Scenic Area (NSA). We propose to continue controlling undesirable vegetation using a program of Integrated Vegetation Management (IVM) which includes manual, biological and chemical treatment methods. BPA has prepared an Environmental Assessment (EA) (DOE/EA-1257) evaluating the proposed project. Based on the analysis in the EA, BPA has determined that the proposed action is not a major Federal action significantly affecting the quality of the human environment, within the meaning of the National Environmental Policy Act (NEPA) of 1969. Therefore, the preparation of an Environmental Impact Statement (EIS) is not required and BPA is issuing this FONSI.

N /A

1998-08-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Federal Energy Management Program: Assess Potential Agency Size Changes  

NLE Websites -- All DOE Office Websites (Extended Search)

Assess Potential Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions to someone by E-mail Share Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Facebook Tweet about Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Twitter Bookmark Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Google Bookmark Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Delicious Rank Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Digg Find More places to share Federal Energy Management Program: Assess

82

Radioactive Waste Management Complex performance assessment: Draft  

SciTech Connect

A radiological performance assessment of the Radioactive Waste Management Complex at the Idaho National Engineering Laboratory was conducted to demonstrate compliance with appropriate radiological criteria of the US Department of Energy and the US Environmental Protection Agency for protection of the general public. The calculations involved modeling the transport of radionuclides from buried waste, to surface soil and subsurface media, and eventually to members of the general public via air, ground water, and food chain pathways. Projections of doses were made for both offsite receptors and individuals intruding onto the site after closure. In addition, uncertainty analyses were performed. Results of calculations made using nominal data indicate that the radiological doses will be below appropriate radiological criteria throughout operations and after closure of the facility. Recommendations were made for future performance assessment calculations.

Case, M.J.; Maheras, S.J.; McKenzie-Carter, M.A.; Sussman, M.E.; Voilleque, P.

1990-06-01T23:59:59.000Z

83

Ecological risk assessment benefits environmental management  

SciTech Connect

The ecological risk assessment process in its ideal form is an unbiased approach for assessing the probability of harm to the environment as a consequence of a given action. This information can then be combined with other societal values and biases in the management of such risks. However, as the process currently is understood, decision makers often are accused of manipulating information in order to generate decisions or achieve buy in from the public in support of a particular political agenda. A clear understanding of the nature of the risk management process can help define areas where information should be free from social or personal bias, and areas where values and judgments are critical. The authors do not propose to discuss the individual`s decision-making process, but rather to address the social process of risk communication and environmentally-related decision-making, identifying which parts of that process require bias-free, scientifically generated information about the consequences of various actions and which parts need an understanding of the social values which underlie the informed choices among those possible actions.

Fairbrother, A.; Kapustka, L.A.; Williams, B.A. [Ecological Planning and Toxicology, Inc., Corvallis, OR (United States); Glicken, J. [Sandia National Labs., Albuquerque, NM (United States)

1994-12-31T23:59:59.000Z

84

Combining particle-tracking and geochemical data to assess public supply well vulnerability to arsenic and uranium q  

E-Print Network (OSTI)

. Bhattacharya, Associate Editor Keywords: Vulnerability Particle-tracking Arsenic Uranium Classification tree through aquifer systems and also through specific redox and pH zones within aquifers. Time were generally strongest for variables computed for distinct redox zones. Classification tree analysis

85

DOE's New Checklist Helps Plants Assess Energy Management Activities  

Energy.gov (U.S. Department of Energy (DOE))

DOE developed the Strategic Energy Management Checklist to help manufacturing facilities conduct a high-level assessment of their energy management practices and identify opportunities to achieve greater energy savings.

86

JC3 High Impact Assessment Bulletins | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

High Impact High Impact Assessment Bulletins JC3 High Impact Assessment Bulletins RSS August 9, 2013 V-215: NetworkMiner Directory Traversal and Insecure Library Loading Vulnerabilities The vulnerabilities are reported in versions 1.4.1 and prior August 8, 2013 V-214: Mozilla Firefox Multiple Vulnerabilities The vulnerabilities are reported in versions prior to 23.0. August 5, 2013 V-211: IBM iNotes Multiple Vulnerabilities IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability August 2, 2013 V -209:Cisco WAAS (Wide Area Application Services) Arbitrary Code Execution Vulnerabilities Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated,

87

CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT This Fiscal Year 2008 Civilian Radioactive Waste Management Fee Adequacy Letter Report presents an evaluation of the adequacy of the one mill per kilowatt-hour fee paid by commercial nuclear power generators for the permanent disposal of their spent nuclear fuel by the Government. This evaluation recommends no fee change. CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT More Documents & Publications FY 2007 Fee Adequacy, Pub 2008 Fiscal Year 2007 Civilian Radioactive Waste Management Fee Adequacy Assessment Report January 16, 2013 Secretarial Determination of the Adequacy of the Nuclear

88

Senior Technical Safety Manager Qualification Program Self-Assessment -  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Senior Technical Safety Manager Qualification Program Senior Technical Safety Manager Qualification Program Self-Assessment - Chief of Nuclear Safety Senior Technical Safety Manager Qualification Program Self-Assessment - Chief of Nuclear Safety A self-assessment of the CNS Senior Technical Safety Manager (STSM) Qualification Program was conducted during the week of July 8, 2013, when all STSM-qualified staff members were present in Germantown, Maryland. This was the first self-assessment that CNS has conducted. In accordance CNS Standard Operating Procedure SOP-016, Senior Technical Safety Manager Qualification Program, a self-assessment is required once every four years. Chief of Nuclear Safety STSM Self-Assessment, August 2013 More Documents & Publications 2010 Annual Workforce Analysis and Staffing Plan Report - Chief of Nuclear

89

Vulnerability in Climate Change Research: A Comprehensive Conceptual Framework  

E-Print Network (OSTI)

hazards assessments, for instance, have regarded naturaladdressing natural hazards and vulnerability assessments ad-assessment developed by Klein and Nicholls (1999) sees natural

Fssel, HansMartin

2005-01-01T23:59:59.000Z

90

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Medium Impact Medium Impact Assessment Bulletins JC3 Medium Impact Assessment Bulletins RSS December 4, 2012 V-039: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability Samsung has issued a security advisory and an optional firmware update for all current Samsung networked laser printers and multifunction devices to enhance Simple Network Management Protocol (SNMP) security. November 30, 2012 V-037: Wireshark Multiple Bugs Let Remote Users Deny Service Several vulnerabilities were reported in Wireshark. November 29, 2012 V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. November 27, 2012 V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws

91

An Open-Source Learning Content Management and Assessment System  

E-Print Network (OSTI)

LON-CAPA An Open-Source Learning Content Management and Assessment System Gerd Kortemeyer-CAPA is free open-source a learning content management system an assessment system around since 1992 #12 and ?merson Cruz Michigan State University #12;Overview Presentation Outline: ·System Overview

92

An Open-Source Learning Content Management and Assessment System  

E-Print Network (OSTI)

LON-CAPA An Open-Source Learning Content Management and Assessment System Gerd Kortemeyer Michigan State University #12;LON-CAPA Overview · LON-CAPA is free open-source a learning content management system an assessment system around since 1992 #12;Free and Open-Source · Free: "Free beer

93

Independent Oversight Assessment, DOE Office of Environmental Management  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Assessment, DOE Office of Environmental Assessment, DOE Office of Environmental Management Headquarters - November 2012 Independent Oversight Assessment, DOE Office of Environmental Management Headquarters - November 2012 November 2012 Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters The U.S. Department of Energy (DOE) Office of Enforcement and Oversight (Independent Oversight), within the Office of Health, Safety and Security (HSS), conducted an independent assessment of the safety culture1 at the DOE Office of Environmental Management (EM) - Headquarters (EM-HQ). The primary objective of the evaluation was to provide information regarding the status of the safety culture at EM-HQ. The data collection phase of the assessment occurred in April and May 2012.

94

Risk Assessment & Management Information | Department of Energy  

Office of Environmental Management (EM)

Regulatory Framework, April 2012 Risk Assessment Technical Experts Working Group (RWG) web page DOE Standard on Development and Use of Probabilistic Risk Assessment in DOE...

95

A systematic review of socio-economic assessments in support of coastal zone management (19922011)  

Science Journals Connector (OSTI)

Abstract Cooperation between the social and natural sciences has become essential in order to encompass all the dimensions of coastal zone management. Socio-economic approaches are increasingly recommended to complement integrated assessment in support of these initiatives. A systematic review of the academic literature was carried out in order to analyze the main types of socio-economic assessments used to inform the coastal zone management process as well as their effectiveness. A corpus of 1682 articles published between 1992 and 2011 was identified by means of the representative coverage approach, from which 170 were selected by applying inclusion/exclusion criteria and then classified using a content analysis methodology. The percentage of articles that mention the use of socio-economic assessment in support of coastal zone management initiatives is increasing but remains relatively low. The review examines the links between the issues addressed by integrated assessments and the chosen analytical frameworks as well as the various economic assessment methods which are used in the successive steps of the coastal zone management process. The results show that i) analytical frameworks such as risk and vulnerability, DPSIR, valuation, ecosystem services and preferences are likely to lead to effective integration of social sciences in coastal zone management research while integration, sustainability and participation remain difficult to operationalize, ii) risk assessments are insufficiently implemented in developing countries, and iii) indicator systems in support of multi-criteria analyses could be used during more stages of the coastal zone management process. Finally, it is suggested that improved collaboration between science and management would require that scientists currently involved in coastal zone management processes further educate themselves in integrated assessment approaches and participatory methodologies.

Eric Le Gentil; Rmi Mongruel

2015-01-01T23:59:59.000Z

96

V-145: IBM Tivoli Federated Identity Manager Products Java Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: IBM Tivoli Federated Identity Manager Products Java Multiple 5: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 - 12:09am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities PLATFORM: IBM Tivoli Federated Identity Manager versions 6.1, 6.2.0, 6.2.1, and 6.2.2. IBM Tivoli Federated Identity Manager Business Gateway versions 6.1.1, 6.2.0, 6.2.1 and 6.2.2. ABSTRACT: IBM has acknowledged a weakness and two vulnerabilities in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway REFERENCE LINKS: IBM Reference #:1634544 Secunia Advisory SA53233 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: Medium DISCUSSION: CVE-2013-0440 - Unspecified vulnerability in IBM Java

97

CRAD, Configuration Management Assessment Plan | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Configuration Management Assessment Plan Configuration Management Assessment Plan CRAD, Configuration Management Assessment Plan Performance Objective: The objective of this assessment is to determine whether a Configuration Management Program (CM) is in place which allows for the availability and retrievability of accurate information, improves response to design and operational decisions, enhances worker safety, increases facility safety and reliability, increases efficiency of work efforts, and helps maintain integrity of interfacing orders. Criteria: The CM program supports DOE program implementation through the following: It provides the mechanisms for identifying, cataloging, and maintaining the design requirements and design basis (established to satisfy DOE O 420.1 Facility Safety). It carries forward the technical baseline established in the design

98

Probabilistic Risk Assessment for dairy waste management systems  

E-Print Network (OSTI)

Probabilistic Risk Assessment (PRA) techniques were used to evaluate the risk of contamination of surface and ground water with wastewater from an open lot dairy in Erath County, Texas. The dairy supported a complex waste management system...

Leigh, Edward Marshall

2012-06-07T23:59:59.000Z

99

COMPARATIVE HEALTH IMPACT ASSESSMENTS ON FECAL SLUDGE MANAGEMENT PRACTICES  

E-Print Network (OSTI)

i COMPARATIVE HEALTH IMPACT ASSESSMENTS ON FECAL SLUDGE MANAGEMENT PRACTICES: A CASE STUDY OF KLONG Fecal sludge (FS) is widely acknowledged as a major source of infectious pathogens. However, the proper

Richner, Heinz

100

An Application of Qualitative Risk Assessment in Park Management  

E-Print Network (OSTI)

An Application of Qualitative Risk Assessment in Park Management Janet M. Carey, Mark A. Burgman, Cameron Miller and Yung En Chee * T he identification and prioritisation of natural values we describe an application of ecological risk assessment techniques for identifying and analysing

Burgman, Mark

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

Application of Risk Assessment and Management to Nuclear Safety |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Application of Risk Assessment and Management to Nuclear Safety Application of Risk Assessment and Management to Nuclear Safety Application of Risk Assessment and Management to Nuclear Safety September 20, 2012 Presenter: Commissioner George Apostolakis US Nuclear Regulatory Commission Topics covered: Management of (unquantified at the time) uncertainty was always a concern. Defense-in-depth and safety margins became embedded in the regulations. "Defense-in-Depth is an element of the NRC's safety philosophy that employs successive compensatory measures to prevent accidents or mitigate damage if a malfunction, accident, or naturally caused event occurs at a nuclear facility." [Commission's White Paper, February 1999] Design Basis Accidents are postulated accidents that a nuclear facility must be designed and built to withstand without loss to the

102

NGNP Risk Management through Assessing Technology Readiness  

SciTech Connect

Throughout the Next Generation Nuclear Plant (NGNP) project life cycle, technical risks are identified, analyzed, and mitigated and decisions are made regarding the design and selection of plant and sub-system configurations, components and their fabrication materials, and operating conditions. Risk resolution and decision making are key elements that help achieve project completion within budget and schedule constraints and desired plant availability. To achieve this objective, a formal decision-making and risk management process was developed for NGNP, based on proven systems engineering principles that have guided aerospace and military applications.

John W. Collins

2010-08-01T23:59:59.000Z

103

Methodology for assessing performance of waste management systems  

SciTech Connect

The purpose of the methodology provided in this report is to select the optimal way to manage particular sets of waste streams from generation to disposal in a safe and cost-effective manner. The methodology described is designed to review the entire waste management system, assess its performance, ensure that the performance objectives are met, compare different LLW management alternatives, and select the optimal alternative. The methodology is based on decision analysis approach, in which costs and risk are considered for various LLW management alternatives, a comparison of costs, risks, and benefits is made, and an optimal system is selected which minimizes costs and risks and maximizes benefits. A ''zoom-lens'' approach is suggested, i.e., one begins by looking at gross features and gradually proceeds to more and more detail. Performance assessment requires certain information about the characteristics of the waste streams and about the various components of the waste management system. Waste acceptance criteria must be known for each component of the waste management system. Performance assessment for each component requires data about properties of the waste streams and operational and design characteristics of the processing or disposal components. 34 refs., 2 figs., 1 tab.

Meshkov, N.K.; Herzenberg, C.L.; Camasta, S.F.

1988-01-01T23:59:59.000Z

104

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

-. -. ., ,-- -.' * PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: ELECTRONIC RECORDS KEEPING SYSTEM PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1. Department of Energy Privacy Program, Appendix A. Privacy Impact Assessments. for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetext/neword/206/02061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Deparbnental Element & Site . June 4, 2009 Office of Legacy Management, Morgantown, WV :;:~:f~~r~;;:reC: LM Records Handling System (LMRHS01) - Electronic Records Keeping System exhibit Project UID 019-10-01-31-02-1014-00

105

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

* PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM ROCKY FLATS ENVIRONMENTAL RECORDS DATABASE PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/o2061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Departmental Element & Site June 4,2009 Office of Legacy Management, Morgantown, WV Name of Information LM Records Handling System (LMRHS01) - Rocky Flats Environmental Records System or IT Project Database exhibit Project UID 019-10-01-31-02-1014-00

106

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

,. - -i * PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: FERNALD HISTORICAL RECORDS SYSTEM PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/02061.pdf Please complete electronically: no hand-written slibmisslons will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Departmental Element & SIte· June 4, 2009 Office of Legacy Management, Morgantown, WV Name of Information System or IT Project LM Records Handling System (LMRHS01) - Fernald Historical Records System exhIbit Project UIO 019-10-01-31-02-1014-00

107

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

'" '" " * .1 * PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: FREEDOM OF INFORMAnON ACT/ PRIVACY ACT PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/02061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Oeparbn~ntal Element" Site June 4, 2009 Office of Legacy Management, Morgantown, WV Name of Information System or IT Project LM Records Handling System (LMRHS01) - Freedom of Information Act/Privacy

108

Assessment of LANL PCB waste management documentation  

SciTech Connect

The objective of this report is to present findings from evaluating the Los Alamos National Laboratory (LANL) Polychlorinated Biphenyls (PCB) Waste Acceptance Criteria (WAC) to determine if it meets applicable DOE and Code of Federal Regulation (CFR) requirements. DOE Order 5820.2A and 40 CFR 761 (Polychlorinated Biphenyls Manufacturing, Processing, Distribution in Commerce, and Use Prohibitions) set forth requirements and guidelines for the establishment of Waste Acceptance Criteria. The primary purpose of a PCB WAC is to provide generators and waste management with established criteria that must be met before PCB wastes can be accepted for treatment, storage, and/or disposal. An annotated outline for a generic PCB WAC was developed based on the requirements of 5820.2A and 40 CFR 761. The major elements that should be addressed by a PCB WAC were determined to be as follows: Waste Package/Container, Waste Forms, PCB Concentrations, Labeling, and Data Package Certification.

David, K.D.; Hoevemeyer, S.S.; Stirrup, T.S. [Wastren, Inc., Idaho Falls, ID (United States); Jennrich, E.A.; Lund, D.M. [Rogers and Associates Engineering Corp., Salt Lake City, UT (United States)

1991-04-01T23:59:59.000Z

109

Nondestructive radioassay for waste management: an assessment  

SciTech Connect

Nondestructive Assay (NDA) for Transuranic Waste Management is used to mean determining the amount of transuranic (TRU) isotopes in crates, drums, boxes, cans, or other containers without having to open the container. It also means determining the amount of TRU in soil, bore holes, and other environmental testing areas without having to go through extensive laboratory wet chemistry analyses. it refers to radioassay techniques used to check for contamination on objects after decontamination and to determine amounts of TRU in waste processing streams without taking samples to a laboratory. Gednerally, NDA instrumentation in this context refers to all use of radioassay which does not involve taking samples and using wet chemistry techniques. NDA instruments have been used for waste assay at some sites for over 10 years and other sites are just beginning to consider assay of wastes. The instrumentation used at several sites is discussed in this report. Almost all these instruments in use today were developed for special nuclear materials safeguards purposes and assay TRU waste down to the 500 nCi/g range. The need for instruments to assay alpha particle emitters at 10 nCi/g or less has risen from the wish to distinguish between Low Level Waste (LLW) and TRU Waste at the defined interface of 10 nCi/g. Wastes have historically been handled as TRU wastes if they were just suspected to be transuranically contaminated but their exact status was unknown. Economic and political considerations make this practice undesirable since it is easier and less costly to handle LLW. This prompted waste generators to want better instrumentation and led the Transuranic Waste Management Program to develop and test instrumentation capable of assaying many types of waste at the 10 nCi/g level. These instruments are discussed.

Lehmkuhl, G.D.

1981-06-01T23:59:59.000Z

110

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Shockwave Player Multiple Vulnerabilities 1: Adobe Shockwave Player Multiple Vulnerabilities V-131: Adobe Shockwave Player Multiple Vulnerabilities April 11, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Shockwave Player PLATFORM: The vulnerabilities are reported in versions 12.0.0.112 and prior ABSTRACT: This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system REFERENCE LINKS: Secunia Advisory: SA52981 Adobe Security Bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385 CVE-2013-1386 IMPACT ASSESSMENT: High DISCUSSION: This update resolves : 1) A buffer overflow vulnerability that could lead to code execution 2) Memory corruption vulnerabilities that could lead to code execution 3) Memory leakage vulnerability that could be exploited to reduce the

111

Environmental Assessment : Squawfish Management Program : Final.  

SciTech Connect

Bonneville Power Administration (BPA) proposes to decrease the number of northern squawfish (Ptychocheilus oregonensis) in reservoirs in the Columbia River system. The goal of the Squawfish Management Program is to reduce losses of outmigrating juvenile salmon and steelhead (salmonids) to northern squawfish predation. The objective is to reduce the number of northern squawfish that feed on juvenile salmonids (smolts) by 10 to 20 percent to alter the age and size structure of the northern squawfish population. The hypothesis, based on computer modeling, indicates that sustained northern squawfish harvest (5 to 10 years) and the resultant population restructuring may reduce losses of juvenile salmonids to predation by up to 50 percent or more within 10 years. The proposed action would target northern squawfish 11 inches and longer, the size in which northern squawfish being preying significantly on juvenile salmonids. BPA proposes to fund three types of fisheries to harvest northern squawfish. BPA also proposes to fund monitoring activities of these fisheries to determine whether desired or other results occur. The three fisheries methods proposed are: (1) commercial Tribal fishing; (2) sport reward fishing; and (3) fishing from restricted areas of each dam ( dam angling''). These fisheries were tested in 1990 and 1991.

United States. Bonneville Power Administration.

1992-05-01T23:59:59.000Z

112

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

OFFICE OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: ENERGY EMPLOYEES OCCUPATIONAL ILLNESS COMPENSATION PROGRAM ACT PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance Is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/02061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE I - PRIVACY NEEDS ASSESSMENT Date Departmental Element &Site June 4, 2009 Office of Legacy Management, Morgantown, WV Name of Information LM Records Handling System (LMRHS01) - Energy Employees Occupational Illness System or IT Project Compensation Program Act exhibit

113

Climate Change and Infrastructure, Urban Systems, and Vulnerabilities  

SciTech Connect

This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

Wilbanks, Thomas J [ORNL] [ORNL; Fernandez, Steven J [ORNL] [ORNL

2014-01-01T23:59:59.000Z

114

Thermodynamic data management system for nuclear waste disposal performance assessment  

SciTech Connect

Thermodynamic property values for use in assessing the performance of a nuclear waste repository are described. More emphasis is on a computerized data base management system which facilitates use of the thermodynamic data in sensitivity analysis and other studies which critically assess the performance of disposal sites. Examples are given of critical evaluation procedures; comparison of apparent equilibrium constants calculated from the data base, with other work; and of correlations useful in estimating missing values of both free energy and enthalpy of formation for aqueous species. 49 refs., 11 figs., 6 tabs.

Phillips, S.L.; Hale, F.V.; Siegel, M.D.

1988-04-01T23:59:59.000Z

115

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Secure Gateway Unspecified Vulnerability 6: Citrix Secure Gateway Unspecified Vulnerability T-566: Citrix Secure Gateway Unspecified Vulnerability February 28, 2011 - 11:22pm Addthis PROBLEM: Citrix Secure Gateway Unspecified Vulnerability. PLATFORM: Citrix Secure Gateway version 3.1.4 ABSTRACT: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia Advisory SA43497 Citrix Support IMPACT ASSESSMENT: High Discussion: This vulnerability only affects Secure Gateway version 3.1.4. Secure Gateway version 3.2.0 is not affected by this vulnerability, but Citrix recommends that customers currently using this version upgrade their deployments to version 3.2.1 in line with the guidance provided in

116

V-038: Google Chrome Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Two Vulnerabilities 8: Google Chrome Two Vulnerabilities V-038: Google Chrome Two Vulnerabilities December 3, 2012 - 1:00am Addthis PROBLEM: Google Chrome Two Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 23.0.1271.95. ABSTRACT: Two vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA51447 CVE-2012-5137 CVE-2012-5138 IMPACT ASSESSMENT: High DISCUSSION: Two vulnerabilities have been reported in Google Chrome, where one has an unknown impact and the other can be exploited by malicious people to compromise a user's system. 1) An error exists when handling file paths. 2) A use-after-free error exists when handling media sources. The vulnerabilities are reported in versions prior to 23.0.1271.95. IMPACT:

117

Assessment of Disposal Options for DOE-Managed High-Level Radioactive...  

Office of Environmental Management (EM)

Assessment of Disposal Options for DOE-Managed High-Level Radioactive Waste and Spent Nuclear Fuel Assessment of Disposal Options for DOE-Managed High-Level Radioactive Waste and...

118

Assessment and Corrective Management for Fish Populations in Small Impoundments.  

E-Print Network (OSTI)

. This ASSESSMENT publication was developed by the Texas Chapter of the American Fisheries Society as a companion volume to STOCKING AND MANAGEMENT RECOMMENDATIONS FOR TEXAS FARM PONDS and represents expertise gathered from fisheries biologists, producers... of Farm Pond Fertilization. PWD Brochure 3000-24. Printed June 1978. Texas Agricultural Extension Service Department of Wildlife and Fisheries Nagle Hall - Texas A&M College Station, Texas 77843 Higginbotham, Billy. 2 pages. Threadfin Shad...

Anonymous,

1985-01-01T23:59:59.000Z

119

WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE  

E-Print Network (OSTI)

WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE WARMING IN THE SIERRA NEVADA: Water Year explores the sensitivity of water indexing methods to climate change scenarios to better understand how water management decisions and allocations will be affected by climate change. Many water management

120

Independent Oversight Assessment, DOE Office of Environmental Management Headquarters- November 2012  

Energy.gov (U.S. Department of Energy (DOE))

Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

94: IBM Multiple Products Multiple Vulnerabilities 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1 IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2 ABSTRACT: A weakness and multiple vulnerabilities have been reported in multiple IBM products. REFERENCE LINKS: IBM Reference #:1625624 IBM Product Security Incident Response Blog Secunia Advisory SA52132

122

Information technologies for global resources management and environmental assessment  

SciTech Connect

Recent advances in computer and communications technologies offer unprecedented opportunities to develop sophisticated information resources management systems for global resources management and environment assessment in an efficient, effective, and systematic manner. In this paper, the emerging global energy and environmental issues are identified. Since satellite-based remote sensing systems are becoming increasingly available and produce massive data collections, the utilization of imaging processing techniques and their applications for regional and global resources management and environmental studies are described. Interoperability and interconnectivity among heterogeneous computer systems are major issues in designing a totally integrated, multimedia-based, information resources management system that operates in a networking environment. Discussions of the future technology trends are focused on a number of emerging information management technologies and communications standards which will aid in achieving seamless system integration and offer user-friendly operations. It can be foreseen that advances in computer and communications technologies, increasingly sophisticated image processing techniques and Geographical Information Systems (GIS), and the development of globally comprehensive data bases will bring global visualization'' onto multimedia desktop computers before the end of this decade.

Campbell, A.P.; Wang, Hua.

1992-01-01T23:59:59.000Z

123

Information technologies for global resources management and environmental assessment  

SciTech Connect

Recent advances in computer and communications technologies offer unprecedented opportunities to develop sophisticated information resources management systems for global resources management and environment assessment in an efficient, effective, and systematic manner. In this paper, the emerging global energy and environmental issues are identified. Since satellite-based remote sensing systems are becoming increasingly available and produce massive data collections, the utilization of imaging processing techniques and their applications for regional and global resources management and environmental studies are described. Interoperability and interconnectivity among heterogeneous computer systems are major issues in designing a totally integrated, multimedia-based, information resources management system that operates in a networking environment. Discussions of the future technology trends are focused on a number of emerging information management technologies and communications standards which will aid in achieving seamless system integration and offer user-friendly operations. It can be foreseen that advances in computer and communications technologies, increasingly sophisticated image processing techniques and Geographical Information Systems (GIS), and the development of globally comprehensive data bases will bring ``global visualization`` onto multimedia desktop computers before the end of this decade.

Campbell, A.P.; Wang, Hua

1992-09-01T23:59:59.000Z

124

V-036: EMC Smarts Network Configuration Manager Database Authentication  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: EMC Smarts Network Configuration Manager Database 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: EMC Identifier: ESA-2012-057 Secunia Advisory SA51408 SecurityTracker Alert ID: 1027812 CVE-2012-4614 CVE-2012-4615 IMPACT ASSESSMENT: Medium DISCUSSION: The systems uses a hard-coded key to encrypt authentication credentials on the target system [CVE-2012-4615]. A local user with knowledge of the key

125

U-116: IBM Tivoli Provisioning Manager Express for Software Distribution  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IBM Tivoli Provisioning Manager Express for Software 6: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities March 5, 2012 - 7:00am Addthis PROBLEM: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities PLATFORM: IBM Tivoli Provisioning Manager Express for Software Distribution 4.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system. reference LINKS: Secunia Advisory SA48216 CVE-2012-0198 CVE-2012-0199 IMPACT ASSESSMENT: High Discussion: Certain input passed via "Printer.getPrinterAgentKey" to the SoapServlet

126

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

127

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

128

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

National Nuclear Security Administration (NNSA)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

129

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

NLE Websites -- All DOE Office Websites (Extended Search)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

130

The Laws of Vulnerabilities: Which security vulnerabilities really matter?  

Science Journals Connector (OSTI)

New security vulnerabilities are discovered on a daily basis. With each new announcement, the same questions arise. How significant is this vulnerability? How prevalent? How easy is it to exploit? Due to a lack of global vulnerability data, answers are ...

Gerhard Eschelbeck

2005-01-01T23:59:59.000Z

131

Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Performing Energy Security Assessments - Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers ii Contents EXECUTIVE SUMMARY ........................................................................................................ v 1. INTRODUCTION ............................................................................................................... 1 1.1 Facilities to be Assessed...........................................................................................................................1 2. BEGINNING THE ENERGY SECURITY ASSESSMENT PROCESS ............................... 2 2.1 Assign an Energy Security Manager .........................................................................................................2 2.2 Define the Mission of the Installation

132

Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers  

NLE Websites -- All DOE Office Websites (Extended Search)

Performing Energy Security Assessments - Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers ii Contents EXECUTIVE SUMMARY ........................................................................................................ v 1. INTRODUCTION ............................................................................................................... 1 1.1 Facilities to be Assessed...........................................................................................................................1 2. BEGINNING THE ENERGY SECURITY ASSESSMENT PROCESS ............................... 2 2.1 Assign an Energy Security Manager .........................................................................................................2 2.2 Define the Mission of the Installation

133

Assessment of LANL solid low-level waste management documentation  

SciTech Connect

DOE Order 5820.2A requires that a system performance assessment be conducted to assure efficient and compliant management of all radioactive waste. The objective of this report is to determine the present status of the Radioactive Waste Operations Section's capabilities regarding preparation and maintenance of appropriate criteria, plans and procedures and identify particular areas where these documents are not presently in existence or being fully implemented. DOE Order 5820.2A, Radioactive Waste Management, Chapter III sets forth the requirements and guidelines for preparation and implementation of criteria, plans and procedures to be utilized in the management of solid low-level waste. The documents being assessed in this report are: Solid Low-Level Waste Acceptance Criteria, Solid Low-Level Waste Characterization Plan, Solid Low-Level Waste Certification Plan, Solid Low-Level Waste Acceptance Procedures, Solid Low-Level Waste Characterization Procedures, Solid Low-Level Waste Certification Procedures, Solid Low-Level Waste Training Procedures, and Solid Low-Level Waste Recordkeeping Procedures. Suggested outlines for these documents are presented as Appendix A.

Klein, R.B.; Jennrich, E.A.; Lund, D.M.; Danna, J.G. (Rogers and Associates Engineering Corp., Salt Lake City, UT (United States)); Davis, K.D.; Rutz, A.C. (Wastren, Inc., Idaho Falls, ID (United States))

1991-04-01T23:59:59.000Z

134

Assessment of LANL solid low-level waste management documentation  

SciTech Connect

DOE Order 5820.2A requires that a system performance assessment be conducted to assure efficient and compliant management of all radioactive waste. The objective of this report is to determine the present status of the Radioactive Waste Operations Section`s capabilities regarding preparation and maintenance of appropriate criteria, plans and procedures and identify particular areas where these documents are not presently in existence or being fully implemented. DOE Order 5820.2A, Radioactive Waste Management, Chapter III sets forth the requirements and guidelines for preparation and implementation of criteria, plans and procedures to be utilized in the management of solid low-level waste. The documents being assessed in this report are: Solid Low-Level Waste Acceptance Criteria, Solid Low-Level Waste Characterization Plan, Solid Low-Level Waste Certification Plan, Solid Low-Level Waste Acceptance Procedures, Solid Low-Level Waste Characterization Procedures, Solid Low-Level Waste Certification Procedures, Solid Low-Level Waste Training Procedures, and Solid Low-Level Waste Recordkeeping Procedures. Suggested outlines for these documents are presented as Appendix A.

Klein, R.B.; Jennrich, E.A.; Lund, D.M.; Danna, J.G. [Rogers and Associates Engineering Corp., Salt Lake City, UT (United States); Davis, K.D.; Rutz, A.C. [Wastren, Inc., Idaho Falls, ID (United States)

1991-04-01T23:59:59.000Z

135

Are markets for vulnerabilities effective?  

Science Journals Connector (OSTI)

Current reward structures in security vulnerability disclosure may be skewed toward benefitting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer incentives to responsible ... Keywords: information security, information technology policy, vulnerability disclosure

Sam Ransbotham; Sabyaschi Mitra; Jon Ramsey

2012-03-01T23:59:59.000Z

136

Enforcement Guidance Supplement 01-22, Management and Independent Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

EGS: 01-02 Appendix E- Operational Procedures for Enforcement Department of Energy Washington, DC 20585 December 17, 2001 MEMORANDUM FOR: DOE PAAA COORDINATORS CONTRACTOR PAAA COORDINATORS FROM: R. KEITH CHRISTOPHER DIRECTOR OFFICE OF PRICE-ANDERSON ENFORCEMENT SUBJECT: Enforcement Guidance Supplement 01-02: Management and Independent Assessment Section 1.3 of the Operational Procedures for Enforcement, published in June 1998, provides the opportunity for the Office of Price-Anderson Enforcement (OE) to periodically issue clarifying guidance regarding the processes used in its enforcement activities. OE typically issues such guidance in the form of Enforcement Guidance Supplements (EGSs), which provide information or recommendations only and impose no

137

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

138

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

162: Drupal Multiple Vulnerabilities 162: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

139

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

140

T-540: Sybase EAServer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: Sybase EAServer Multiple Vulnerabilities 40: Sybase EAServer Multiple Vulnerabilities T-540: Sybase EAServer Multiple Vulnerabilities January 24, 2011 - 6:16am Addthis PROBLEM: Sybase EAServer Multiple Vulnerabilities PLATFORM: Sybase EAServer versions 6.3 and prior ABSTRACT: Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information. Sybase EAServer versions 6.3 and prior are affected. reference LINKS: Bugtraq ID: 45809 SyBase Advisory IMPACT ASSESSMENT: Medium Discussion: Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

142

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

143

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

62: Drupal Multiple Vulnerabilities 62: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

144

T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities 6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities March 14, 2011 - 3:05pm Addthis PROBLEM: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. PLATFORM: Sun Solaris 10 ABSTRACT: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. reference LINKS: Secunia Advisory: SA43747 Oracle Sun Advisory: CVE Multiple Vulnerabilities in Adobe Flash Player Secure List: SA43747 Oracle Sun Support Adobe Flash Player for Linux and Solaris IMPACT ASSESSMENT: High Discussion: Oracle has acknowledged multiple vulnerabilities in Solaris, which can be exploited by malicious people to disclose sensitive information, bypass

145

FLEXIBILITY IN WATER RESOURCES MANAGEMENT: REVIEW OF CONCEPTS AND DEVELOPMENT OF ASSESSMENT MEASURES FOR FLOOD MANAGEMENT SYSTEMS1  

E-Print Network (OSTI)

FLEXIBILITY IN WATER RESOURCES MANAGEMENT: REVIEW OF CONCEPTS AND DEVELOPMENT OF ASSESSMENT around adapting water management systems to climate change often express the need to increase system it means to have a flexible water management system, what features of a system make it more flexible than

Tullos, Desiree

146

Research, assessment and management on the Mascarene Plateau: a large marine ecosystem perspective  

Science Journals Connector (OSTI)

...different sciences, quan...reactive approach to ecosystem management needs to...assessment and management on the Mascarene...marine science, training...ecosystem approach to regional...of Marine Science. Salvat...ecosystem approach to global assessment and management of coastal...

2005-01-01T23:59:59.000Z

147

Assessing Infrastructure Decisions to Manage Water Resources in the Valle de Mxico  

E-Print Network (OSTI)

PORSE E. Assessing Infrastructure Decisions to Manage Water Resources in the Valle de México Erik inherent uncertainty. Such a framework can be used to assess groundwater management and water supply. Keywords Groundwater; water, management; Mexico City; infrastructure INTRODUCTION: GROUNDWATER AND CITIES

Paris-Sud XI, Université de

148

APPENDIX A: Climate Change Vulnerability Literature Review The purpose of this discussion is to review the existing literature surrounding climate change adaptation  

E-Print Network (OSTI)

1 APPENDIX A: Climate Change Vulnerability Literature Review Purpose The purpose of this discussion is to review the existing literature surrounding climate change adaptation and vulnerability with a focus thought surrounding methods for conducting climate change vulnerability assessments. The review

Brownstone, Rob

149

T-614: Cisco Unified Communications Manager Database Security...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis...

150

T-694: IBM Tivoli Federated Identity Manager Products Multiple...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities August 16, 2011 -...

151

V-132: IBM Tivoli System Automation Application Manager Multiple...  

Energy Savers (EERE)

32: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 -...

152

C-340 ST-90 Boxes Solid Waste Management Unit (SWMU) Assessment...  

NLE Websites -- All DOE Office Websites (Extended Search)

40 ST-90 Boxes Solid Waste Management Unit (SWMU) Assessment Report SWMUAOC NUMBER: 568 DATE OF ORIGINAL SAR: 112210 DATE OF SAR REVISIONS: NA REGULATORY STATUS: SWMU LOCATION:...

153

PPPO-02-225-07 Revised Solid Waste Management Unit Assessment...  

NLE Websites -- All DOE Office Websites (Extended Search)

Nitrogen Generating Facilities Solid Waste Management Unit (SWMU) Assessment Report SWMUAOC NUMBER: 483 DATE OF ORIGINAL SAR: 061501 DATE OF SAR REVISION: 061807 REGULATORY...

154

PPPO-02-340-07 Revised Solid Waste Management Unit Assessment...  

NLE Websites -- All DOE Office Websites (Extended Search)

Yard and C-748-B Burial Area Solid Waste Management Unit (SWMU) Assessment Report SWMUAOC NUMBER: 4 DATE OF ORIGINAL SAR: 8241987 DATE OF SAR REVISION: 06182007 REGULATORY...

155

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

156

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

157

Energy vulnerability relationships  

SciTech Connect

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

158

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

159

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

160

U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Bugzilla LDAP Injection and Information Disclosure 1: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities September 5, 2012 - 6:00am Addthis PROBLEM: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: Bugzilla is prone to an LDAP-injection vulnerability and an information-disclosure vulnerability reference LINKS: Bugzilla Homepage Bugzilla Security Advisory Bugtraq ID: 55349 Secunia Advisory SA50433 CVE-2012-3981 CVE-2012-4747 IMPACT ASSESSMENT: Medium Discussion: A vulnerability and a security issue have been reported, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

V-062: Asterisk Two Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Asterisk Two Denial of Service Vulnerabilities 2: Asterisk Two Denial of Service Vulnerabilities V-062: Asterisk Two Denial of Service Vulnerabilities January 4, 2013 - 6:00am Addthis PROBLEM: Asterisk Two Denial of Service Vulnerabilities PLATFORM: The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x. ABSTRACT: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA51689 Asterisk Project Security Advisories CVE-2012-5976 CVE-2012-5977 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via

162

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

163

U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities 6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities December 22, 2011 - 6:30am Addthis PROBLEM: Mozilla Firefox / Thunderbird Multiple Vulnerabilities . PLATFORM: Mozilla Firefox 8.x and Mozilla Thunderbird 8.x ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. reference LINKS: Advisory 2011-53 Advisory 2011-54 Advisory 2011-55 Advisory 2011-56 Advisory 2011-57 Advisory 2011-58 Secunia Advisory: SA47302 IMPACT ASSESSMENT: High Discussion: Vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further

164

U-104: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Flash Player Multiple Vulnerabilities 4: Adobe Flash Player Multiple Vulnerabilities U-104: Adobe Flash Player Multiple Vulnerabilities February 16, 2012 - 6:30am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. reference LINKS: Adobe Security Bulletin Secunia Advisory 48033 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Adobe Flash Player, which

165

U-246: Tigase XMPP Dialback Protection Bypass Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Tigase XMPP Dialback Protection Bypass Vulnerability 6: Tigase XMPP Dialback Protection Bypass Vulnerability U-246: Tigase XMPP Dialback Protection Bypass Vulnerability August 28, 2012 - 7:00am Addthis PROBLEM: Tigase XMPP Dialback Protection Bypass Vulnerability PLATFORM: Tigase 5.x ABSTRACT: A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. reference LINKS: XMPP Standards Foundation Secunia Advisory SA50362 tigase.org CVE-2012-4670 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.

166

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Multiple Vulnerabilities 4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system. PLATFORM: Google Chrome 28.x ABSTRACT: The vulnerabilities are reported in versions prior to 29.0.1547.57 REFERENCE LINKS: Secunia Advisory ID: 1028921 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose

167

T-730: Vulnerability in Citrix Provisioning Services could result in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

730: Vulnerability in Citrix Provisioning Services could result 730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution September 29, 2011 - 8:30am Addthis PROBLEM: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution. PLATFORM: This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6 Service Pack 1. ABSTRACT: Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. reference LINKS: Citrix Document ID: CTX130846 Security Focus: Bugtraq ID 49803 IMPACT ASSESSMENT:

168

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Multiple Vulnerabilities 8: Google Chrome Multiple Vulnerabilities V-208: Google Chrome Multiple Vulnerabilities August 1, 2013 - 2:32am Addthis PROBLEM: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. PLATFORM: Google Chrome 28.x ABSTRACT: Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54325 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to

169

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

170

U-249: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

49: Google Chrome Multiple Vulnerabilities 49: Google Chrome Multiple Vulnerabilities U-249: Google Chrome Multiple Vulnerabilities August 31, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome 21.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome. reference LINKS: Secunia Advisory SA50447 Stable Channel Update CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An out-of-bounds read error exists when handling line breaks. 2) A bad cast error exists within run-ins.

171

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

172

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Access Gateway Unspecified Security Bypass 6: Citrix Access Gateway Unspecified Security Bypass Vulnerability V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway PLATFORM: Standard Edition 5.0.x prior to 5.0.4.223524. Versions 4.5.x and 4.6.x are not affected by this vulnerability ABSTRACT: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA52479 Security Tracker Alert ID 1028255 com/id/1028255 CVE-2013-2263 Citrix Knowledge Center IMPACT ASSESSMENT: High DISCUSSION: The vulnerability could allow an unauthenticated user to gain access to network resources. IMPACT:

173

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Mozilla Firefox Multiple Vulnerabilities 4: Mozilla Firefox Multiple Vulnerabilities V-214: Mozilla Firefox Multiple Vulnerabilities August 8, 2013 - 2:16am Addthis PROBLEM: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. PLATFORM: Mozilla Firefox 22.x ABSTRACT: The vulnerabilities are reported in versions prior to 23.0. REFERENCE LINKS: Secunia Advisory SA54418 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can

174

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

175

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

176

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

177

V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability 3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability April 1, 2013 - 1:26am Addthis PROBLEM: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability PLATFORM: VMware ESX Server 4.x VMware ESXi 4.x VMware ESXi 5.x ABSTRACT: A vulnerability has been reported in VMware ESX and ESXi REFERENCE LINKS: VMware ESXi security update Secunia Advisory SA52844 CVE-2012-5134 IMPACT ASSESSMENT: High DISCUSSION: The ESXi userworld libxml2 library has been updated to resolve a security issue IMPACT: VMware ESX and ESXi can be exploited by malicious people to compromise a vulnerable system SOLUTION: The vendor has issued a fix, VMware ESXi 5.0, Patch Release ESXi500-201303001 (2044373) Addthis Related Articles U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets

178

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Multiple Vulnerabilities 1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: versions prior to 26.0.1410.43. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Secunia Advisory SA52761 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. IMPACT: 1) A use-after-free error exists in Web Audio.

179

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Vulnerabilities 5: Google Chrome Multiple Vulnerabilities V-105: Google Chrome Multiple Vulnerabilities March 6, 2013 - 12:09am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome prior to 25.0.1364.152. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA52454 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities in Google Chrome may have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in frame loader. 2) A use-after-free error exists in browser navigation handling.

180

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Unified Customer Voice Portal (CVP) Multiple 2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT: Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. REFERENCE LINKS: Secunia Advisory SA53306 Cisco Advisory ID cisco-sa-20130508-cvp Cisco Applied Mitigation Bulletin CVE-2013-1220 CVE-2013-1221 CVE-2013-1222 CVE-2013-1223 CVE-2013-1224 CVE-2013-1225 IMPACT ASSESSMENT: Medium DISCUSSION:

182

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

183

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

184

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Data Studio Web Console Java Multiple Vulnerabilities 8: IBM Data Studio Web Console Java Multiple Vulnerabilities V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities June 14, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE REFERENCE LINKS: Secunia Advisory SA53778 IBM Flash Alert 1640533 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: High DISCUSSION: An unspecified vulnerability within the JSSE component could allow: 1) A remote attacker to cause a denial of service 2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of

185

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Informix Genero libpng Integer Overflow Vulnerability 4: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT ASSESSMENT: Medium DISCUSSION: The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix

186

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

187

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

188

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google Picasa BMP and TIFF Images Processing Vulnerabilities 6: Google Picasa BMP and TIFF Images Processing Vulnerabilities V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities March 21, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been discovered in Google Picasa PLATFORM: Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac ABSTRACT: Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA51652 Picasa Release Notes IMPACT ASSESSMENT: High DISCUSSION: 1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field. 2) The application bundles a vulnerable version of LibTIFF.

189

Adaptive capacity and its assessment  

SciTech Connect

This paper reviews the concept of adaptive capacity and various approaches to assessing it, particularly with respect to climate variability and change. I find that adaptive capacity is a relatively under-researched topic within the sustainability science and global change communities, particularly since it is uniquely positioned to improve linkages between vulnerability and resilience research. I identify opportunities for advancing the measurement and characterization of adaptive capacity by combining insights from both vulnerability and resilience frameworks, and I suggest several assessment approaches for possible future development that draw from both frameworks and focus on analyzing the governance, institutions, and management that have helped foster adaptive capacity in light of recent climatic events.

Engle, Nathan L.

2011-04-20T23:59:59.000Z

190

Assessment of Brine Management for Geologic Carbon Sequestration  

E-Print Network (OSTI)

brine management or extracted water management infrastructure or where nearby fresh water resources need to be carefully monitored for later contamination.

Breunig, Hanna M.

2014-01-01T23:59:59.000Z

191

Integrated Safeguards and Security Management Self-Assessment 2004  

E-Print Network (OSTI)

provided. Appendix A. Safeguards and Security Plan AppendixLBNL/PUB-3183 Integrated Safeguards and Security Management76SF00098. Integrated Safeguards and Security Management

Lunford, Dan; Ramsey, Dwayne

2005-01-01T23:59:59.000Z

192

Environmental Assessment for the Proposed Los Alamos National Laboratory Trails Management Program, Los Alamos, New Mexico  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

31 31 Environmental Assessment for the Proposed Los Alamos National Laboratory Trails Management Program, Los Alamos, New Mexico September 2, 2003 Department of Energy National Nuclear Security Administration Los Alamos Site Office Environmental Assessment for the Proposed LANL Trails Management Program DOE LASO September 2, 2003 iii Contents Acronyms and Terms................................................................................................................................vii Executive Summary ...................................................................................................................................ix 1.0 Purpose and Need ..............................................................................................................................1

193

Stakeholder Benefit Assessment Project Success through Management of Stakeholders  

Science Journals Connector (OSTI)

Abstract This paper discusses how a project should deal with its internal and external stakeholders who are associated with determining the project's objectives and uncertainty issues. Our experiences during 15 years of uncertainty assessment in many different sectors show that stakeholders are subjective and influenced by the objectives or effects of the project more than expected. This paper focuses on the relationship between the stakeholders and opportunities. We conclude that projects to a little extent find opportunities because risk and opportunities processes not are separated. From our point of view, projects can find and exploit opportunities and benefits to a greater extend if they use a defined opportunity management process. This paper has four parts. Firstly, rationality and methodology are presented. The method that we adopt is of qualitative nature. In the second part, relevant theories are described. Part three presents our ideas about the connection between stakeholders and uncertainty. And finally, conclusion and a description of further research wind up the whole discussion.

Agnar Johansen; Petter Eik-Andresen; Anandasivakumar Ekambaram

2014-01-01T23:59:59.000Z

194

Chemical-Terrorism Vulnerability Information Guidance Document January 7, 2011  

E-Print Network (OSTI)

.215; Not currently applicable (2) Site Security Plans under §27.225; Not currently applicable (3) Documents relating to the Department's review and approval of Security Vulnerability Assessments and Site Security Plans, including

Pawlowski, Wojtek

195

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: Mac RealPlayer Multiple Vulnerabilities 42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

196

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mac RealPlayer Multiple Vulnerabilities 2: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

197

Office of Emergency Management Assessments | Department of Energy  

Office of Environmental Management (EM)

requiring a quantitative Emergency Planning Hazards Assessment. Works closely with other IEA offices and DOE line organizations to schedule and undertake assessments. Evaluates...

198

U-100: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Vulnerabilities 0: Google Chrome Multiple Vulnerabilities U-100: Google Chrome Multiple Vulnerabilities February 10, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. PLATFORM: Google Chrome 16.x ABSTRACT: A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Reference LINKS: Google Announcements and Release Channel Secunia Advisory SA47938 Security Tracker ID 1026654 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some

199

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

200

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Drupal Secure Password Hashes Module Security Bypass 74: Drupal Secure Password Hashes Module Security Bypass Vulnerability T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability July 22, 2011 - 3:00pm Addthis PROBLEM: Drupal Secure Password Hashes Module Security Bypass Vulnerability PLATFORM: Drupal Secure Password Hashes 6.X-1.0 Drupal Secure Password Hashes 5.X-1.4 ABSTRACT: The Secure Password Hashes module for Drupal is prone to a security-bypass vulnerability. reference LINKS: Drupal Homepage SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities IMPACT ASSESSMENT: Medium Discussion: This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the {users} database column but does not replace the pass attribute of the account

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Security AppScan Enterprise Multiple Vulnerabilities 9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security AppScan Enterprise Multiple Vulnerabilities PLATFORM: IBM Rational AppScan 5.x IBM Rational AppScan 8.x ABSTRACT: IBM has acknowledged multiple vulnerabilities REFERENCE LINKS: IBM Reference #:1626264 Secunia Advisory SA52764 CVE-2008-4033 CVE-2012-4431 CVE-2012-5081 CVE-2013-0473 CVE-2013-0474 CVE-2013-0510 CVE-2013-0511 CVE-2013-0512 CVE-2013-0513 CVE-2013-0532 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a

202

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Multiple vulnerabilities have been reported in Puppet 1: Multiple vulnerabilities have been reported in Puppet V-111: Multiple vulnerabilities have been reported in Puppet March 14, 2013 - 12:12am Addthis PROBLEM: Multiple vulnerabilities have been reported in Puppet PLATFORM: Puppet 2.x Puppet 3.x Puppet Enterprise 1.x Puppet Enterprise 2.x ABSTRACT: Puppet Multiple Vulnerabilities REFERENCE LINKS: Puppet Blog Secunia Advisory SA52596 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request. 2) An input validation error exists in the application and can be exploited

203

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

204

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Lotus Domino Multiple Vulnerabilities 8: IBM Lotus Domino Multiple Vulnerabilities V-118: IBM Lotus Domino Multiple Vulnerabilities March 25, 2013 - 12:40am Addthis PROBLEM: IBM Lotus Domino Multiple Vulnerabilities PLATFORM: IBM Domino 8.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Lotus Domino REFERENCE LINKS: IBM Reference #:1627597 Secunia Advisory SA52753 CVE-2012-6277 CVE-2013-0486 CVE-2013-0487 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access. Successful exploitation may require certain knowledge of Domino server configuration. 2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

205

T-625: Opera Frameset Handling Memory Corruption Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Opera Frameset Handling Memory Corruption Vulnerability 5: Opera Frameset Handling Memory Corruption Vulnerability T-625: Opera Frameset Handling Memory Corruption Vulnerability May 18, 2011 - 3:05pm Addthis PROBLEM: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. PLATFORM: Opera versions prior to 11.11 ABSTRACT: The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page. reference LINKS: Secunia Advisory: SA44611 Opera Knowledge Base Opera 11.11 for Windows Opera Download Opera Mobile IMPACT ASSESSMENT: High Discussion: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a

206

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

207

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

208

An Economic, Hydrologic, and Environmental Assessment of Water Management Alternative Plans for the South Central Texas Region*1  

E-Print Network (OSTI)

An Economic, Hydrologic, and Environmental Assessment of Water Management Alternative Plans. The economic, hydrologic, and environmental consequences of the "best" choice of regional water management plan, and water management plans. #12;3 An Economic, Hydrologic, and Environmental Assessment of Water Management

McCarl, Bruce A.

209

Imagining flood futures: risk assessment and management in practice  

Science Journals Connector (OSTI)

...consequences. risk management|risk analysis|flooding|simulacra...we have come to deem as more acceptable than others in predicting the...how do they become deemed as acceptable and, crucially, what effect...science, public policy and risk management in order to make...

2011-01-01T23:59:59.000Z

210

Senior Technical Safety Manager Qualification Program Self-Assessment- Chief of Nuclear Safety  

Energy.gov (U.S. Department of Energy (DOE))

This Chief of Nuclear Safety (CNS) Report was prepared to summarize the results of the July 2013 CNS self-assessment of the Senior Technical Safety Manager Qualification Program.

211

Environmental management assessment of the Waste Isolation Pilot Plant (WIPP), Carlsbad, New Mexico  

SciTech Connect

This document contains the results of the Environmental Management Assessment of the Waste Isolation Pilot Plant (WIPP). This Assessment was conducted by EH-24 from July 19 through July 30, 1993 to advise the Secretary of Energy of the adequacy of management systems established at WIPP to ensure the protection of the environment and compliance with Federal, state, and DOE environmental requirements. The mission of WIPP is to demonstrate the safe disposal of transuranic (TRU) waste. During this assessment, activities and records were reviewed and interviews were conducted with personnel from the management and operating contractors. This assessment revealed that WIPP`s environmental safety and health programs are satisfactory, and that all levels of the Waste Isolation Division (WID) management and staff consistently exhibit a high level of commitment to achieve environmental excellence.

Not Available

1993-07-01T23:59:59.000Z

212

Fiscal Year 2007 Civilian Radioactive Waste Management Fee Adequacy Assessment Report  

Energy.gov (U.S. Department of Energy (DOE))

U.S. Department of Energy Office of Civilian Radioactive Waste Management Fee Adequacy Assessment Report is to present an analysis of the adequacy of the fee being paid by nuclear power utilities...

213

Idaho National Engineering and Environmental Laboratory Wildland Fire Management Environmental Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72 72 April 2003 IDAHO NATIONAL ENGINEERING AND ENVIRONMENTAL LABORATORY WILDLAND FIRE MANAGEMENT ENVIRONMENTAL ASSESSMENT iii CONTENTS ACRONYMS.................................................................................................................................. v 1. INTRODUCTION ................................................................................................................... 1 1.1. Purpose and Need ......................................................................................................................... 1 1.2. Background................................................................................................................................... 1 1.3. Related Actions ............................................................................................................................

214

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

215

U-234: Oracle MySQL User Login Security Bypass Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

234: Oracle MySQL User Login Security Bypass Vulnerability 234: Oracle MySQL User Login Security Bypass Vulnerability U-234: Oracle MySQL User Login Security Bypass Vulnerability August 14, 2012 - 7:00am Addthis PROBLEM: Oracle MySQL User Login Security Bypass Vulnerability PLATFORM: Version(s): prior to 5.1.63 and 5.5.25 are vulnerable. ABSTRACT: Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions. REFERENCE LINKS: http://www.securityfocus.com/bid/53911/discuss CVE-2012-2122 IMPACT ASSESSMENT: Medium Discussion: Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in

216

U-158: HP NonStop Server Java Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP NonStop Server Java Multiple Vulnerabilities 8: HP NonStop Server Java Multiple Vulnerabilities U-158: HP NonStop Server Java Multiple Vulnerabilities April 30, 2012 - 7:00am Addthis PROBLEM: HP NonStop Server Java Multiple Vulnerabilities PLATFORM: HP NonStop Server 6.x ABSTRACT: Multiple vulnerabilities have been reported in HP NonStop Server Reference links: Secunia Advisory SA48977 CVE-2011-3547 CVE-2011-3551 CVE-2011-3553 IMPACT ASSESSMENT: High Discussion: HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact: Successful exploitation of this vulnerability may allow remote manipulation

217

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

218

Using an energy index to assess the effectiveness and potential of energy management programs  

SciTech Connect

A technique is presented for using an energy index to monitor a building's energy management program. A target Energy Utilizaiton Index (EUI) is computed, and this target is compared with current energy usage to assess the progress of energy conservation efforts. The method is relatively easy for the engineer to implement, and the information is in a form that provides the building operator with a quick assessment of the energy management program.

Steele, W.G.; Hodge, B.K.

1987-06-01T23:59:59.000Z

219

Automation to Support Risk Assessment and Management at DHS  

Science Journals Connector (OSTI)

DHS is pursuing a portfolio of research and development projects known as the Threat Assessment Portfolio, conducting a range of cross-cutting analytic automation research to address...

Dennis, Stephen

220

Incentives in Water Management Reform: Assessing the Effect on Water Use,  

NLE Websites -- All DOE Office Websites (Extended Search)

Incentives in Water Management Reform: Assessing the Effect on Water Use, Incentives in Water Management Reform: Assessing the Effect on Water Use, Production and Poverty in the Yellow River Basin Speaker(s): Jinixia Wang Date: May 22, 2003 - 12:00pm Location: Bldg. 90 The purpose of this presentation is to better understand water management reform in China's rural communities, focusing on the effect of incentives to water managers on the nation's water resources and the welfare of the rural population. Based on a survey study in the Yellow River Basin, our findings show that Water User Associations and contracting have begun to systematically replace traditional forms of collective management. The analysis demonstrates, however, that it is not a nominal implementation of the reform that matters, but rather it is a creation of new management

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

Environmental management assessment of the National Institute for Petroleum and Energy Research  

SciTech Connect

This report documents the results of the environmental management assessment of the National Institute for Petroleum and Energy Research (NIPER), located in Bartlesville, Oklahoma. The assessment was conducted August 15-26, 1994, by the DOE Office of Environmental Audit (EH-24), located within the Office of Environment, Safety and Health. The assessment included reviews of documents and reports, as well as inspections and observations of selected facilities and operations. Further, the team conducted interviews with management and staff from the Bartlesville Project Office (BPO), the Office of Fossil Energy (FE), the Pittsburgh Energy Technology Center (PETC), state and local regulatory agencies, and BDM Oklahoma (BDM-OK), which is the management and operating (M&O) contractor for NIPER. Because of the transition from a cooperative agreement to an M&O contract in January 1994, the scope of the assessment was to evaluate (1) the effectiveness of BDM-OK management systems being developed and BPO systems in place and under development to address environmental requirements; (2) the status of compliance with DOE Orders, guidance, and directives; and (3) conformance with accepted industry management practices. An environmental management assessment was deemed appropriate at this time in order to identify any systems modifications that would provide enhanced effectiveness of the management systems currently under development.

NONE

1994-08-01T23:59:59.000Z

222

Organizational Assessment Of Integrating CAD And Product Data Management Tools In The Furniture Industry  

E-Print Network (OSTI)

Organizational Assessment Of Integrating CAD And Product Data Management Tools In The Furniture Industry Furniture Manufacturing and Management Center Technical Report 1996-1997 Eric N. Wiebe Jennifer J) organizational structure, 3) power distribution, and 4) user communication patterns. The technology

223

A Framework for Assessing Collaborative Capacity in Community-Based Public Forest Management  

E-Print Network (OSTI)

Increasingly, agency managers and local stakeholders are utilizing collaborative approaches to address publicA Framework for Assessing Collaborative Capacity in Community-Based Public Forest Management Antony Science+Business Media, LLC 2011 Abstract Community-based collaborative groups involved in public natural

224

QUANTITATIVE MICROBIAL RISK ASSESSMENT OF ORGANIC WASTE MANAGEMENT PRACTICES IN A PERI-URBAN COMMUNITY  

E-Print Network (OSTI)

in dose-response assessment in QMRA. The risks were significantly higher than the acceptable risk level defined by USEPA and WHO for drinking water, which was used as a guideline acceptable risk in this studyi QUANTITATIVE MICROBIAL RISK ASSESSMENT OF ORGANIC WASTE MANAGEMENT PRACTICES IN A PERI

Richner, Heinz

225

Configuration Management Assessment Plan - Developed By NNSA/Nevada Site Office Independent Oversight Division  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Configuration Management Configuration Management Assessment Plan NNSA/Nevada Site Office Independent Oversight Division Performance Objective: The objective of this assessment is to determine whether a Configuration Management Program (CM) is in place which allows for the availability and retrievability of accurate information, improves response to design and operational decisions, enhances worker safety, increases facility safety and reliability, increases efficiency of work efforts, and helps maintain integrity of interfacing orders. Criteria: The CM program supports DOE program implementation through the following: It provides the mechanisms for identifying, cataloging, and maintaining the design requirements and design basis (established to satisfy DOE O 420.1 Facility Safety).

226

V-122: IBM Tivoli Application Dependency Discovery Manager Java...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities March 29, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli...

227

Tools to manage and assess scholarship: altmetrics and Creative Commons  

E-Print Network (OSTI)

://chronicle.com/article/ResearchersScientific/139337/ ? Peter Binfield, "Article Level Metrics," SPARC Webcast (April 12, 2012), http://www.sparc.arl.org/media/Binfield_Webcast_Article_Level_Metrics.shtml ? Bulletin of the Association for Information Science and Technology, Special Section....pdf ? San Francisco Declaration on Research Assessment: Putting science into the assessment of research (December 2012), http://am.ascb.org/dora/files/SFDeclarationFINAL.pdf ? Greg Tananbaum, Article-Level Metrics: A SPARC Primer (April 2013...

Potvin, Sarah

2014-07-23T23:59:59.000Z

228

A framework for the assessment of severe accident management strategies  

SciTech Connect

Severe accident management can be defined as the use of existing and/or altemative resources, systems and actors to prevent or mitigate a core-melt accident. For each accident sequence and each combination of severe accident management strategies, there may be several options available to the operator, and each involves phenomenological and operational considerations regarding uncertainty. Operational uncertainties include operator, system and instrumentation behavior during an accident. A framework based on decision trees and influence diagrams has been developed which incorporates such criteria as feasibility, effectiveness, and adverse effects, for evaluating potential severe accident management strategies. The framework is also capable of propagating both data and model uncertainty. It is applied to several potential strategies including PWR cavity flooding, BWR drywell flooding, PWR depressurization and PWR feed and bleed.

Kastenberg, W.E. [ed.; Apostolakis, G.; Dhir, V.K. [California Univ., Los Angeles, CA (United States). Dept. of Mechanical, Aerospace and Nuclear Engineering] [and others

1993-09-01T23:59:59.000Z

229

Los Alamos Site Office Nuclear Maintenance Management Program Oversight Self-Assessment, April 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

11-18 11-18 Site: Los Alamos National Laboratory Subject: Office of Enforcement and Oversight's Office of Safety and Emergency Management Evaluations Activity Report for the Los Alamos Site Office Nuclear Maintenance Management Program Oversight Self-Assessment Dates of Activity : 11/14/2011 - 11/18/2011 Report Preparer: Tim Martin Activity Description/Purpose: This activity report documents the results of the U.S. Department of Energy (DOE) Office of Health, Safety and Security (HSS) review of the Los Alamos Site Office (LASO) self-assessment of LASO's Nuclear Maintenance Management Program (NMMP) oversight program and activities. This self-assessment was led by the DOE LASO Facility Operations/Safety Engineering Team's (FO/SET) Nuclear Facility Maintenance Manager and was

230

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager i Input Validation Hole Permits 4: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

231

V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: Cisco Prime Data Center Network Manager JBoss RMI Services 14: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands November 1, 2012 - 6:00am Addthis PROBLEM: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands PLATFORM: All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability. ABSTRACT: A vulnerability was reported in Cisco Prime Data Center Network Manager. REFERENCE LINKS: Cisco Advisory ID: cisco-sa-20121031-dcnm SecurityTracker Alert ID: 1027712 CVE-2012-5417 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability exists because JBoss Application Server Remote Method

232

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

204: HP Network Node Manager i Input Validation Hole Permits 204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

233

EIS-0220: Interim Management of Nuclear Materials at the Savannah River Site  

Energy.gov (U.S. Department of Energy (DOE))

This environmental impact statement assesses the potential environmental impacts of actions necessary to manage nuclear materials at the Savannah River Site (SRS) in Aiken, South Carolina, until decisions on their ultimate disposition are made and implemented. The Department of Energy has decided to initiate actions which will stabilize certain of the SRS materials that represent environment, safety and health vulnerabilities in their current storage condition or which may represent a vulnerability within the next 10 years.

234

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

97: Cisco Adaptive Security Appliances Denial of Service 97: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device. reference LINKS: Vendor Advisory Secunia ID 49647 CVE-2012-3058 IMPACT ASSESSMENT: High Discussion: Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco

235

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot. 2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check

236

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

237

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability 7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability July 11, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Adobe ColdFusion PLATFORM: The vulnerability is reported in version 10 for Windows, Macintosh, and Linux ABSTRACT: The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets REFERENCE LINKS: Secunia Advisory SA54024 Adobe Security Bulletin APSB13-19 Stackoverflow.com CVE-2013-3350 IMPACT ASSESSMENT: High DISCUSSION: The hotfix resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets IMPACT: Security Bypass

238

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities 3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities January 26, 2011 - 7:35am Addthis PROBLEM: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. PLATFORM: Wireshark 0.8.20 through 1.2.8. ABSTRACT: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application. reference LINKS: Securityfocus IMPACT ASSESSMENT: Medium Discussion: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.Exploiting these issues may allow attackers to crash the

239

U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability 18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability July 23, 2012 - 6:49am Addthis PROBLEM: Cisco Linksys WMB54G TFTP Command Injection Vulnerability PLATFORM: Cisco Linksys WMB54G 1.x ABSTRACT: System access from local network reference LINKS: Bugtraq ID: 54615 Original Advisory Secunia Advisory SA49868 Cisco Advisory ID: cisco-sa-20111019-cs IMPACT ASSESSMENT: Medium Discussion: A vulnerability in Cisco Linksys WMB54G was reported, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to missing input validation in the TFTP service when running the firmware update functionality and can be exploited to inject and execute arbitrary shell commands. Additionally, it may be

240

U-099: MySQL Unspecified Code Execution Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

099: MySQL Unspecified Code Execution Vulnerability 099: MySQL Unspecified Code Execution Vulnerability U-099: MySQL Unspecified Code Execution Vulnerability February 9, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a vulnerable system. PLATFORM: MySQL 5.x ABSTRACT: Successful exploitation allows execution of arbitrary code. Reference LINKS: Secunia Advisory SA47894 No CVE references currently available. IMPACT ASSESSMENT: Medium Discussion: The vulnerability is reported in version 5.5.20. Other versions may also be affected. The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb on Debian 6.0. Impact: System access from local network Solution: An effective workaround cannot currently be provided due to limited vulnerability details.

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: RealPlayer MP4 Processing Buffer Overflow Vulnerability 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when processing MP4 files and can be exploited to cause a heap-based buffer overflow via a specially crafted MP4 file. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 16.0.1.18. Addthis Related Articles U-042: Mac RealPlayer Multiple Vulnerabilities V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

242

T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google SketchUp v8.x - '.DAE' File Memory Corruption 6: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability September 14, 2011 - 9:28am Addthis PROBLEM: Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. PLATFORM: Google SketchUp 8 is vulnerable; other versions may also be affected. ABSTRACT: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability reference LINKS: Vulnerability-Lab SketchUp Downloads IMPACT ASSESSMENT: Medium Discussion: A Memory Corruption vulnerability is detected on the Google s SketchUp v8.x. The vulnerability is caused by an memory corruption when processing corrupt DAE files through the filter, which could be exploited by attackers

243

V-070: Apache CouchDB Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache CouchDB Multiple Vulnerabilities 0: Apache CouchDB Multiple Vulnerabilities V-070: Apache CouchDB Multiple Vulnerabilities January 16, 2013 - 1:00am Addthis PROBLEM: Apache CouchDB Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.0.4, 1.1.2, and 1.2.1. ABSTRACT: Multiple vulnerabilities have been reported in Apache CouchDB REFERENCE LINKS: Secunia Advisory SA51765 Seclists.org/fulldisclosure/2013/Jan/80 Seclists.org/fulldisclosure/2013/Jan/81 Seclists.org/fulldisclosure/2013/Jan/82 CVE-2012-5641 CVE-2012-5649 CVE-2012-5650 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed via the query parameters to browser-based test suite is not

244

Assessing the Potential for Renewable Energy Development on DOE Legacy Management Lands  

NLE Websites -- All DOE Office Websites (Extended Search)

Legacy Management Legacy Management DOE/GO-102008-2435 February 2008 Assessing the Potential for Renewable Energy Development on DOE Legacy Management Lands Puerto Rico Alaska Assessing the Potential for Renewable Energy Development on DOE Legacy Management Lands Authors: Doug Dahle, Dennis Elliott, Donna Heimiller, Mark Mehos, Robi Robichaud, Marc Schwartz, Byron Stafford, and Andy Walker Published by National Renewable Energy Laboratory 1617 Cole Boulevard Golden, Colorado 80401-3393 NREL is a U.S. Department of Energy Laboratory Operated by the Midwest Research Institute * Battelle DOE/GO-102008-2435 February 2008 NOTICE This report was prepared as an account of work sponsored by an agency of the United States

245

Assessment of Safety Culture at the U.S. Departmen to Energy Office of Environmental Management Headquarters, November 2012  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Assessment of Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters May 2011 November 2012 Office of Safety and Emergency Management Evaluations Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Independent Oversight Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters Table of Contents 1.0 Introduction........................................................................................................................................... 1 2.0 Scope and Methodology ....................................................................................................................... 2

246

Assessment of Safety Culture at the U.S. Departmen to Energy Office of Environmental Management Headquarters, November 2012  

NLE Websites -- All DOE Office Websites (Extended Search)

Assessment of Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters May 2011 November 2012 Office of Safety and Emergency Management Evaluations Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Independent Oversight Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters Table of Contents 1.0 Introduction........................................................................................................................................... 1 2.0 Scope and Methodology ....................................................................................................................... 2

247

RCRA Assessment Plan for Single-Shell Tank Waste Management Area A-AX at the Hanford Site  

SciTech Connect

This document describes a groundwater assessment plan for the single-shell tank systems in Waste Management Area A-AX at the Hanford Site.

Narbutovskih, Susan M.; Chou, Charissa J.

2006-03-03T23:59:59.000Z

248

U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, 4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information October 4, 2012 - 6:00am Addthis PROBLEM: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information PLATFORM: HP Network Node Manager I (NNMi) v9.20 for HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. reference LINKS: HP Security Bulletin: c03507708 SecurityTracker Alert ID: 1027605 Security Focus: 524302 CVE-2012-3267 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Network Node

249

U-201: HP System Management Homepage Bugs Let Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: HP System Management Homepage Bugs Let Remote Users Deny 1: HP System Management Homepage Bugs Let Remote Users Deny Service U-201: HP System Management Homepage Bugs Let Remote Users Deny Service June 28, 2012 - 7:00am Addthis PROBLEM: A vulnerability was reported in HP System Management Homepage. PLATFORM: Version(s): prior to 7.1.1 ABSTRACT: The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Reference links: Original Advisory Security Tracker ID 1027209 CVE-2012-2012, CVE-2012-2013, CVE-2012-2014 CVE-2012-2015, CVE-2012-2016 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP System Management Homepage. A remote authenticated user can gain elevated privileges. A remote authenticated

250

Chief of Nuclear Safety (CNS) Senior Technical Safety Manager (STSM) Qualification Program Self-Assessment Report - August 2013  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Chief of Nuclear Safety (CNS) Chief of Nuclear Safety (CNS) Self-Assessment Report Senior Technical Safety Manager Qualification Program CONTENTS Background ................................................................................................................................ 1 Results ....................................................................................................................................... 1 Assessment Criteria ................................................................................................................... 1 Finding ....................................................................................................................................... 2 Observation ............................................................................................................................... 2

251

MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES,  

E-Print Network (OSTI)

MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES, AND ADAPTATION TO PUBLIC HEALTH RISKS's California Climate Change Center JULY 2012 CEC5002012041 Prepared for: California Energy Commission of California. #12; ii ABSTRACT This study reviewed first available frameworks for climate change adaptation

252

Handbook of the Vulnerable Plaque  

Science Journals Connector (OSTI)

...predominantly a secondary phenomenon; the true culprit in unstable ischemic heart disease is rupture of the underlying vulnerable atherosclerotic plaque. Handbook of the Vulnerable Plaque was edited by two distinguished leaders in interventional cardiology, Patrick Serruys and Ron Waksman. They assembled a who's... Angiographic observations in the early 1980s confirmed that acute coronary thrombosis was the proximate cause of acute myocardial infarction seminal studies that led to revolutionary treatments for the recanalization of occluded vessels. However, during ...

Goldstein J.

2005-06-02T23:59:59.000Z

253

Challenges in assessment, management and development of coalbed methane resources in the Powder River Basin, Wyoming  

SciTech Connect

Coalbed methane development in the Powder River Basin has accelerated rapidly since the mid-1990's. forecasts of coalbed methane (CBM) production and development made during the late 1980's and early 1990's have proven to be distinctly unreliable. Estimates of gas in place and recoverable reserves have also varied widely. This lack of reliable data creates challenges in resource assessment, management and development for public resource management agencies and the CBM operators. These challenges include a variety of complex technical, legal and resource management-related issues. The Bureau of Land Management's Wyoming Reservoir Management Group (WRMG) and US Geological Survey (USGS), with the cooperation and assistance of CBM operators and other interested parties have initiated cooperative studies to address some of these issues. This paper presents results of those studies to date and outlines the agencies' goals and accomplishments expected at the studies' conclusion.

McGarry, D.E.

2000-07-01T23:59:59.000Z

254

GUNNISON BASIN CLIMATE CHANGE VULNERABILITY ASSESSMENT  

E-Print Network (OSTI)

Climate change is already changing ecosystems and affecting people in the southwestern United States, as well as ecosystem services, e.g., water supply. The climate of the Gunnison Basin, Colorado Fish and Wildlife Service, US Forest Service, Upper Gunnison River Water Conservancy District, Western

Neff, Jason

255

Assessment and management of roof fall risks in underground coal mines  

Science Journals Connector (OSTI)

Accidents caused by roof falls are commonly faced problems of underground coal mines. These accidents may have detrimental effects on workers in the form of injury, disability or fatality as well as mining company due to downtimes, interruptions in the mining operations, equipment breakdowns, etc. This study proposes a risk and decision analysis methodology for the assessment and management of risk associated with mine roof falls in underground coal mines. In the proposed methodology, risk assessment requires the determination of probabilities, possible consequences and cost of consequences. Then the risk is managed by the application of decision-making principles. The probabilities are determined by the analysis of 1141 roof fall data from 12 underground mines in the Appalachian region. The consequences are assessed based on the type of injuries observed after roof falls and the place of the mining activity. The cost of consequences is modeled by the so-called relative cost criterion. A decision analysis framework is developed in order to manage the evaluated risk for a single mine. Then this model is extended to a regional model for the management of the roof fall risks in the mines of whole Appalachia. The proposed model is illustrated with an example and it is found to be a powerful technique for coping with uncertainties and the management of roof fall risks.

H.S.B. Duzgun; H.H. Einstein

2004-01-01T23:59:59.000Z

256

Environmental Assessment/Regulatory Impact Review AMENDMENT 45 TO THE FISHERY MANAGEMENT PLAN  

E-Print Network (OSTI)

Environmental Assessment/Regulatory Impact Review FOR AMENDMENT 45 TO THE FISHERY MANAGEMENT PLAN FOR GROUNDFISH OF THE GULF OF ALASKA AND THE ASSOCIATED REGULATORY AMENDMENT TO COMBINE THE THIRD AND FOURTH QUARTERLY POLLOCK ALLOWANCES IN THE WESTERN AND CENTRAL REGULATORY AREAS OF THE GULF OF ALASKA Prepared

257

Clearwater Subbasin Assessment 360 November 2003 9 Resource Synthesis and Definition of Potential Management Units  

E-Print Network (OSTI)

management units. For the purposes of planning at the subbasin scale, and given limitations in data availability and accuracy based on the broad scale nature of this assessment, subjective PMU delineations (Table 66). Due to the large amount of information being synthesized, raw data were often categorized (e

258

Columbia River Gorge Vegetation Management Project Final Environmental Assessment DOE/EA-1162  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

COLUMBIA COLUMBIA RIVER MANAGEMENT PR GORGE OJECT VEGETAT ON Final Environmental Assessment DO E/EA-l 162 BONNEVILLE row,. ..", ",,,,.,,0. W x ? -- -- ------ .- .-- b I . , (, I I I ( t ,1 ,0 , . ,' I , ,- , !" 1 , I I ,; ,, 1 1 I .1 . . COLUMBIA RIVER GORGE VEGETATION MANAGEMENT ENVIRONMENTAL ASSESSMENT (Hanford-Ostrander and North BonnevilI&Midway Transmission Line Rights-of-Way) Table of Contents Page . 2 3 pqose and Need Background hbfic evolvement Swq ' ' Decbions to Be Made PROPOSED A~ON AND ~~RNA~S Mtemative k No Action " Manual, Mechnical, and Biological Metbh - Ntemative W. Proposed Action- htegrated Vegetation Management ~) tih Herbicides Herbici& Meth& -. PhedActions Comparison of Mtematives ~ . . . . . . ti~D E~OW~ ~ E_O_~m .. CONSEQ~N~S Affmd Environment . Environment Consquen~ hti Use Soils Vegetation Water Resources WildlfeResources Air Quali@lGlobal Warning

259

T-703: Cisco Unified Communications Manager Open Query Interface Lets  

NLE Websites -- All DOE Office Websites (Extended Search)

703: Cisco Unified Communications Manager Open Query Interface 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5 ABSTRACT: A remote user can obtain database contents, including authentication credentials. reference LINKS: SecurityTracker Alert ID: 1025971 Cisco Document ID: 113190 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents. A remote user can access an open

260

Environmental Restoration and Waste Management manpower needs assessment: US Department of Energy complex  

SciTech Connect

A study was conducted Pacific Northwest Laboratory and Oak Ridge Associated Universities, Inc. to assess the supply and demand for 53 scientific, engineering, and technical occupations relevant to the US Department of Energy's (DOE's) Office of Environmental Restoration and Waste management (EM). These assessments were made by examining budget projections and the input of program/project and human resources managers throughout the DOE complex. Quantitative projections of full-time equivalent employees slots for each occupation have been developed for the 1993--1997 time frame. Qualitative assessments of the factors that affect recruitment, staffing, and retention are also reported. The implications of the study are discussed within the likely skills mix of the future workforce and the education and organization interventions most likely to address the needs of the DOE complex.

Holmes, C.W.; Lewis, R.E.; Hunt, S.T. (Pacific Northwest Lab., Richland, WA (United States)); Finn, M.G. (Oak Ridge Associated Universities, Inc., TN (United States))

1992-06-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

Environmental Restoration and Waste Management manpower needs assessment: US Department of Energy complex  

SciTech Connect

A study was conducted Pacific Northwest Laboratory and Oak Ridge Associated Universities, Inc. to assess the supply and demand for 53 scientific, engineering, and technical occupations relevant to the US Department of Energy`s (DOE`s) Office of Environmental Restoration and Waste management (EM). These assessments were made by examining budget projections and the input of program/project and human resources managers throughout the DOE complex. Quantitative projections of full-time equivalent employees slots for each occupation have been developed for the 1993--1997 time frame. Qualitative assessments of the factors that affect recruitment, staffing, and retention are also reported. The implications of the study are discussed within the likely skills mix of the future workforce and the education and organization interventions most likely to address the needs of the DOE complex.

Holmes, C.W.; Lewis, R.E.; Hunt, S.T. [Pacific Northwest Lab., Richland, WA (United States); Finn, M.G. [Oak Ridge Associated Universities, Inc., TN (United States)

1992-06-01T23:59:59.000Z

262

A GUIDE AND A TOOLBOX FOR PUBLIC INVOLVEMENT IN THE ASSESSMENT AND THE MANAGEMENT OF CONTAMINATED SITES  

E-Print Network (OSTI)

A GUIDE AND A TOOLBOX FOR PUBLIC INVOLVEMENT IN THE ASSESSMENT AND THE MANAGEMENT OF CONTAMINATED, franck.marot@ademe.fr Keywords: Public involvement, Stakeholder, Communication, Guide, Tool, Contaminated of the assessment and the management of a contaminated site. It is also perceived as a difficult and sometimes risky

Boyer, Edmond

263

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po "DOE and its contractors are required to perform management and independent assessments in accordance with: * Title 10, Code of Federal Regulations (CFR), Part 830, Subpart A, "Quality Assurance Requirements"; * DOE O 414.1C, Quality Assurance;

264

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po "DOE and its contractors are required to perform management and independent assessments in accordance with: * Title 10, Code of Federal Regulations (CFR), Part 830, Subpart A, "Quality Assurance Requirements"; * DOE O 414.1C, Quality Assurance;

265

Adaptation and risk management  

SciTech Connect

Adaptation assessment methods are compatible with the international risk management standard ISO:31000. Risk management approaches are increasingly being recommended for adaptation assessments at both national and local levels. Two orientations to assessments can commonly be identified: top-down and bottom-up, and prescriptive and diagnostic. Combinations of these orientations favor different types of assessments. The choice of orientation can be related to uncertainties in prediction and taking action, in the type of adaptation and in the degree of system stress. Adopting multiple viewpoints is to be encouraged, especially in complex situations. The bulk of current guidance material is consistent with top-down and predictive approaches, thus is most suitable for risk scoping and identification. Abroad range ofmaterial fromwithin and beyond the climate change literature can be used to select methods to be used in assessing and implementing adaptation. The framing of risk, correct formulation of the questions being investigated and assessment methodology are critical aspects of the scoping phase. Only when these issues have been addressed should be issue of specific methods and tools be addressed. The reorientation of adaptation from an assessment focused solely on anthropogenic climate change to broader issues of vulnerability/resilience, sustainable development and disaster risk, especially through a risk management framework, can draw from existing policy and management understanding in communities, professions and agencies, incorporating existing agendas, knowledge, risks, and issues they already face.

Preston, Benjamin L [ORNL

2011-01-01T23:59:59.000Z

266

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

267

LCA-IWM: A decision support tool for sustainability assessment of waste management systems  

SciTech Connect

The paper outlines the most significant result of the project 'The use of life cycle assessment tools for the development of integrated waste management strategies for cities and regions with rapid growing economies', which was the development of two decision-support tools: a municipal waste prognostic tool and a waste management system assessment tool. The article focuses on the assessment tool, which supports the adequate decision making in the planning of urban waste management systems by allowing the creation and comparison of different scenarios, considering three basic subsystems: (i) temporary storage; (ii) collection and transport and (iii) treatment, disposal and recycling. The design and analysis options, as well as the assumptions made for each subsystem, are shortly introduced, providing an overview of the applied methodologies and technologies. The sustainability assessment methodology used in the project to support the selection of the most adequate scenario is presented with a brief explanation of the procedures, criteria and indicators applied on the evaluation of each of the three sustainability pillars.

Boer, J. den [Institute of Water Supply and Groundwater Protection, Wastewater Technology, Waste Management, Industrial Material Cycles, Environmental and Spatial Planning (Institute WAR), Technische Universitaet Darmstadt, Petersenstr. 13, 64287 Darmstadt (Germany)], E-mail: j.denboer@iwar.tu-darmstadt.de; Boer, E. den; Jager, J. [Institute of Water Supply and Groundwater Protection, Wastewater Technology, Waste Management, Industrial Material Cycles, Environmental and Spatial Planning (Institute WAR), Technische Universitaet Darmstadt, Petersenstr. 13, 64287 Darmstadt (Germany)

2007-07-01T23:59:59.000Z

268

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

94: IBM solidDB Password Hash Authentication Bypass 94: IBM solidDB Password Hash Authentication Bypass Vulnerability T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability April 4, 2011 - 6:08am Addthis PROBLEM: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: IBM solidDB 4.x - IBM solidDB 6.x ABSTRACT: This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. REFERENCE LINKS: IBM Security Alert Secunia Advisory: SA44030 ZDI Advisory: ZDI-11-115 IBM solidDB Support IMPACT ASSESSMENT: Medium Discussion: The specific flaw exists within the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol

269

V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IntegraXor ActiveX Control Buffer Overflow Vulnerability 6: IntegraXor ActiveX Control Buffer Overflow Vulnerability V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability February 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in IntegraXor PLATFORM: Integraxor Versions prior to 4.x ABSTRACT: The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow. REFERENCE LINKS: Secunia Advisory SA52073 CVE-2012-4700 US-CERT Advisory IMPACT ASSESSMENT: High DISCUSSION: Successfully exploiting this vulnerability could lead to a DoS for the application or could allow an attacker to execute arbitrary code. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 4.00 build 4280.0 Addthis Related Articles

270

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability January 23, 2012 - 9:00am Addthis PROBLEM: Linux Kernel "/proc//mem" Privilege Escalation Vulnerability. PLATFORM: Linux Kernel 2.6.x ABSTRACT: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges reference LINKS: Linux Kernel Update CVE-2012-0056 Red Hat Bugzilla Bug 782642 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to the kernel not properly restricting access to "/proc//mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.

271

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java. IMPACT: Apache can be exploited by malicious people to conduct spoofing attacks. SOLUTION: The vendor has issued a fix. Addthis Related Articles

272

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: ISC DHCP Multiple Denial of Service Vulnerabilities 4: ISC DHCP Multiple Denial of Service Vulnerabilities U-224: ISC DHCP Multiple Denial of Service Vulnerabilities July 31, 2012 - 7:00am Addthis PROBLEM: ISC DHCP Multiple Denial of Service Vulnerabilities PLATFORM: ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1 ABSTRACT: ISC DHCP is prone to multiple denial-of-service vulnerabilities. reference LINKS: BIND and DHCP Security Updates Released Bugtraq ID: 54665 Secunia Advisory SA50018 CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests

273

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

211: IBM iNotes Multiple Vulnerabilities 211: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

274

U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: McAfee Web Gateway Web Access Cross Site Scripting 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI. reference LINKS: McAfee Web Gateway Release Notes Bugtraq ID: 50341 Secunia Advisory: SA46570 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in McAfee Web Gateway, which can be

275

V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: PuTTY SSH Handshake Integer Overflow Vulnerabilities 3: PuTTY SSH Handshake Integer Overflow Vulnerabilities V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities August 7, 2013 - 6:00am Addthis PROBLEM: SEARCH-LAB has reported some vulnerabilities in PuTTY PLATFORM: PuTTY 0.x ABSTRACT: The vulnerabilities can be exploited by malicious people to potentially compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520 CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerabilities are caused due to some integer overflow errors when handling the SSH handshake and can be exploited to cause heap-based buffer overflows via a negative handshake message length. IMPACT: Successful exploitation of may allow execution of arbitrary code

276

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

098: ISC BIND Deleted Domain Name Resolving Vulnerability 098: ISC BIND Deleted Domain Name Resolving Vulnerability U-098: ISC BIND Deleted Domain Name Resolving Vulnerability February 8, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ABSTRACT: The vulnerability is caused due to an error within the cache update policy. reference LINKS: Original Advisory Secunia Advisory SA47884 CVE-2012-1033 IMPACT ASSESSMENT: High Discussion: Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The

277

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: ModSecurity Multipart Message Parsing Security Bypass 5: ModSecurity Multipart Message Parsing Security Bypass Vulnerability V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability October 18, 2012 - 6:00am Addthis PROBLEM: ModSecurity Multipart Message Parsing Security Bypass Vulnerability PLATFORM: Modsecurity Versions prior to 2.70 ABSTRACT: SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions REFERENCE LINKS: SEC Consult Secunia Advisory SA49853 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules. IMPACT: Remote Security Bypass SOLUTION: Update to version 2.70. Addthis Related Articles V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

278

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM WebSphere Commerce User Information Disclosure 2: IBM WebSphere Commerce User Information Disclosure Vulnerability U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability October 2, 2012 - 6:00am Addthis PROBLEM: IBM WebSphere Commerce User Information Disclosure Vulnerability PLATFORM: WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11 WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6 ABSTRACT: A vulnerability in WebSphere Commerce could allow disclosure of user personal data. reference LINKS: IBM Security Bulletin 1612484 X-Force Vulnerability Database (78867) Secunia Advisory SA50821 CVE-2012-4830 IMPACT ASSESSMENT: Medium Discussion: A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.

279

U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Microsoft Windows win32k.sys Memory Corruption Vulnerability 5: Microsoft Windows win32k.sys Memory Corruption Vulnerability U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability December 20, 2011 - 9:45am Addthis PROBLEM: Microsoft Windows win32k.sys Memory Corruption Vulnerability. PLATFORM: Operating System Microsoft Windows 7 ABSTRACT: Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. reference LINKS: Secunia Advisory SA47237 MS11-087:Article ID: 2639417 IMPACT ASSESSMENT: High Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page

280

V-082: Novell GroupWise Client Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Novell GroupWise Client Two Vulnerabilities 2: Novell GroupWise Client Two Vulnerabilities V-082: Novell GroupWise Client Two Vulnerabilities February 1, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Novell GroupWise Client PLATFORM: Novell GroupWise 2012 Novell GroupWise Client 2012 Novell GroupWise Client 8.x Novell GroupWise Server 8.x ABSTRACT: Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52031 CVE-2012-0439 CVE-2013-0804 Novell KB 7011687 Novell KB 7011688 IMPACT ASSESSMENT: High DISCUSSION: The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

76: VMware vCenter Operations Cross-Site Scripting Vulnerability 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory Secunia Advisory SA50795 CVE-2012-5050 IMPACT ASSESSMENT: Medium Discussion: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact: A vulnerability in VMware vCenter Operations, which can be exploited to

282

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability 5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability June 27, 2011 - 4:31pm Addthis PROBLEM: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability PLATFORM: Mozilla Firefox ABSTRACT: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. reference LINKS: Securityfocus Mozilla Firefox Homepage MFSA 2011-27: XSS encoding hazard with inline SVG IMPACT ASSESSMENT: High Discussion: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to

283

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities August 6, 2012 - 7:00am Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions 2.0.1.358 and earlier. ABSTRACT: Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software reference LINKS: BlackBerry Article ID: KB31675 Secunia Advisory SA50164 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0773 CVE-2012-0779 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

284

Assessment of External Hazards at Radioactive Waste and Used Fuel Management Facilities - 13505  

SciTech Connect

One of the key lessons from the Fukushima accident is the importance of having a comprehensive identification and evaluation of risks posed by external events to nuclear facilities. While the primary focus has been on nuclear power plants, the Canadian nuclear industry has also been updating hazard assessments for radioactive waste and used fuel management facilities to ensure that lessons learnt from Fukushima are addressed. External events are events that originate either physically outside the nuclear site or outside its control. They include natural events, such as high winds, lightning, earthquakes or flood due to extreme rainfall. The approaches that have been applied to the identification and assessment of external hazards in Canada are presented and analyzed. Specific aspects and considerations concerning hazards posed to radioactive waste and used fuel management operations are identified. Relevant hazard identification techniques are described, which draw upon available regulatory guidance and standard assessment techniques such as Hazard and Operability Studies (HAZOPs) and 'What-if' analysis. Consideration is given to ensuring that hazard combinations (for example: high winds and flooding due to rainfall) are properly taken into account. Approaches that can be used to screen out external hazards, through a combination of frequency and impact assessments, are summarized. For those hazards that cannot be screened out, a brief overview of methods that can be used to conduct more detailed hazard assessments is also provided. The lessons learnt from the Fukushima accident have had a significant impact on specific aspects of the approaches used to hazard assessment for waste management. Practical examples of the effect of these impacts are provided. (authors)

Gerchikov, Mark; Schneider, Glenn; Khan, Badi; Alderson, Elizabeth [AMEC NSS, 393 University Ave., Toronto, ON (Canada)] [AMEC NSS, 393 University Ave., Toronto, ON (Canada)

2013-07-01T23:59:59.000Z

285

Vulnerability Analysis Considerations for the Transportation of Special Nuclear Material  

SciTech Connect

The vulnerability analysis methodology developed for fixed nuclear material sites has proven to be extremely effective in assessing associated transportation issues. The basic methods and techniques used are directly applicable to conducting a transportation vulnerability analysis. The purpose of this paper is to illustrate that the same physical protection elements (detection, delay, and response) are present, although the response force plays a dominant role in preventing the theft or sabotage of material. Transportation systems are continuously exposed to the general public whereas the fixed site location by its very nature restricts general public access.

Nicholson, Lary G.; Purvis, James W.

1999-07-21T23:59:59.000Z

286

Radiological Dose Assessment Related to Management of Naturally Occurring Radioactive Materials Generated by the Petroleum Industry  

NLE Websites -- All DOE Office Websites (Extended Search)

Tebes is affiliated with the University of Illinois. Tebes is affiliated with the University of Illinois. ANL/EAD-2 Radiological Dose Assessment Related to Management of Naturally Occurring Radioactive Materials Generated by the Petroleum Industry by K.P. Smith, D.L. Blunt, G.P. Williams, and C.L. Tebes * Environmental Assessment Division Argonne National Laboratory, 9700 South Cass Avenue, Argonne, Illinois 60439 September 1996 Work sponsored by the United States Department of Energy, Office of Policy iii CONTENTS ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii NOTATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

287

Environmental Assessment of Paper Waste Management Options by Means of LCA Methodology  

Science Journals Connector (OSTI)

Environmental Assessment of Paper Waste Management Options by Means of LCA Methodology ... Life cycle assessment (LCA) is a systematic tool, developed from the principles of material and energy balances, to describe the full resource usages and environmental impacts associated with supply chains delivering products or services. ... The essence of LCA is that it considers all material and energy flows from the cradle of primary resources (such as oil or ore deposits) to grave of final disposal (such as stable inert material in a landfill). ...

U. Arena; M. L. Mastellone; F. Perugini; R. Clift

2004-08-25T23:59:59.000Z

288

Review of the Independent Integrated Safety Management/Integrated Work Management Assessment of Research and Develoopment and Programmatic Work at the Los Alamos National Laboratory, December 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Independent Integrated Safety Independent Integrated Safety Management/Integrated Work Management Assessment of Research and Development and Programmatic Work at the Los Alamos National Laboratory December 2011 Office of Safety and Emergency Management Evaluations Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Table of Contents 1.0 Purpose ................................................................................................................................................... 1 2.0 Background ............................................................................................................................................ 1 3.0 Scope ...................................................................................................................................................... 1

289

CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND  

E-Print Network (OSTI)

CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND ADAPTATION IN THE SAN FRANCISCO BAY AREA Commission's California Climate Change Center JULY 2012 CEC5002012071 Prepared for: California Energy, as well as projections of future changes in climate based on modeling studies using various plausible

290

Integration and decision support systems for energy policy management and comparative assessment studies  

Science Journals Connector (OSTI)

The paper investigates the problematique of decision support systems within the framework of energy policy management and comparative risk assessment studies. A number of models and associated software tools are presented and discussed with a view to using them for the energy dialogue process. Special aspects on energy indicators, and their role in sustainable development of energy systems are investigated. Recommendations include the use of such analytical tools as DSS etc. in the overall decision aiding process for energy mix selection.

Adrian V. Gheorghe

1999-01-01T23:59:59.000Z

291

An Example of an INPRO Assessment of an INS in the Area of Waste Management  

SciTech Connect

Following a resolution of the General Conference of the IAEA in the year 2000 the International Project on Innovative Nuclear Reactors and Fuel Cycles, referred to as INPRO, was initiated. INPRO has defined requirements organized in a hierarchy of Basic Principles, User Requirements and Criteria (consisting of an indicator and an acceptance limit) to be met by innovative nuclear reactor systems (INS) in six areas, namely: economics, safety, waste management, environment, proliferation resistance, and infrastructure. If an INS meets all requirements in all areas it represents a sustainable system for the supply of energy, capable of making a significant contribution to meeting the energy needs of the 21. century. Draft manuals have been developed, for each INPRO area, to provide guidance for performing an assessment of whether an INS meets the INPRO requirements in a given area. The manuals set out the information that needs to be assembled to perform an assessment and provide guidance on selecting the acceptance limits and, for a given INS, for determining the value of the indicators for comparison with the associated acceptance limits. Each manual also includes an example of a specific assessment to illustrate the guidance. This paper discusses the example presented in the manual for performing an INPRO assessment in the area of waste management. The example, chosen solely for the purpose of illustrating the INPRO methodology, describes an assessment of an INS based on the DUPIC fuel cycle. It is assumed that uranium is mined, milled, converted, enriched, and fabricated into LWR fuel in Canada. The LWR fuel is assumed to be leased to a utility in the USA. The spent LWR fuel is assumed to be returned to Canada where it is processed into CANDU DUPIC fuel, which is then burned in CANDU reactors. The assessment steps and the results are presented in detail in the paper. The example illustrates an assessment performed for an INS at an early stage of development. (authors)

Allan, C.; Busurin, Y.; Depisch, F. [International Atomic Energy Agency, P.O. Box 100, Wagramer Strasse 5, A-1400 Vienna (Austria)

2006-07-01T23:59:59.000Z

292

Locating Climate Insecurity: Where Are the Most Vulnerable Places in  

Open Energy Info (EERE)

Locating Climate Insecurity: Where Are the Most Vulnerable Places in Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Agency/Company /Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.org/system/research_items/pdfs/19/original.pdf?128 UN Region: "Sub-Saharan Africa" is not in the list of possible values (Eastern Africa, Middle Africa, Northern Africa, Southern Africa, Western Africa, Caribbean, Central America, South America, Northern America, Central Asia, Eastern Asia, Southern Asia, South-Eastern Asia, Western Asia, Eastern Europe, Northern Europe, Southern Europe, Western Europe, Australia and New Zealand, Melanesia, Micronesia, Polynesia, Latin America and the Caribbean) for this property.

293

T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Drupal Prepopulate - Multiple vulnerabilities 7: Drupal Prepopulate - Multiple vulnerabilities T-657: Drupal Prepopulate - Multiple vulnerabilities June 29, 2011 - 3:34pm Addthis PROBLEM: Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. PLATFORM: Prepopulate module for Drupal 6.x versions prior to 6.x-2.2 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2011-023 Prepopulate module Prepopulate 6.x-2.2 Update IMPACT ASSESSMENT: High Discussion: The Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. Users privileged to

294

V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting 6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions November 16, 2012 - 6:00am Addthis PROBLEM: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions. PLATFORM: RSA Data Protection Manager Appliance versions 2.7.x and 3.x ABSTRACT: Two vulnerabilities were reported in RSA Data Protection Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1027781 EMC Identifier: ESA-2012-055 RSA Worldwide Customer Support CVE-2012-4612 CVE-2012-4613 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities were reported in RSA Data Protection Manager. A remote

295

U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc 0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands September 28, 2012 - 6:00am Addthis PROBLEM: Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands PLATFORM: Control Manager - 3.0, 3.5, 5.0, 5.5, 6.0 ABSTRACT: Trend Micro has been notified of a potential product vulnerability in Control Manager. reference LINKS: Trend Micro Technical Support ID 1061043 SecurityTracker Alert ID: 1027584 Secunia Advisory SA50760 CVE-2012-2998 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in Trend Micro Control Manager, which can

296

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

297

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

298

Risk Assessment Models and Contamination Management: Implications for Broad-Range Ribosomal DNA PCR as a Diagnostic Tool in Medical Bacteriology  

Science Journals Connector (OSTI)

...Contamination Management: Implications...alternative approaches (3). 16S...within the life sciences in the late...through careful management of the working...risk assessment approach. FIG. 1...angiomatosis. An approach to the identification...contamination management: implications...

B. Cherie Millar; Jiru Xu; John E. Moore

2002-05-01T23:59:59.000Z

299

Safeguarding Children and Vulnerable Adults Introduction  

E-Print Network (OSTI)

Safeguarding Children and Vulnerable Adults Introduction The University is expected and has a responsibility to take appropriate steps to safeguard children and vulnerable adults who are on University · Safeguarding:"Institutionshaveanenhanceddutytowardschildren,andsafeguardingispartofthatcommon-lawdutyof care

Aickelin, Uwe

300

Depleted Uranium Hexafluoride Management Program. The technology assessment report for the long-term management of depleted uranium hexafluoride. Volume 1  

SciTech Connect

With the publication of a Request for Recommendations and Advance Notice of Intent in the November 10, 1994 Federal Register, the Department of Energy initiated a program to assess alternative strategies for the long-term management or use of depleted uranium hexafluoride. This Request was made to help ensure that, by seeking as many recommendations as possible, Department management considers reasonable options in the long-range management strategy. The Depleted Uranium Hexafluoride Management Program consists of three major program elements: Engineering Analysis, Cost Analysis, and an Environmental Impact Statement. This Technology Assessment Report is the first part of the Engineering Analysis Project, and assesses recommendations from interested persons, industry, and Government agencies for potential uses for the depleted uranium hexafluoride stored at the gaseous diffusion plants in Paducah, Kentucky, and Portsmouth, Ohio, and at the Oak Ridge Reservation in Tennessee. Technologies that could facilitate the long-term management of this material are also assessed. The purpose of the Technology Assessment Report is to present the results of the evaluation of these recommendations. Department management will decide which recommendations will receive further study and evaluation. These Appendices contain the Federal Register Notice, comments on evaluation factors, independent technical reviewers resumes, independent technical reviewers manual, and technology information packages.

Zoller, J.N.; Rosen, R.S.; Holliday, M.A. [and others] [and others

1995-06-30T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

Depleted Uranium Hexafluoride Management Program. The technology assessment report for the long-term management of depleted uranium hexafluoride. Volume 2  

SciTech Connect

With the publication of a Request for Recommendations and Advance Notice of Intent in the November 10, 1994 Federal Register, the Department of Energy initiated a program to assess alternative strategies for the long-term management or use of depleted uranium hexafluoride. This Request was made to help ensure that, by seeking as many recommendations as possible, Department management considers reasonable options in the long-range management strategy. The Depleted Uranium Hexafluoride Management Program consists of three major program elements: Engineering Analysis, Cost Analysis, and an Environmental Impact Statement. This Technology Assessment Report is the first part of the Engineering Analysis Project, and assesses recommendations from interested persons, industry, and Government agencies for potential uses for the depleted uranium hexafluoride stored at the gaseous diffusion plants in Paducah, Kentucky, and Portsmouth, Ohio, and at the Oak Ridge Reservation in Tennessee. Technologies that could facilitate the long-term management of this material are also assessed. The purpose of the Technology Assessment Report is to present the results of the evaluation of these recommendations. Department management will decide which recommendations will receive further study and evaluation.

Zoller, J.N.; Rosen, R.S.; Holliday, M.A. [and others] [and others

1995-06-30T23:59:59.000Z

302

A planning-oriented sustainability assessment framework for peri-urban water management in developing countries  

Science Journals Connector (OSTI)

Abstract DPSIR and the three-pillar model are well-established frameworks for sustainability assessment. This paper proposes a planning-oriented sustainability assessment framework (POSAF). It is informed by those frameworks but differs insofar as it puts more emphasis on a constructivist conception which recognises that sustainability needs to be defined anew for each planning problem. In finding such a consensus definition, POSAF uses participatory scenario analysis and participatory planning, technical feasibility study, participatory assessment, analysis of trade-offs and social networks in an unusual combination and for goals that differ from the original conceptions of these methods. POSAF was applied in a peri-urban area of Mexico City for the design of improved water service provision, integrating solid waste management. It supported consensus amongst users about the importance of environmental issues, informed planners about the values of stakeholders and users, detected local differences, and identified possible conflicts at an early stage of decision-making.

Markus Starkl; Norbert Brunner; Eduardo Lpez; Jos Luis Martnez-Ruiz

2013-01-01T23:59:59.000Z

303

Cyber Security Requirements for Risk Management  

Directives, Delegations, and Requirements

The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

2004-02-19T23:59:59.000Z

304

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

High Impact High Impact Assessment Bulletins JC3 High Impact Assessment Bulletins RSS November 7, 2012 V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code Several vulnerabilities were reported in Adobe Flash Player. November 5, 2012 V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System Two vulnerabilities were reported in HP Performance Insight. November 2, 2012 V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information Three vulnerabilities were reported in Apple iOS. November 1, 2012 V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let

305

The role of waste-to-energy in integrated waste management: A life cycle assessment perspective  

SciTech Connect

Municipal Solid Waste (MSW) management has become a major issue in terms of environmental impacts. It has become the focus of local, state and federal regulations, which generally tend to promote the reduce/re-use/recycle/incinerate/landfill environmental hierarchy. At the same time, the Waste Industry capital requirements have increased in order of magnitude since the beginning of the 80`s. The driving forces of further capital requirements for the Waste Management Industry will be the impact of public policies set today and goals set by politicians. Therefore, it appears extremely important for the Waste Industry to correctly analyze and forecast the real environmental and financial costs of waste management practices in order to: discuss with the local, state and federal agencies on more rational grounds; forecast the right investments in new technologies (recycling networks and plants, incinerators with heat recovery, modern landfill). The aim of this paper is to provide an example of a Life Cycle Assessment (LCA) project in the waste management field that raised surprising issues on otherwise unchallenged waste management practices.

Besnainou, J. [Ecobalance, Rockville, MD (United States)

1996-12-31T23:59:59.000Z

306

Transportation risk assessment for the US Department of Energy Environmental Management Programmatic Environmental Impact Statement  

SciTech Connect

In its Programmatic Environmental Impact Statement (PEIS), the Office of Environmental Management (EM) of the US Department of Energy (DOE) is considering a broad range of alternatives for the future management of radioactive and hazardous waste at the facilities of the DOE complex. The alternatives involve facilities to be used for treatment, storage, and disposal of various wastes generated from DOE`s environmental restoration activities and waste management operation. Included in the evaluation are six types of waste (five types of radioactive waste plus hazardous waste), 49 sites, and numerous cases associated with each different alternative for waste management. In general, the alternatives are evaluated independently for each type of waste and reflect decentralized, regionalized, and centralized approaches. Transportation of waste materials is an integral component of the EM PEIS alternatives for waste management. The estimated impact on human health that is associated with various waste transportation activities is an important element leading to a complete appraisal of the alternatives. The transportation risk assessment performed for the EM PEIS is designed to ensure -- through uniform and judicious selection of models, data, and assumptions -- that relative comparisons of risk among the various alternatives are meaningful and consistent.

Chen, S.Y.; Monette, F.A.; Biwer, B.M.; Lazaro, M.A.; Hartmann, H.M.; Policastro, A.J.

1994-08-01T23:59:59.000Z

307

Result Summary for the Area 5 Radioactive Waste Management Site Performance Assessment Model Version 4.113  

SciTech Connect

Preliminary results for Version 4.113 of the Nevada National Security Site Area 5 Radioactive Waste Management Site performance assessment model are summarized. Version 4.113 includes the Fiscal Year 2011 inventory estimate.

Shott, G. J.

2012-04-15T23:59:59.000Z

308

RCRA Assessment Plan for Single-Shell Tank Waste Management Area TX-TY  

SciTech Connect

WMA TX-TY contains underground, single-shell tanks that were used to store liquid waste that contained chemicals and radionuclides. Most of the liquid has been removed, and the remaining waste is regulated under the RCRA as modified in 40 CFR Part 265, Subpart F and Washington States Hazardous Waste Management Act . WMA TX-TY was placed in assessment monitoring in 1993 because of elevated specific conductance. A groundwater quality assessment plan was written in 1993 describing the monitoring activities to be used in deciding whether WMA TX-TY had affected groundwater. That plan was updated in 2001 for continued RCRA groundwater quality assessment as required by 40 CFR 265.93 (d)(7). This document further updates the assessment plan for WMA TX-TY by including (1) information obtained from ten new wells installed at the WMA after 1999 and (2) information from routine quarterly groundwater monitoring during the last five years. Also, this plan describes activities for continuing the groundwater assessment at WMA TX TY.

Horton, Duane G.

2007-03-26T23:59:59.000Z

309

Assessment of Disposal Options for DOE-Managed High-Level Radioactive Waste and Spent Nuclear Fuel  

Energy.gov (U.S. Department of Energy (DOE))

The Assessment of Disposal Options for DOE-Managed High-Level Radioactive Waste and Spent Nuclear Fuel report assesses the technical options for the safe and permanent disposal of high-level radioactive waste (HLW) and spent nuclear fuel (SNF) managed by the Department of Energy. Specifically, it considers whether DOE-managed HLW and SNF should be disposed of with commercial SNF and HLW in one geologic repository or whether there are advantages to developing separate geologic disposal pathways for some DOE-managed HLW and SNF. The report recommends that the Department begin implementation of a phased, adaptive, and consent-based strategy with development of a separate mined repository for some DOE-managed HLW and cooler DOE-managed SNF.

310

V-211: IBM iNotes Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

311

Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities, August 2011  

NLE Websites -- All DOE Office Websites (Extended Search)

Review Report Review Report Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities May 2011 August 2011 Office of Health, Safety and Security Office of Enforcement and Oversight Office of Safety and Emergency Management Evaluations Table of Contents Background ................................................................................................................................................... 1 Results ........................................................................................................................................................... 2 Conduct of the FCA ......................................................................................................................... 2

312

Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities, August 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Review Report Review Report Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities May 2011 August 2011 Office of Health, Safety and Security Office of Enforcement and Oversight Office of Safety and Emergency Management Evaluations Table of Contents Background ................................................................................................................................................... 1 Results ........................................................................................................................................................... 2 Conduct of the FCA ......................................................................................................................... 2

313

Life cycle assessment of ship-generated waste management of Luka Koper  

SciTech Connect

Sea ports and the related maritime activities (e.g. shipping, shipbuilding, etc.) are one of the main driver of Europe's growth, jobs, competitiveness and prosperity. The continuously growth of shipping sectors has however introduced some environmental concerns, particularly with respect to ship-generated waste management. The port of Koper, one of the major ports on the northern Adriatic Coast, is the focus of this study. In this paper, a life cycle assessment was performed to identify and quantify the environmental impacts caused by the ship-generated waste management of port of Koper. Carcinogens substance (e.g. dioxins) and inorganic emissions, especially heavy metals, resulted to be the most critical environmental issues, while the fossil fuels consumption is reduced by recovery of ship-generated oils. Moreover, the final treatment of ship waste was found to be critical phase of the management, and the landfill have a significant contribute to the overall environmental load. These results can be useful in the identification of the best practices and in the implementation of waste management plans in ports.

Zuin, Stefano, E-mail: sz.cvr@vegapark.ve.i [Consorzio Venezia Ricerche, Via della Liberta 12, c/o PST VEGA, 30175 Venice (Italy); Belac, Elvis; Marzi, Boris [Luka Koper d.d., Vojkovo nabrezje 38, SI - 6501 Koper (Slovenia)

2009-12-15T23:59:59.000Z

314

Alchemy to reason: Effective use of Cumulative Effects Assessment in resource management  

SciTech Connect

Cumulative Effects Assessment (CEA) is a tool that can be useful in making decisions about natural resource management and allocation. The decisions to be made include those (i) necessary to construct planning and regulatory frameworks to control development activity so that societal goals will be achieved and (ii) whether or not to approve individual development projects, with or without conditions. The evolution of CEA into a more successful tool cannot occur independently of the evolution of decision making processes. Currently progress is painfully slow on both fronts. This paper explores some opportunities to accelerate improvements in decision making in natural resource management and in the utility of CEA as a tool to assist in making such decisions. The focus of the paper is on how to define the public interest by determining what is acceptable.

Hegmann, George, E-mail: george.hegmann@stantec.com [Principal, Environmental Management, Stantec Consulting Ltd., 805 - 8th Avenue SW Suite 300, Calgary, Alberta, T2P 1H7 (Canada); Yarranton, G.A., E-mail: yarran@shaw.ca [121 Artists View Way, Calgary, Alberta, T3Z 3N1 (Canada)

2011-09-15T23:59:59.000Z

315

U-238: HP Service Manager Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Input Validation Flaw Permits Cross-Site 8: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks U-238: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks August 17, 2012 - 7:00am Addthis PROBLEM: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 7.11, 9.21, 9.30 ABSTRACT: Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. REFERENCE LINKS: www2.hp.com http://www.securitytracker.com/id/1027399 CVE-2012-3251 IMPACT ASSESSMENT: Moderate Discussion: A vulnerability was reported in HP Service Manager. A remote user can conduct cross-site scripting attacks. The software does not properly filter

316

U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: HP Network Node Manager i Input Validation Flaw Permits 9: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks August 7, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: HP Network Node Manager I (NNMi) v8.x, v9.0x, v9.1x, v9.20 for HP-UX, Linux, Solaris, and Windows ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Reference LINKS: HP Document ID: c03405705 SecurityTracker Alert ID: 1027345 Bugtraq ID: 54815 CVE-2012-2022 IMPACT ASSESSMENT:

317

U-238: HP Service Manager Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

38: HP Service Manager Input Validation Flaw Permits Cross-Site 38: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks U-238: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks August 17, 2012 - 7:00am Addthis PROBLEM: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 7.11, 9.21, 9.30 ABSTRACT: Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. REFERENCE LINKS: www2.hp.com http://www.securitytracker.com/id/1027399 CVE-2012-3251 IMPACT ASSESSMENT: Moderate Discussion: A vulnerability was reported in HP Service Manager. A remote user can conduct cross-site scripting attacks. The software does not properly filter

318

The Dempster-Schafer Theory of Belief Functions for Managing Uncertainties: An Introduction and Fraud Risk Assessment Illustration  

E-Print Network (OSTI)

where management fraud risk is assessed to be high. In addition, we discuss whether audit planning is better served by an integrated audit/fraud risk assessment as now suggested in SAS 107 (AICPA 2006a, see also ASA 200 in AUASB 2007) or by the approach...

Srivastava, Rajendra P.; Mock, Theodore J.; Gao, Lei

2011-01-01T23:59:59.000Z

319

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-057: eXtplorer "ext_find_user()" Authentication Bypass V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

320

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat Security Bypass and Denial of Service 7: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities November 6, 2012 - 6:00am Addthis PROBLEM: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities PLATFORM: Apache Tomcat 5.x Apache Tomcat 6.x Apache Tomcat 7.x ABSTRACT: Two vulnerabilities were reported in Apache Tomcat REFERENCE LINKS: Apache.org Apache Tomcat Denial of Service Apache Tomcat DIGEST authentication weaknesses Secunia Advisory SA51138 CVE-2012-2733 CVE-2012-3439 IMPACT ASSESSMENT: Medium DISCUSSION: A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error within the "parseHeaders()" function

322

U-172: OpenOffice.org Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: OpenOffice.org Two Vulnerabilities 72: OpenOffice.org Two Vulnerabilities U-172: OpenOffice.org Two Vulnerabilities May 18, 2012 - 7:00am Addthis PROBLEM: OpenOffice.org Two Vulnerabilities PLATFORM: OpenOffice.org 3.3, Other versions may also be affected. ABSTRACT: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system. Reference LINKS: Secunia Advisory SA46992 CVE-2012-1149 CVE-2012-2149 IMPACT ASSESSMENT: High Discussion: 1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file. 2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect

323

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

324

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apache Struts "ParameterInterceptor" Security Bypass 2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Apache Struts PLATFORM: The vulnerability is reported in versions prior to 2.3.14.1 ABSTRACT: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA53495 Apache Struts Advisory S2-012 Apache Struts Advisory S2-013 CVE-2013-1965 CVE-2013-1966 IMPACT ASSESSMENT: High DISCUSSION: A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request

325

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

326

U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Apache OFBiz Cross-Site Scripting and Code Execution 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior versions may also be affected. references LINKS: Vendor Advisory Secunia Advisory 48800 CVE-2012-1621 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised within the "getServerError()" function in checkoutProcess.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code

327

T-572: VMware ESX/ESXi SLPD denial of service vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: VMware ESX/ESXi SLPD denial of service vulnerability 72: VMware ESX/ESXi SLPD denial of service vulnerability T-572: VMware ESX/ESXi SLPD denial of service vulnerability March 8, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions. PLATFORM: ESX/ESXi 4.0, 4.1 ABSTRACT: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. reference LINKS: VMware Security Advisory: VMSA-2011-0004 VMware vSphere 4 VMware ESXi 4.1 Update CVE-2010-3609 IMPACT ASSESSMENT: Moderate Discussion: A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.

328

U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Net4Switch ipswcom ActiveX Control Buffer Overflow 8: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability February 22, 2012 - 8:00am Addthis PROBLEM: A vulnerability was reported in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system. PLATFORM: Net4Switch ipswcom ActiveX Control 1.x ABSTRACT: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. reference LINKS: Vendor Advisory Secunia Advisroy 48125 No CVE references. IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

329

V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow 19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis PROBLEM: Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system. PLATFORM: Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x ABSTRACT: The vulnerability is confirmed in the following products and versions: * Kingsoft Writer 2012 version 8.1.0.3030. * Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 8.1.0.3385. REFERENCE LINKS: Secunia Advisory SA53266 CVE-2013-3934 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a

330

U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Oracle AutoVue ActiveX Control Insecure Method 18: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities October 25, 2011 - 8:45am Addthis PROBLEM: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities. PLATFORM: The vulnerabilities are confirmed in version 20.0.2 build 7910 (AutoVueX.ocx 20.1.1.7910). Other versions may also be affected. ABSTRACT: Successful exploitation of the vulnerabilities allows execution of arbitrary code. reference LINKS: Bugtraq ID: 50321 Secunia Advisory SA46473 Oracle AutoVue IMPACT ASSESSMENT: High Discussion: Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the

331

V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: MediaWiki CentralAuth Extension Authentication Bypass 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for MediaWik REFERENCE LINKS: Secunia Advisory SA54723 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie. IMPACT:

332

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

333

V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Novell iPrint Client Unspecified Buffer Overflow 8: Novell iPrint Client Unspecified Buffer Overflow Vulnerability V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability May 3, 2013 - 6:00am Addthis PROBLEM: Novell iPrint Client Unspecified Buffer Overflow Vulnerability PLATFORM: Novell iPrint Client 5.x ABSTRACT: A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system REFERENCE LINKS: Secunia Advisory SA53261 Novell KB 7012344 Novell KB 7008708 CVE-2013-1091 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an unspecified error and can be exploited to cause a stack-based buffer overflow. IMPACT: Successful exploitation may allow execution of arbitrary code SOLUTION: Vendor recommendation is to update to Version 5.90

334

Joint Assessment of Renewable Energy and Water Desalination Research Center (REWDC) Program Capabilities and Facilities In Radioactive Waste Management  

SciTech Connect

The primary goal of this visit was to perform a joint assessment of the Renewable Energy and Water Desalination Center's (REWDC) program in radioactive waste management. The visit represented the fourth technical and scientific interaction with Libya under the DOE/NNSA Sister Laboratory Arrangement. Specific topics addressed during the visit focused on Action Sheet P-05-5, ''Radioactive Waste Management''. The Team, comprised of Mo Bissani (Team Lead), Robert Fischer, Scott Kidd, and Jim Merrigan, consulted with REWDC management and staff. The team collected information, discussed particulars of the technical collaboration and toured the Tajura facility. The tour included the waste treatment facility, waste storage/disposal facility, research reactor facility, hot cells and analytical labs. The assessment team conducted the first phase of Task A for Action Sheet 5, which involved a joint assessment of the Radioactive Waste Management Program. The assessment included review of the facilities dedicated to the management of radioactive waste at the Tourja site, the waste management practices, proposed projects for the facility and potential impacts on waste generation and management.

Bissani, M; Fischer, R; Kidd, S; Merrigan, J

2006-04-03T23:59:59.000Z

335

Evaluation of the Los Alamos National Security Emergency Operations Divison Emergency Management Self-assessment Practices, June 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

06-08 06-08 Site: Los Alamos National Laboratory Subject: Office of Enforcement and Oversight's Office of Safety and Emergency Management Evaluations Activity Report for the Evaluation of the Los Alamos National Security Emergency Operations Division Emergency Management Self-assessment Practices Dates of Activity : 06/06/2011-06/08/2011 Report Preparer: John Bolling/Randy Griffin Activity Description/Purpose: Los Alamos National Security, LLC (LANS) and the Los Alamos Site Office (LASO) requested that the U.S. Department of Energy (DOE), Office of Health, Safety and Security (HSS), Office of Safety and Emergency Management Evaluations evaluate LANS's Emergency Operations Division emergency management self- assessment practices. Utilizing the self-assessment of the Los Alamos National Laboratory (LANL) emergency

336

Assessment of the Emergency Management Program Training and Drills Functional Area at the Los Alamos National Laboratory, August 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

LANL-2011-08-04 LANL-2011-08-04 Site: Los Alamos National Laboratory Subject: Office of Enforcement and Oversight's Office of Safety and Emergency Management Evaluations Activity Report of the Assessment of the Emergency Management Program Training and Drills Functional Area Dates of Activity : 08/01/2011 - 08/04/2011 Report Preparer: David Odland/Randy Griffin Activity Description/Purpose: Since the 2007 Office of Health, Safety and Security (HSS) inspection of the Los Alamos National Laboratory (LANL) emergency management program, HSS personnel have conducted periodic visits to follow-up on the corrective actions taken to address the findings in the review. This 2011 assessment was conducted to continue the corrective action follow-up activities and to support the Los Alamos Site Office (LASO) Emergency Management Program Manager in accomplishing

337

MANAGEMENT OF RESEARCH AND TEST REACTOR ALUMINUM SPENT NUCLEAR FUEL - A TECHNOLOGY ASSESSMENT  

SciTech Connect

The Department of Energy's Environmental Management (DOE-EM) Program is responsible for the receipt and storage of aluminum research reactor spent nuclear fuel or used fuel until ultimate disposition. Aluminum research reactor used fuel is currently being stored or is anticipated to be returned to the U.S. and stored at DOE-EM storage facilities at the Savannah River Site and the Idaho Nuclear Technology and Engineering Center. This paper assesses the technologies and the options for safe transportation/receipt and interim storage of aluminum research reactor spent fuel and reviews the comprehensive strategy for its management. The U.S. Department of Energy uses the Appendix A, Spent Nuclear Fuel Acceptance Criteria, to identify the physical, chemical, and isotopic characteristics of spent nuclear fuel to be returned to the United States under the Foreign Research Reactor Spent Nuclear Fuel Acceptance Program. The fuel is further evaluated for acceptance through assessments of the fuel at the foreign sites that include corrosion damage and handleability. Transport involves use of commercial shipping casks with defined leakage rates that can provide containment of the fuel, some of which are breached. Options for safe storage include wet storage and dry storage. Both options must fully address potential degradation of the aluminum during the storage period. This paper focuses on the various options for safe transport and storage with respect to technology maturity and application.

Vinson, D.

2010-07-11T23:59:59.000Z

338

Economic vulnerability to Peak Oil  

Science Journals Connector (OSTI)

Abstract Peak Oil, which refers to the maximum possible global oil production rate, is increasingly gaining attention in both science and policy discourses. However, little is known about how this phenomenon will impact economies, despite its apparent imminence and potential dangers. In this paper, we construct a vulnerability map of the U.S. economy, combining two approaches for analyzing economic systems, i.e. inputoutput analysis and social network analysis (applied to economic data). Our approach reveals the relative importance of individual economic sectors, and how vulnerable they are to oil price shocks. As such, our dual-analysis helps identify which sectors, due to their strategic position, could put the entire U.S. economy at risk from Peak Oil. For the U.S., such sectors would include Iron Mills, Fertilizer Production and Transport by Air. Our findings thus provide early warnings to downstream companies about potential trouble in their supply chain, and inform policy action for Peak Oil. Although our analysis is embedded in a Peak Oil narrative, it is just as valid and useful in the context of developing a climate roadmap toward a low carbon economy.

Christian Kerschner; Christina Prell; Kuishuang Feng; Klaus Hubacek

2013-01-01T23:59:59.000Z

339

Hawaii demand-side management resource assessment. Final report: DSM opportunity report  

SciTech Connect

The Hawaii Demand-Side Management Resource Assessment was the fourth of seven projects in the Hawaii Energy Strategy (HES) program. HES was designed by the Department of Business, Economic Development, and Tourism (DBEDT) to produce an integrated energy strategy for the State of Hawaii. The purpose of Project 4 was to develop a comprehensive assessment of Hawaii`s demand-side management (DSM) resources. To meet this objective, the project was divided into two phases. The first phase included development of a DSM technology database and the identification of Hawaii commercial building characteristics through on-site audits. These Phase 1 products were then used in Phase 2 to identify expected energy impacts from DSM measures in typical residential and commercial buildings in Hawaii. The building energy simulation model DOE-2.1E was utilized to identify the DSM energy impacts. More detailed information on the typical buildings and the DOE-2.1E modeling effort is available in Reference Volume 1, ``Building Prototype Analysis``. In addition to the DOE-2.1E analysis, estimates of residential and commercial sector gas and electric DSM potential for the four counties of Honolulu, Hawaii, Maui, and Kauai through 2014 were forecasted by the new DBEDT DSM Assessment Model. Results from DBEDTs energy forecasting model, ENERGY 2020, were linked with results from DOE-2.1E building energy simulation runs and estimates of DSM measure impacts, costs, lifetime, and anticipated market penetration rates in the DBEDT DSM Model. Through its algorithms, estimates of DSM potential for each forecast year were developed. Using the load shape information from the DOE-2.1E simulation runs, estimates of electric peak demand impacts were developed. 10 figs., 55 tabs.

NONE

1995-08-01T23:59:59.000Z

340

T-560: Cisco Security Advisory: Management Center for Cisco Security...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code...

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

U-198: IBM Lotus Expeditor Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

342

V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Video Surveillance Manager Bugs Let Remote Users 2: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information July 25, 2013 - 2:52am Addthis PROBLEM: A remote user can obtain potentially sensitive information and modify some configuration settings. A remote user can exploit this to create, modify, and remove camera feeds, archives, logs, and users. PLATFORM: Cisco Video Surveillance Manager 7.1, 7.5 ABSTRACT: Two vulnerabilities were reported in Cisco Video Surveillance Manager REFERENCE LINKS: Security Tracker Alert ID: 1028827 CVE-2013-3429 CVE-2013-3430 CVE-2013-3431 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is due to an access control error that occurred. The

343

U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: HP Performance Manager Unspecified Bug Lets Remote Users 7: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes March 30, 2012 - 9:15am Addthis PROBLEM: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes PLATFORM: HP-UX B.11.31 HP-UX B.11.23 ABSTRACT: A remote user can execute arbitrary code on the target system. REFERENCE LINKS: HP Support Document ID: c03255321 SecurityTracker Alert ID: 1026869 CVE-2012-0127 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS).

344

An Assessment of Use, Need for, and Capacity to Integrate Climate Information Among Water Managers in Southeastern United States and the ACF Basin  

E-Print Network (OSTI)

An Assessment of Use, Need for, and Capacity to Integrate Climate Information Among Water Managers-year droughts, floods, and associated water management decisions have long concerned water managers in Western states. Similar concerns are now facing water managers in Southeastern states, including those in Georgia

Miami, University of

345

Management Challenges in Developing Performance Assessments and Effectively Communicating Their Results - 13612  

SciTech Connect

The end of the Cold War has left a legacy of approximately 37 million gallons of radioactive waste in the aging waste tanks at the Department of Energy's Savannah River Site (SRS). A robust program is in place to remove waste from these tanks, treat the waste to separate into a relatively small volume of high level waste and a large volume of low-level waste, and to actively dispose of the low-level waste on-site and close the cleaned waste tanks and associated ancillary structures. To support performance-based, risk-informed decision making, performance assessments have been developed for the low-level waste disposal facility and for the SRS Tank Farms. Although these performance assessments share many similar features, the nature of the hazards and associated containments differ. As a management team, we are challenged to effectively communicate both the similarities and differences of these performance assessments, how they should be used to support sound decision making for treatment, disposal and waste tank cleaning decisions, and in defending their respective assumptions to the regulatory community and the public but, equally important, to our own corporate decision makers and operations personnel. Effective development and defense of these performance assessments, and effective interpretation and communication of the results are key to making cost-effective, pragmatic decisions for the safe disposal of the low-level waste and stabilization and operational closure of the cleaned tanks and associated structures. This paper will focus on the importance and challenges in communicating key attributes, conclusions and operational implications within a company. (authors)

Thomas, Steve; Mahoney, Mark [Savannah River Remediations LLC, Building 705-1C, Savannah River Site, Aiken, SC 29808 (United States)] [Savannah River Remediations LLC, Building 705-1C, Savannah River Site, Aiken, SC 29808 (United States)

2013-07-01T23:59:59.000Z

346

DOE/EA-Ill7 ENVIRONMENTAL ASSESSMENT Management of Spent Nuclear Fuel  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Ill7 Ill7 ENVIRONMENTAL ASSESSMENT Management of Spent Nuclear Fuel on the Oak Ridge Reservation Oak Ridge, Tennessee February 1996 US. Department of Energy Oak Ridge Operations Oak Ridge, Tennessee DISCLAIMER Portions of this document may be illegible in electronic image products. Images are produced from the best available original document. . DISCLAIMER i This report was prepared as an a m u n t of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsi- bility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Refer-

347

Assessment of medical waste management at a primary health-care center in Sao Paulo, Brazil  

SciTech Connect

Highlights: Black-Right-Pointing-Pointer Assessment of medical waste management at health-care center before/after intervention. Black-Right-Pointing-Pointer Qualitative and quantitative results of medical waste management plan are presented. Black-Right-Pointing-Pointer Adjustments to comply with regulation were adopted and reduction of waste was observed. Black-Right-Pointing-Pointer The method applied could be useful for similar establishments. - Abstract: According to the Brazilian law, implementation of a Medical Waste Management Plan (MWMP) in health-care units is mandatory, but as far as we know evaluation of such implementation has not taken place yet. The purpose of the present study is to evaluate the improvements deriving from the implementation of a MWMP in a Primary Health-care Center (PHC) located in the city of Sao Paulo, Brazil. The method proposed for evaluation compares the first situation prevailing at this PHC with the situation 1 year after implementation of the MWMP, thus allowing verification of the evolution of the PHC performance. For prior and post-diagnosis, the method was based on: (1) application of a tool (check list) which considered all legal requirements in force; (2) quantification of solid waste subdivided into three categories: infectious waste and sharp devices, recyclable materials and non-recyclable waste; and (3) identification of non-conformity practices. Lack of knowledge on the pertinent legislation by health workers has contributed to non-conformity instances. The legal requirements in force in Brazil today gave origin to a tool (check list) which was utilized in the management of medical waste at the health-care unit studied. This tool resulted into an adequate and simple instrument, required a low investment, allowed collecting data to feed indicators and also conquered the participation of the unit whole staff. Several non-conformities identified in the first diagnosis could be corrected by the instrument utilized. Total waste generation increased 9.8%, but it was possible to reduce the volume of non-recyclable materials (11%) and increase the volume of recyclable materials (4%). It was also possible to segregate organic waste (7%), which was forwarded for production of compost. The rate of infectious waste generation in critical areas decreased from 0.021 to 0.018 kg/procedure. Many improvements have been observed, and now the PHC complies with most of legal requirements, offers periodic training and better biosafety conditions to workers, has reduced the volume of waste sent to sanitary landfills, and has introduced indicators for monitoring its own performance. This evaluation method might subsidize the creation and evaluation of medical waste management plans in similar heath institutions.

Moreira, A.M.M., E-mail: anamariainforme@hotmail.com [Department of Environmental Health, School of Public Health, University of Sao Paulo, Avenida Doutor Arnaldo 715, Sao Paulo 01246-904 (Brazil); Guenther, W.M.R. [Department of Environmental Health, School of Public Health, University of Sao Paulo, Avenida Doutor Arnaldo 715, Sao Paulo 01246-904 (Brazil)

2013-01-15T23:59:59.000Z

348

Detecting Network Vulnerabilities Through Graph Theoretical Methods  

E-Print Network (OSTI)

benchmark power networks. 1 Introduction The electric power grid network is susceptible to power outages of our work is power networks, our techniques are applicable to other systems such as the transportation vulnerabilities in power networks is an important prob- lem, as even a small number of vulnerable connections can

Geddes, Cameron Guy Robinson

349

WM2014 Conference- Building the Community of Practice for Performance and Risk Assessment in Support of Risk-Informed Environmental Management Decisions  

Energy.gov (U.S. Department of Energy (DOE))

WM2014 Conference - Building the Community of Practice for Performance and Risk Assessment in Support of Risk-Informed Environmental Management Decisions - 14575

350

T-596: 0-Day Windows Network Interception Configuration Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: 0-Day Windows Network Interception Configuration 6: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can be used to stage potential man-in-the-middle (MITM) attacks on IPv4 traffic. Please see the "Other Links" section below, as it provides an external URL reference. reference LINKS: InfoSec Institute - SLAAC Attack Cisco Threat Comparison and Best-Practice White Paper IMPACT ASSESSMENT: High

351

Assessment of thermal analysis software for the DOE Office of Civilian Radioactive Waste Management  

SciTech Connect

This assessment uses several recent assessments and the more general code compilations that have been completed to produce a list of 116 codes that can be used for thermal analysis. This list is then compared with criteria prepared especially for the Department of Energy Office of Civilian Radioactive Waste Management (DOE/OCRWM). Based on these criteria, fifteen codes are narrowed to three primary codes and four secondary codes for use by the OCRWM thermal analyst. The analyst is cautioned that since no single code is sufficient for all applications, a code must be selected based upon the predominate heat transfer mode of the problem to be solved, but the codes suggested in this report have been used successfully for a range of OCRWM applications. The report concludes with a series of recommendations for additional work of which the major points include the following: The codes suggested by this report must be benchmarked with the existing US and international problems and validated when possible; An interactive code selection tool could be developed or, perhaps even more useful, a users group could be supported to ensure the proper selection of thermal codes and dissemination of information on the latest version; The status of the 116 codes identified by this report should be verified, and methods for maintaining the still active codes must be established; and special capabilities of each code in phase change, convection and radiation should be improved to better enable the thermal analyst to model OCRWM applications. 37 refs., 3 figs., 12 tabs.

Williams, P.T.; Graham, R.F.; Lagerberg, G.N.; Chung, T.C.

1989-07-01T23:59:59.000Z

352

Vulnerability Take Grant (VTG): An efficient approach to analyze network vulnerabilities  

Science Journals Connector (OSTI)

Modeling and analyzing information system vulnerabilities help predict possible attacks to computer networks using vulnerabilities information and the network configuration. In this paper, we propose a comprehensive approach to analyze network vulnerabilities in order to answer the safety problem focusing on vulnerabilities. The approach which is called Vulnerability Take Grant (VTG) is a graph-based model consists of subject/objects as nodes and rights/relations as edges to represent the system protection state. Each node may have properties including single vulnerabilities such as buffer overflow. We use the new concept of vulnerability rewriting rule to specify the requirements and consequences of exploiting vulnerabilities. Analysis of the model is achieved using our bounded polynomial algorithm, which generates the most permissive graph in order to verify whether a subject can obtain an access right over an object. The algorithm also finds the likely attack scenarios. Applicability of the approach is investigated by modeling widespread vulnerabilities in their general patterns. A real network is modeled as a case study in order to examine how an attacker can gain unauthorized access via exploiting the chain of vulnerabilities. Our experience shows the efficiency, applicability, and expressiveness in modeling a broader range of vulnerabilities in our approach in comparison to the previous approaches.

Hamid Reza Shahriari; Rasool Jalili

2007-01-01T23:59:59.000Z

353

Assessment of transportation risk for the U.S. Department of Energy Environmental Management programmatic environmental impact statement  

SciTech Connect

In its Programmatic Environmental Impact Statement (PEIS), the Office of Environmental Management (EM) of the U.S. Department of Energy (DOE) is considering a broad range of alternatives for the future management of radioactive and hazardous waste at the facilities of the DOE complex. The alternatives involve facilities to be used for treatment, storage, and disposal of various wastes generated from DOE environmental restoration activities and waste management operations. The evaluation includes five types of waste (four types of radioactive waste plus hazardous waste), 49 sites, and numerous cases associated with each alternative for waste management. In general, the alternatives are evaluated independently for each type of waste and reflect decentralized, regionalized, and centralized approaches. Transportation of waste materials is an integral component of the EM PEIS alternatives for waste management. The estimated impact on human health that is associated with various waste transportation activities is an important component of a complete appraisal of the alternatives. The transportation risk assessment performed for the EM PEIS is designed to ensure through uniform and judicious selection of models, data, and assumptions that relative comparisons of risk among the various alternatives are meaningful and consistent. Among other tasks, Argonne National Laboratory is providing technical assistance to the EM PEIS on transportation risk assessment. The objective is to perform a human health risk assessment for each type of waste relative to the EM PEIS alternatives for waste management. The transportation risk assessed is part of the overall impacts being analyzed for the EM PEIS to determine the safest, most environmentally and economically sound manner in which to satisfy requirements for waste management in the coming decades.

Chen, S.Y.; Monette, F.A.; Biwer, B.M.; Lazaro, M.A.; Hartmann, H.M.; Policastro, A.J.

1995-03-01T23:59:59.000Z

354

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: MySQL User Login Security Bypass and Unspecified 8: MySQL User Login Security Bypass and Unspecified Vulnerability U-188: MySQL User Login Security Bypass and Unspecified Vulnerability June 12, 2012 - 7:00am Addthis PROBLEM: A security issue and vulnerability have been reported in MySQL PLATFORM: MySQL 5.x ABSTRACT: An error when verifying authentication attempts can be exploited to bypass the authentication mechanism. Reference LINKS: Original Advisory CVE-2012-2122 Secunia Advisory 49409 IMPACT ASSESSMENT: High Discussion: Successful exploitation of this vulnerability requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc). NOTE: Vendor binaries are reportedly not affected. The security issue is reported in versions prior to 5.1.63 and 5.5.25.

355

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

356

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

357

U-117: Potential security vulnerability has been identified with certain HP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Potential security vulnerability has been identified with 7: Potential security vulnerability has been identified with certain HP printers and HP digital senders U-117: Potential security vulnerability has been identified with certain HP printers and HP digital senders March 5, 2012 - 7:00am Addthis PROBLEM: The vulnerability could be exploited remotely to install unauthorized printer firmware. PLATFORM: Select HP printers and Digital Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. reference LINKS: Vendor Advisory CVE-2011-4161 Previous JC3 Advisory Bulletin IMPACT ASSESSMENT: High Discussion: The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx;

358

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

359

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

202: Apple QuickTime Multiple Stack Overflow Vulnerabilities 202: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

360

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Stack Overflow Vulnerabilities 2: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

362

V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ownCloud Cross-Site Scripting and File Upload 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

363

U-151: Bugzilla Cross-Site Request Forgery Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Bugzilla Cross-Site Request Forgery Vulnerability 51: Bugzilla Cross-Site Request Forgery Vulnerability U-151: Bugzilla Cross-Site Request Forgery Vulnerability April 19, 2012 - 8:15am Addthis PROBLEM: A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. reference LINKS: Vendor Advisory Secunia Advisory 48835 CVE-2012-0465 CVE-2012-0466 IMPACT ASSESSMENT: Medium Discussion: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery of a valid user password. An attacker can get access to some bug information using the victim's

364

T-730: Vulnerability in Citrix Provisioning Services could result...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code...

365

T-565: Vulnerability in Microsoft Malware Protection Engine Could...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of...

366

Locating Climate Insecurity: Where Are the Most Vulnerable Places...  

Open Energy Info (EERE)

Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable...

367

Report to Congress on Insular Area energy vulnerability  

SciTech Connect

This report was prepared in response to Section 1406 of the Energy Policy Act of 1992 (Public Law 102-486), which directed the Department of Energy (DOE) to ``conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption,`` and to ``outline how the insular areas shall gain access to vital oil supplies during times of national emergency.`` The Act defines the insular areas to be the US Virgin Islands and Puerto Rico in the Caribbean, and Guam, American Samoa, the Commonwealth of the Northern Mariana Islands (CNMI), and Palau in the Pacific. In the study, ``unique vulnerabilities`` were defined as susceptibility to: (1) more frequent or more likely interruptions of oil supplies compared to the US Mainland, and/or (2) disproportionately larger or more likely economic losses in the event of an oil supply disruption. In order to assess unique vulnerabilities, the study examined the insular areas` experience during past global disruptions of oil supplies and during local emergencies caused by natural disasters. The effects of several possible future global disruptions and local emergencies were also analyzed. Analyses were based on historical data, simulations using energy and economic models, and interviews with officials in the insular governments and the energy industry.

Not Available

1994-05-01T23:59:59.000Z

368

Burlington Bottoms Wildlife Mitigation Project. Final Environmental Assessment/Management Plan and Finding of No Significant Impact.  

SciTech Connect

Bonneville Power Administration (BPA) proposes to fund wildlife management and enhancement activities for the Burlington bottoms wetlands mitigation site. Acquired by BPA in 1991, wildlife habitat at Burlington bottoms would contribute toward the goal of mitigation for wildlife losses and inundation of wildlife habitat due to the construction of Federal dams in the lower Columbia and Willamette River Basins. Target wildlife species identified for mitigation purposes are yellow warbler, great blue heron, black-capped chickadee, red-tailed hawk, valley quail, spotted sandpiper, wood duck, and beaver. The Draft Management Plan/Environmental Assessment (EA) describes alternatives for managing the Burlington Bottoms area, and evaluates the potential environmental impacts of the alternatives. Included in the Draft Management Plan/EA is an implementation schedule, and a monitoring and evaluation program, both of which are subject to further review pending determination of final ownership of the Burlington Bottoms property.

Not Available

1994-12-01T23:59:59.000Z

369

Safeguarding Children and Vulnerable Adults 1. Introduction  

E-Print Network (OSTI)

1 Safeguarding Children and Vulnerable Adults 1. Introduction 2. Definition & Legislation 3. Scope 4. Roles & Responsibilities 5. Action Appendix 1 ­ Handling a Safeguarding Case & Contacts as best practice for all safeguarding activity; however, this policy reflects the different practices

Anderson, Jim

370

Environmental assessment for the Radioactive and Mixed Waste Management Facility: Sandia National Laboratories/New Mexico  

SciTech Connect

The Department of Energy (DOE) has prepared an environmental assessment (EA) (DOE/EA-0466) under the National Environmental Policy Act (NEPA) of 1969 for the proposed completion of construction and subsequent operation of a central Radioactive and Mixed Waste Management Facility (RMWMF), in the southeastern portion of Technical Area III at Sandia National Laboratory, Albuquerque (SNLA). The RMWMF is designed to receive, store, characterize, conduct limited bench-scale treatment of, repackage, and certify low-level waste (LLW) and mixed waste (MW) (as necessary) for shipment to an offsite disposal or treatment facility. The RMWMF was partially constructed in 1989. Due to changing regulatory requirements, planned facility upgrades would be undertaken as part of the proposed action. These upgrades would include paving of road surfaces and work areas, installation of pumping equipment and lines for surface impoundment, and design and construction of air locks and truck decontamination and water treatment systems. The proposed action also includes an adjacent corrosive and reactive metals storage area, and associated roads and paving. LLW and MW generated at SNLA would be transported from the technical areas to the RMWMF in containers approved by the Department of Transportation. The RMWMF would not handle nonradioactive hazardous waste. Based on the analysis in the EA, the proposed completion of construction and operation of the RMWMF does not constitute a major Federal action significantly affecting the quality of the human environment within the meaning of NEPA. Therefore, preparation of an environmental impact statement for the proposed action is not required.

Not Available

1993-06-01T23:59:59.000Z

371

JC3 Low Impact Assessment Bulletins  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

low-impact-assessment-bulletins low-impact-assessment-bulletins Office of the Chief Information Officer 1000 Independence Ave., SW Washington, DC 202-586-0166 en V-207: Wireshark Multiple Denial of Service Vulnerabilities http://energy.gov/cio/articles/v-207-wireshark-multiple-denial-service-vulnerabilities vulnerabilities" class="title-link">V-207: Wireshark Multiple Denial of Service Vulnerabilities

372

Groundwater quality assessment plan for single-shell waste management area B-BX-BY at the Hanford Site  

SciTech Connect

Pacific Northwest National Laboratory conducted a first determination groundwater quality assessment at the Hanford Site. This work was performed for the US Department of Energy, Richland Operations Office, in accordance with the Federal Facility Compliance Agreement during the time period 1996--1998. The purpose of the assessment was to determine if waste from the Single-Shell Tank (SST) Waste Management Area (WMA) B-BX-BY had entered the groundwater at levels above the drinking water standards (DWS). The resulting assessment report documented evidence demonstrating that waste from the WMA has, most likely, impacted groundwater quality. Based on 40 CFR 265.93 [d] paragraph (7), the owner-operator must continue to make the minimum required determinations of contaminant level and of rate/extent of migrations on a quarterly basis until final facility closure. These continued determinations are required because the groundwater quality assessment was implemented prior to final closure of the facility.

SM Narbutovskih

2000-03-31T23:59:59.000Z

373

V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: IBM Tivoli Federated Identity Manager Signature Verification 3: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes January 21, 2013 - 12:15am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes PLATFORM: Tivoli Federated Identity Manager versions 6.2.0, 6.2.1, 6.2.2 ABSTRACT: A vulnerability was reported in IBM Tivoli Federated Identity Manager. REFERENCE LINKS: IBM Security Bulletin: 1615744 SecurityTracker Alert ID: 1028011 CVE-2012-6359 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not check that all attributes have been signed. A remote user with the ability to conduct a man-in-the-middle attack can modify

374

U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Cisco Unified Communications Manager Directory Traversal 1: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files October 27, 2011 - 7:45am Addthis PROBLEM: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files. PLATFORM: Cisco Unified Communications Manager 6.x, 7.x and 8.x ABSTRACT: A vulnerability was reported in Cisco Unified Communications Manager. reference LINKS: Cisco Advisory ID: cisco-sa-20111026-cucm Cisco Security Advisories and Response SecurityTracker Alert ID: 1026243 CVE-2011-3315 IMPACT ASSESSMENT: Medium Discussion: A remote user can view files on the target system. The software does not properly validate user-supplied input. A remote user can supply a specially

375

V-192: Symantec Security Information Manager Input Validation Flaws Permit  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

92: Symantec Security Information Manager Input Validation Flaws 92: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks V-192: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks July 4, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in Symantec Security Information Manager PLATFORM: Symantec Security Information Manager Appliance Version 4.7.x and 4.8.0 ABSTRACT: Symantec was notified of multiple security issues impacting the SSIM management console REFERENCE LINKS: SecurityTracker Alert ID: 1028727 Symantec Security Advisory SYM13-006 CVE-2013-1613 CVE-2013-1614 CVE-2013-1615 IMPACT ASSESSMENT: Medium DISCUSSION: The console does not properly filter HTML code from user-supplied input

376

U-003:RPM Package Manager security update | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

03:RPM Package Manager security update 03:RPM Package Manager security update U-003:RPM Package Manager security update October 4, 2011 - 1:30pm Addthis PROBLEM: A vulnerability was reported in RPM Package Manager. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): 4.9.1.1 and prior versions. ABSTRACT: RPM Package Manager Header Validation Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: RPM Package Manager Advisory RHSA-2011:1349-1 SecurityTracker Alert ID: 1026134 CVE-2011-3378 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted RPM package that, when queried or installed by the target user, will trigger a buffer overflow or memory corruption error and execute arbitrary code on the target system. The code

377

E-Print Network 3.0 - assessing quality management Sample Search...  

NLE Websites -- All DOE Office Websites (Extended Search)

management... pillar, ... Source: Vardeman, Stephen B. - Departments of Statistics & Industrial Engineering, Iowa State University Collection: Mathematics 33 Quality...

378

UEA Water Security Research Centre Climate Change and Variability Adaptation and Vulnerability  

E-Print Network (OSTI)

UEA Water Security Research Centre Climate Change and Variability · Adaptation and Vulnerability · Transboundary Cooperation ­ Conflict · Irrigation Performance and Policy · River Basin Management · Water Allocation · Hydropolitics www.uea.ac.uk/watersecurity #12;The UEA Water Security Research Centre applies

Everest, Graham R

379

Vulnerability of the New York City Metropolitan Area to Coastal Hazards,  

E-Print Network (OSTI)

Trade Center site in Lower Manhattan, and of the Brooklyn water- front, long home to the former Brooklyn-Level Rise: Inferences for Urban Coastal Risk Management and Adaptation Policies Klaus Jacob, Vivien Gornitz at or near sea level. Major coastal urban centers have long been vulnerable to natural hazards, such as storm

380

V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: GnuTLS TLS Record Decoding Denial of Service Vulnerability 7: GnuTLS TLS Record Decoding Denial of Service Vulnerability V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability May 30, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in GnuTLS PLATFORM: GnuTLS 2.x ABSTRACT: A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) REFERENCE LINKS: Secunia Advisory SA53600 GnuTLS Library GNUTLS-SA-2013-2 CVE-2013-2116 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an out-of-bounds read error within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c and can be exploited to cause a crash of the application using the library. IMPACT: Possible DoS SOLUTION: Vendor recommends applying Patch or upgrading to Version 3.x

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP StoreOnce D2D Backup Systems Denial of Service 6: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability August 24, 2013 - 3:45am Addthis PROBLEM: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: HP StoreOnce D2D Backup Systems 1.x, HP StoreOnce D2D Backup Systems 2.x ABSTRACT: The vulnerability is reported in versions 2.2.18 and prior and 1.2.18 and prior. REFERENCE LINKS: Secunia Advisory SA54598 CVE-2013-2353 IMPACT ASSESSMENT: Moderate DISCUSSION: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further

382

U-171: DeltaV Products Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

71: DeltaV Products Multiple Vulnerabilities 71: DeltaV Products Multiple Vulnerabilities U-171: DeltaV Products Multiple Vulnerabilities May 17, 2012 - 7:00am Addthis PROBLEM: DeltaV Products Multiple Vulnerabilities PLATFORM: DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 DeltaV ProEssentials Scientific Graph version 5.0.0.6 ABSTRACT: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference LINKS: Secunia Advisory SA49210 CVE-2012-1814 CVE-2012-1815 CVE-2012-1816 CVE-2012-1817 CVE-2012-1818 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and

383

Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

Not Available

1994-09-01T23:59:59.000Z

384

Centralized Cryptographic Key Management and Critical Risk Assessment - CRADA Final Report For CRADA Number NFE-11-03562  

SciTech Connect

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) Cyber Security for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing Cyber Security for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.

Abercrombie, R. K. [ORNL] [ORNL; Peters, Scott [Sypris Electronics, LLC] [Sypris Electronics, LLC

2014-05-28T23:59:59.000Z

385

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow  

NLE Websites -- All DOE Office Websites (Extended Search)

65: Vulnerability in Microsoft Malware Protection Engine Could 65: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability February 25, 2011 - 7:40am Addthis PROBLEM: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability. PLATFORM: Microsoft Malware Protection Engine Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0 This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0 If the version of the Microsoft Malware Protection Engine is equal to or

386

Analysis of the low-level waste radionuclide inventory for the Radioactive Waste Management Complex performance assessment  

SciTech Connect

This report summarizes the results of a study to improve the estimates of the radionuclides in the low-level radioactive waste (LLW) inventory which is buried in the Idaho National Engineering Laboratory (INEL) Radioactive Waste Management Complex (RWMC) Subsurface Disposal Area (SDA). The work is done to support the RWMC draft performance assessment (PA). Improved radionuclide inventory estimates are provided for the INEL LLW generators. Engineering, environmental assessment or other research areas may find use for the information in this report. It may also serve as a LLW inventory baseline for data quality assurance. The individual INEL LLW generators, their history and their activities are also described in detail.

Plansky, L.E.; Hoiland, S.A.

1992-02-01T23:59:59.000Z

387

V-195: RSA Authentication Manager Lets Local Users View the Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

95: RSA Authentication Manager Lets Local Users View the 95: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password July 9, 2013 - 12:51am Addthis PROBLEM: RSA Authentication Manager Lets Local Users View the Administrative Account Password PLATFORM: RSA Authentication Manager 7.1, 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028742 CVE-2013-3273 RSA IMPACT ASSESSMENT: Medium DISCUSSION: When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace

388

A method of assessing users' vs managers' perceptions of safety and security problems in public beach park settings  

E-Print Network (OSTI)

while answering this form of report, research has proven that the respondents are generally truthful and accurate in the in- formation they provide (Sheley 1979; Levine 1982). Due to the transitory nature of park users this system would...A METHOD OF ASSESSING USERS' VS MANAGERS' PERCEPTIONS OF SAFETY AND SECURITY PROBLEMS IN PUBLIC BEACH PARK SETTINGS A Thesis by ROBERT JAMES SCOTT STEELE Submitted to the Graduate College of Texas A&M University In Par ial Fulfillment...

Steele, Robert James Scott

2012-06-07T23:59:59.000Z

389

RCRA Assessment Plan for Single-Shell Tank Waste Management Area T  

SciTech Connect

This plan describes the data quality objectives process used to guide information gathering to further the assessment at WMA T.

Horton, Duane G.

2006-01-15T23:59:59.000Z

390

Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nations energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

391

RCRA Assessment Plan for Single-Shell Tank Waste Management Area S-SX at the Hanford Site  

SciTech Connect

A groundwater quality assessment plan was prepared for waste management area S-SX at the Hanford Site. Groundwater monitoring is conducted at this facility in accordance with Title 40, Code of Federal Regulation (CFR) Part 265, Subpart F [and by reference of Washington Administrative Code (WAC) 173-303-400(3)]. The facility was placed in assessment groundwater monitoring program status after elevated waste constituents and indicator parameter measurements (i.e., chromium, technetium-99 and specific conductance) in downgradient monitoring wells were observed and confirmed. A first determination, as allowed under 40 CFR 265.93(d), provides the owner/operator of a facility an opportunity to demonstrate that the regulated unit is not the source of groundwater contamination. Based on results of the first determination it was concluded that multiple source locations in the waste management area could account for observed spatial and temporal groundwater contamination patterns. Consequently, a continued investigation is required. This plan, developed using the data quality objectives process, is intended to comply with the continued investigation requirement. Accordingly, the primary purpose of the present plan is to determine the rate and extent of dangerous waste (hexavalent chromium and nitrate) and radioactive constituents (e.g., technetium-99) in groundwater and to determine their concentrations in groundwater beneath waste management area S-SX. Comments and concerns expressed by the Washington State Department of Ecology on the initial waste management area S-SX assessment report were addressed in the descriptive narrative of this plan as well as in the planned activities. Comment disposition is documented in a separate addendum to this plan.

Chou, C.J.; Johnson, V.G.

1999-10-06T23:59:59.000Z

392

Aeronautical System Center's environmental compliance assessment and management program's cost-saving initiatives support the Air Force's acquisition reform initiative  

SciTech Connect

The Environmental Management directorate of ASC (ASC/EM) has the responsibility of providing government oversight for the Government Owned Contractor Operated Aircraft and Missile plants (GOCOs). This oversight is manifested as a landlord role where Air Force provides the funding required to maintain the plant facilities including buildings and utilities as well as environmental systems. By agreement the companies operating the plants are required to operate them in accordance with environmental law. Presently the GOCOs include Air Force Plant (AFP) 6 in Marietta Ga., AFP 4 in Fort Worth, Tx., AFP 44 in Tucson, Az., AFP 42 in Palmdale, Ca., and AFP PJKS in Denver, Co. Lockheed Martin corporation operates AFPs 4,6, PJKS and a portion of AFP 42 while AFP 44 is operated by Raytheon Missile Systems Company. Other GOCOs at AFP 42 are Northrup-Grumman, Boeing, and Cabaco, the facilities engineer. Since 1992 the Environmental Management division has conducted its Environmental Compliance Assessment and Management Program assessments (ECAMP) annually at each of the plants. Using DOD's ECAMP Team Guide and teams comprised of both Air Force and consultant engineering personnel, each plant is assessed for its environmental compliance well being. In the face of rising operational costs and diminishing budgets ASC/EM performed a comprehensive review of its ECAMP. As a result, the basic ECAMP program was improved to reduce costs without compromising on quality of the effort. The program retained its emphasis in providing a snap-shot evaluation of each Air Force plant's environmental compliance health supported by complete but tailored protocol assessments.

Meanor, T.

1999-07-01T23:59:59.000Z

393

Environmental Assessment/Regulatory Impact Review/Initial Regulatory Flexibility Analysis for Proposed Amendment 86 to the Fishery Management Plan for Groundfish of the Bering  

E-Print Network (OSTI)

Environmental Assessment/Regulatory Impact Review/Initial Regulatory Flexibility Analysis......................................................................................................................................... 1 2 Regulatory Impact Review for Proposed Amendment 86 to the Fishery Management Plan for Groundfish of the Bering sea/Aleutian Islands

394

Supplemnental Volume - Independent Oversight Assessment of the Nuclear Safety Culture and Management of Nuclear Safety Concerns at the Hanford Site Waste Treatment and Immobilization Plant, January 2012  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Volume Volume Independent Oversight Assessment of Nuclear Safety Culture and Management of Nuclear Safety Concerns at the Hanford Site Waste Treatment and Immobilization Plant January 2012 Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Office of Health, Safety and Security HSS i Independent Oversight Assessment of Safety Culture and Management of Nuclear Safety Concerns at the Hanford Site Waste Treatment and Immobilization Plant Supplemental Volume Table of Contents Foreword ...................................................................................................................................................... iii Acronyms ...................................................................................................................................................... v

395

V-125: Cisco Connected Grid Network Management System Multiple...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco...

396

T-560: Cisco Security Advisory: Management Center for Cisco Security Agent  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Cisco Security Advisory: Management Center for Cisco 0: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability February 18, 2011 - 7:00am Addthis PROBLEM: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability. PLATFORM: Cisco Security Agent software releases 5.1, 5.2, and 6.0 are affected by this vulnerability. Note: Only the Management Center for Cisco Security Agent is affected by this vulnerability. Cisco Security Agent installations on end-point workstations or servers are not affected by this vulnerability. ABSTRACT: The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote

397

Save Energy Now Assessment Helps Expand Energy Management Program at Shaw Industries  

Energy.gov (U.S. Department of Energy (DOE))

This case study details how a DOE energy assessment helped Shaw Industries identify significant energy savings opportunities in their Dalton, Georgia, plant's steam system.

398

Assessing the Environmental Costs and Benefits of Households Electricity Consumption Management.  

E-Print Network (OSTI)

?? In this study the environmental costs and benefits of smart metering technology systems installed in households in Norway have been assessed. Smart metering technology (more)

Segtnan, Ida Lund

2011-01-01T23:59:59.000Z

399

V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP Service Manager Bugs Permit Cross-Site Scripting and 6: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks May 1, 2013 - 12:43am Addthis PROBLEM: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks PLATFORM: Service Manager v9.31 Web Tier ABSTRACT: Two vulnerabilities were reported in HP Service Manager REFERENCE LINKS: HP Document ID: c03748875 SecurityTracker Alert ID: 1028496 CVE-2012-5222 CVE-2013-2321 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can obtain potentially sensitive information [CVE-2012-5222]. Service Manager Web Tier does not properly filter HTML code from user-supplied input before displaying the input [CVE-2013-2321]. A remote

400

Analysis of vulnerability to facebook users  

Science Journals Connector (OSTI)

Facebook, the largest social network nowadays currently has 901 million active users, with 526 million of them accessing the system daily. With a very rapid growth, Facebook has become a potential site for the collection of personal information by unauthorized ... Keywords: exposure, facebook, social networks, vulnerability

Michelle Hanne; Cristiano Silva; Jussara Almeida; Marcos Gonalves

2012-10-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

Fragile Networks: Identifying Vulnerabilities and Synergies  

E-Print Network (OSTI)

, Efficiency Measurement, and Vulnerability Analysis · Part II: Applications and Extensions · Part III: Mergers the foundations for transportation and logistics, for communication, energy provision, social interactions that underlie our societies and economies are large-scale and complex in nature, they are liable to be faced

Nagurney, Anna

402

management  

National Nuclear Security Administration (NNSA)

5%2A en Management and Budget http:nnsa.energy.govaboutusouroperationsmanagementandbudget

P...

403

RCRA Assessment Plan for Single-Shell Tank Waste Management Area B-BX-BY at the Hanford Site  

SciTech Connect

This document was prepared as a groundwater quality assessment plan revision for the single-shell tank systems in Waste Management Area B-BX-BY at the Hanford Site. Groundwater monitoring is conducted at this facility in accordance with 40 CFR Part 265, Subpart F. In FY 1996, the groundwater monitoring program was changed from detection-level indicator evaluation to a groundwater quality assessment program when elevated specific conductance in downgradient monitoring well 299 E33-32 was confirmed by verification sampling. During the course of the ensuing investigation, elevated technetium-99 and nitrate were observed above the drinking water standard at well 299-E33-41, a well located between 241-B and 241-BX Tank Farms. Earlier observations of the groundwater contamination and tank farm leak occurrences combined with a qualitative analysis of possible solutions, led to the conclusion that waste from the waste management area had entered the groundwater and were observed in this well. Based on 40 CFR 265.93 [d] paragraph (7), the owner-operator must continue to make the minimum required determinations of contaminant level and rate/extent of migrations on a quarterly basis until final facility closure. These continued determinations are required because the groundwater quality assessment was implemented prior to final closure of the facility.

Narbutovskih, Susan M.

2006-09-29T23:59:59.000Z

404

Tsunami Assessment for Risk Management at Nuclear Power Facilities in Japan  

Science Journals Connector (OSTI)

The present study focuses on evaluation of the maximum and minimum water levels caused by tsunamis as risk factors for operation and management at nuclear power facilities along the coastal area of Japan. Tsunami...

Ken Yanagisawa; Fumihiko Imamura

2007-01-01T23:59:59.000Z

405

Tsunami Assessment for Risk Management at Nuclear Power Facilities in Japan  

Science Journals Connector (OSTI)

The present study focuses on evaluation of the maximum and minimum water levels caused by tsunamis as risk factors for operation and management at nuclear power facilities along the coastal area of Japan. Tsunami...

Ken Yanagisawa; Fumihiko Imamura; Tsutomu Sakakiyama

2007-03-01T23:59:59.000Z

406

Self-perceptions of volunteer management:: a texas 4-h volunteer needs assessment  

E-Print Network (OSTI)

to the Texas 4-H Program. However, as with any program, there is room for improvement. Respondents indicated a need for curriculum development in volunteer and club management. Additionally, 83% of volunteers began volunteering because they had children...

Torock, Jodi Lynn

2009-05-15T23:59:59.000Z

407

Assessment of the urban public's knowledge of white-tailed deer management in two Texas communities  

E-Print Network (OSTI)

Urbanization throughout much of Texas has resulted in diminished wildlife habitat, resulting from fragmented landscapes. Several previous studies addressed the publics attitudes concerning the most acceptable white-tailed deer management techniques...

Alderson, Jessica Lynn

2009-05-15T23:59:59.000Z

408

Assessing the Potential of Developing a Tool for Residential Facility Management Using Building Information Modeling Software  

E-Print Network (OSTI)

, maintenance and management data for the Sydney Opera House (Sabol, 2008). BIM integrated with gaming has proved to be a simple means through which to provide safety training in the construction industry (Nidhi Jain, 2010). BIM integrated with 13..., maintenance and management data for the Sydney Opera House (Sabol, 2008). BIM integrated with gaming has proved to be a simple means through which to provide safety training in the construction industry (Nidhi Jain, 2010). BIM integrated with 13...

Madhani, Himanshu 1986-

2012-11-29T23:59:59.000Z

409

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: eXtplorer "ext_find_user()" Authentication Bypass 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug. IMPACT: An error within the "ext_find_user()" function in users.php can be

410

Environmental Management System  

NLE Websites -- All DOE Office Websites (Extended Search)

Management System Environmental Management System An Environmental Management System is a systematic method for assessing mission activities, determining the environmental impacts...

411

T-597: WordPress Multiple Security Vulnerabilities | Department...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

7: WordPress Multiple Security Vulnerabilities T-597: WordPress Multiple Security Vulnerabilities April 7, 2011 - 5:42am Addthis PROBLEM: WordPress is prone to multiple security...

412

V-041: Red Hat CloudForms Multiple Vulnerabilities | Department...  

Energy Savers (EERE)

V-041: Red Hat CloudForms Multiple Vulnerabilities V-041: Red Hat CloudForms Multiple Vulnerabilities December 6, 2012 - 4:01am Addthis PROBLEM: Red Hat CloudForms Multiple...

413

IVF: characterizing the vulnerability of microprocessor structures to intermittent faults  

Science Journals Connector (OSTI)

With the advancement of CMOS manufacturing process to nano-scale, future shipped microprocessors will be increasingly vulnerable to intermittent faults. Quantitatively characterizing the vulnerability of microprocessor structures to intermittent faults ...

Songjun Pan; Yu Hu; Xiaowei Li

2010-03-01T23:59:59.000Z

414

U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Some vulnerabilities have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

415

U.S. Department of Energy worker health risk evaluation methodology for assessing risks associated with environmental restoration and waste management  

SciTech Connect

This document describes a worker health risk evaluation methodology for assessing risks associated with Environmental Restoration (ER) and Waste Management (WM). The methodology is appropriate for estimating worker risks across the Department of Energy (DOE) Complex at both programmatic and site-specific levels. This document supports the worker health risk methodology used to perform the human health risk assessment portion of the DOE Programmatic Environmental Impact Statement (PEIS) although it has applications beyond the PEIS, such as installation-wide worker risk assessments, screening-level assessments, and site-specific assessments.

Blaylock, B.P.; Legg, J.; Travis, C.C. [Oak Ridge National Lab., TN (United States). Center for Risk Management; Simek, M.A.; Sutherland, J. [Univ. of Tennessee, Knoxville, TN (United States); Scofield, P.A. [Office of Environmental Compliance and Documentation (United States)

1995-06-01T23:59:59.000Z

416

Semi-annual report of the Department of Energy Office of Environmental Management quality assessment program  

SciTech Connect

This report presents the results from the soil inorganic analysis of the 45th set of environmental quality assessment samples (QAP XLV) that were received on or before December 2, 1996.

Sanderson, C.G.; Greenlaw, P.

1997-01-01T23:59:59.000Z

417

Assessment of sludge management options in a waste water treatment plant  

E-Print Network (OSTI)

This thesis is part of a larger project which began in response to a request by the Spanish water agengy, Cadagua, for advice on life cycle assessment (LCA) and environmental impacts of Cadagua operated wastewater treatment ...

Lim, Jong hyun, M. Eng. Massachusetts Institute of Technology

2012-01-01T23:59:59.000Z

418

Methods for managing uncertainly in material selection decisions : robustness of early stage life cycle assessment  

E-Print Network (OSTI)

Utilizing alternative materials is an important tactic to improve the environmental performance of products. Currently a growing array of materials candidates confronts today's product designer. While life-cycle assessment ...

Nicholson, Anna L. (Anna Louise)

2009-01-01T23:59:59.000Z

419

Waste management health risk assessment: A case study of a solid waste landfill in South Italy  

SciTech Connect

An integrated risk assessment study has been performed in an area within 5 km from a landfill that accepts non hazardous waste. The risk assessment was based on measured emissions and maximum chronic population exposure, for both children and adults, to contaminated air, some foods and soil. The toxic effects assessed were limited to the main known carcinogenic compounds emitted from landfills coming both from landfill gas torch combustion (e.g., dioxins, furans and polycyclic aromatic hydrocarbons, PAHs) and from diffusive emissions (vinyl chloride monomer, VCM). Risk assessment has been performed both for carcinogenic and non-carcinogenic effects. Results indicate that cancer and non-cancer effects risk (hazard index, HI) are largely below the values accepted from the main international agencies (e.g., WHO, US EPA) and national legislation ( and ).

Davoli, E., E-mail: enrico.davoli@marionegri.i [Istituto di Ricerche Farmacologiche 'Mario Negri', Environmental Health Sciences Department, Via Giuseppe La Masa 19, 20156 Milano (Italy); Fattore, E.; Paiano, V.; Colombo, A.; Palmiotto, M. [Istituto di Ricerche Farmacologiche 'Mario Negri', Environmental Health Sciences Department, Via Giuseppe La Masa 19, 20156 Milano (Italy); Rossi, A.N.; Il Grande, M. [Progress S.r.l., Via Nicola A. Porpora 147, 20131 Milano (Italy); Fanelli, R. [Istituto di Ricerche Farmacologiche 'Mario Negri', Environmental Health Sciences Department, Via Giuseppe La Masa 19, 20156 Milano (Italy)

2010-08-15T23:59:59.000Z

420

From Chemical Risk Assessment to Environmental Quality Management: The Challenge for Soil Protection  

Science Journals Connector (OSTI)

In the 1960s there was considerable investment in wastewater treatment, and 1965 saw the first explicit national policy for water pollution prevention and control. ... Rothstein, H.; Irving, P.; Walden, T.; Yearsley, R. The risks of risk-based regulation: Insights from the environmental policy domain Environ. ... Risk assessment tools used in soil quality assessment include both political and scientific elements, which are often interwoven. ...

James Bone; Martin Head; David T. Jones; Declan Barraclough; Michael Archer; Catherine Scheib; Dee Flight; Paul Eggleton; Nikolaos Voulvoulis

2010-08-24T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

Cedar River, Cedar Rapids, Iowa Flood Risk Management Feasibility Study Report with Integrated Environmental Assessment  

E-Print Network (OSTI)

of Engineers (USACE) has developed a plan for the flood risk management for the Cedar River, Cedar Rapids, Iowa all 12 comments. 1. IEPR Comment - High Significance: The analysis of existing cultural resources Resources was revised to explain why the resolution of the cultural resources will not exceed the budgeted

US Army Corps of Engineers

422

Supporting conflict management in collaborative design: An approach to assess engineering change impacts  

Science Journals Connector (OSTI)

It is characteristic of collaborative engineering design that precedence relationships among design activities contain information flow conflicts. Due to multi-actors interaction, conflicts can emerge from disagreements between designers about proposed ... Keywords: Collaborative process, Conflict management, Design process traceability, Engineering change, Engineering data dependencies, Process coordination strategies

M. Z. Ouertani

2008-12-01T23:59:59.000Z

423

Assessment of carbon stores in tree biomass for two management scenarios inRussia  

Science Journals Connector (OSTI)

Accurate quantification of terrestrial carbon storage and its change is of key importance to improved understanding of global carbon dynamics. Forest management influences carbon sequestration and release patterns, and gap models are well suited for evaluating carbon storage. An individual-based gap model of forest dynamics, FAREAST, is applied across Russia to estimate aboveground carbon storage under management scenarios. Current biomass from inventoried forests across Russia is compared to model-based estimates and potential levels of biomass are estimated for a set of simplified forestry practices. Current carbon storage in eastern Russia was lower than for the northwest and south, and lower than model estimates likely due to high rates of disturbance. Model-derived carbon storage in all regions was not significantly different between the simulated 'current' and hypothetical 'even-aged' management strategies using rotations of 150 and 210 years. Simulations allowing natural maturation and harvest after 150 years show a significant increase in aboveground carbon in all regions. However, it is unlikely that forests would be left unharvested to 150 years of age to attain this condition. These applications indicate the value of stand simulators, applied over broad regions such as Russia, as tools to evaluate the effect of management regimes on aboveground carbon storage.

Jacquelyn K Shuman; Herman H Shugart; Olga N Krankina

2013-01-01T23:59:59.000Z

424

JC3 High Impact Assessment Bulletins  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

high-impact-assessment-bulletins high-impact-assessment-bulletins Office of the Chief Information Officer 1000 Independence Ave., SW Washington, DC 202-586-0166 en V-215: NetworkMiner Directory Traversal and Insecure Library Loading Vulnerabilities http://energy.gov/cio/articles/v-215-networkminer-directory-traversal-and-insecure-library-loading-vulnerabilities vulnerabilities" class="title-link">V-215: NetworkMiner Directory Traversal and Insecure Library Loading Vulnerabilities

425

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3, 2013 3, 2013 V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. April 2, 2013 V-124: Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks A vulnerability was reported in Splunk Web. March 27, 2013 V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. March 26, 2013 V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities IBM has acknowledged multiple vulnerabilities March 22, 2013 V-117: Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges

426

Western Water Assessment White Paper No. 9  

E-Print Network (OSTI)

University of Colorado Boulder, Colo. July 2011 Research supported by the Western Water Assessment #12;LISTWestern Water Assessment Western Water Assessment White Paper No. 9 ASSESSING MEASURES OF DROUGHT;Western Water Assessment White Paper No. 9 ASSESSING MEASURES OF DROUGHT IMPACT AND VULNERABILITY

Neff, Jason

427

Vulnerability assessment of water supply systems for insufficient fire flows  

E-Print Network (OSTI)

and Data Acquisition (SCADA) systems. Generally speaking, SCADA systems are the monitoring and control systems in the utility industries which help in operating the water system components with proper timing and sequence, measuring water quality... parameters, etc., without physically accessing the network. Thus, SCADA systems can reduce operating cost for a water utility and thereby increase a water system?s efficiency. The proposed hardening methodology of the water supply system was based...

Kanta, Lufthansa Rahman

2009-05-15T23:59:59.000Z

428

U-168: EMC Documentum Information Rights Management Server Bugs Let Remote  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

168: EMC Documentum Information Rights Management Server Bugs Let 168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service May 14, 2012 - 7:00am Addthis PROBLEM: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service PLATFORM: Information Rights Management Server 4.x, 5.x ABSTRACT: Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions. Reference links: SecurityTracker Alert ID: 1027058 CVE-2012-2276 CVE-2012-2277 IMPACT ASSESSMENT: High Discussion: A remote authenticated user can send specially crafted data to trigger a NULL pointer dereference and cause the target service to crash. A remote

429

T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

48: Avaya IP Office Manager TFTP Server Lets Remote Users 48: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory June 16, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Avaya IP Office Manager. A remote user can view files on the target system. PLATFORM: Versions 5.0.x - 6.1.x ABSTRACT: The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software. reference LINKS: ASA-2011-156 SecurityTracker Alert ID: 1025664 Secunia Advisory: SA43884 Avaya Support IMPACT ASSESSMENT: Medium Discussion: Avaya IP Office Manager is an application for viewing and editing an IP Office system's configuration. It can be used to securely connect to and

430

U-027: RSA Key Manager Appliance Session Logout Bug Fails to Terminate  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: RSA Key Manager Appliance Session Logout Bug Fails to 7: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions U-027: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions November 4, 2011 - 8:00am Addthis PROBLEM: RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions. PLATFORM: RSA Key Manager Appliance 2.7 Service Pack 1 ABSTRACT: A remote authenticated user session may not terminate properly. reference LINKS: SecurityTracker Alert ID: 1026276 SecurityFocus Bug Traq Seclists: ESA-2011-035 CVE-2011-2740 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in RSA Key Manager Appliance. A remote authenticated user session may not terminate properly. When using Firefox 4 and 5, an authenticated user session is not terminated properly when logging out.

431

U-047: Siemens Automation License Manager Bugs Let Remote Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Siemens Automation License Manager Bugs Let Remote Users 7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code November 29, 2011 - 9:00am Addthis PROBLEM: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code. PLATFORM: Siemens Automation License Manager 500.0.122.1 ABSTRACT: Several vulnerabilities were reported in Siemens Automation License Manager. reference LINKS: SecurityTracker Alert ID: 1026354 Bugtraq Siemens Advisory Services IMPACT ASSESSMENT: Medium Discussion: A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can send specially crafted *_licensekey commands to trigger a

432

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

433

V-120: EMC Smarts Network Configuration Manager Java RMI Access Control  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: EMC Smarts Network Configuration Manager Java RMI Access 0: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control V-120: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control March 27, 2013 - 12:51am Addthis PROBLEM: EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control PLATFORM: Version(s): prior to 9.2 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028342 www.emc.com CVE-2013-0935 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system. A user can exploit unspecified flaws in the NCM System Management

434

V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: RSA Authentication Manager Writes Operating System, SNMP, 4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files June 10, 2013 - 12:47am Addthis PROBLEM: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files PLATFORM: RSA Authentication Manager 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: RSA SecurityTracker Alert ID: 1028638 CVE-2013-0947 IMPACT ASSESSMENT: Medium DISCUSSION: The system may write operating system, SNMP, and HTTP plug-in proxy passwords in clear text to log and configuration files. IMPACT: A local user can obtain operating system, SNMP, and HTTP plug-in proxy

435

U-001:Symantec IM Manager Input Validation Flaws | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-001:Symantec IM Manager Input Validation Flaws U-001:Symantec IM Manager Input Validation Flaws U-001:Symantec IM Manager Input Validation Flaws October 3, 2011 - 12:45pm Addthis PROBLEM: Symantec IM Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Code Execution Attacks. PLATFORM: Version(s): prior to 8.4.18 ABSTRACT: Symantec IM Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Code Execution Attacks. reference LINKS: Security Advisory: SYM11-012 SecurityTracker Alert ID: 1026130 IMPACT ASSESSMENT: Medium Discussion: Several vulnerabilities were reported in Symantec IM Manager. A remote user can conduct cross-site scripting attacks. A remote user can inject SQL commands. Several scripts do not properly filter HTML code from user-supplied input before displaying the input [CVE-2011-0552]. A remote user can create a

436

U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-025: HP OpenView Network Node Manager Bugs Let Remote Users U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code November 2, 2011 - 8:00am Addthis PROBLEM: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: HP OpenView Network Node Manager (OV NNM) v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Support Center Document ID: c03054052 SecurityTracker Alert ID: 1026260 CVE-2011-1365 CVE-2011-1366 CVE-2011-1367 IMPACT ASSESSMENT: Medium Discussion: Several vulnerabilities were reported in HP OpenView Network Node Manager. A remote user can execute arbitrary code on the target system.

437

V-220: Juniper Security Threat Response Manager Lets Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Juniper Security Threat Response Manager Lets Remote 0: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands August 17, 2013 - 4:01am Addthis PROBLEM: A remote authenticated user can execute arbitrary commands on the target system. PLATFORM: 2010.0, 2012.0, 2012.1, 2013.1 ABSTRACT: A vulnerability was reported in Juniper Security Threat Response Manager (STRM) REFERENCE LINKS: SecurityTracker Alert ID: 1028921 CVE-2013-2970 IMPACT ASSESSMENT: High DISCUSSION: A remote authenticated user can inject commands to execute arbitrary operating system commands with the privileges of the target web service. This can be exploited to gain shell access on the target device.

438

Range Con: a management evaluation system for assessing sucess of selected range improvement practices  

E-Print Network (OSTI)

interview, and 80 identified agency/academic and rancher tertiary experts interviewed with a questionnaire. Responses from the tertiary experts were used to assign weight to values of the object/attribute/value triplet. Face validation procedures... success he assigned to the evaluation due to his greater level of knowledge associated with the technology. Range management experts experience the same processes, which often leads them to recommend technology to ranchers that exceeds the ranchers...

Ekblad, Steven Linn

2012-06-07T23:59:59.000Z

439

Incorporating risk into the feasibility assessment of alternative brush management strategies for the Welder Wildlife Refuge  

E-Print Network (OSTI)

be produced from it over time. Historically, the significant revenue source from rangelands has been grazing domestic animals for the production of consumer goods. More recently, a growing ecotourism industry, which includes hunting, hiking, bird watching... or failure is significant. Precautions must also be taken when developing a cost-effective brush management scheme to ensure that wildlife habitat disturbance is minimized if ecotourism rents are a desired goal. Problem Statement The purpose...

Schumann, Keith D.

2012-06-07T23:59:59.000Z

440

V-132: IBM Tivoli System Automation Application Manager Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli System Automation Application Manager Multiple 2: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation Application Manager which may affect the product REFERENCE LINKS: Secunia Advisory: SA53006 IBM Security Bulletin 21633991 IBM Security Bulletin 21633992 CVE-2011-3563 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

V-132: IBM Tivoli System Automation Application Manager Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli System Automation Application Manager Multiple 2: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation Application Manager which may affect the product REFERENCE LINKS: Secunia Advisory: SA53006 IBM Security Bulletin 21633991 IBM Security Bulletin 21633992 CVE-2011-3563 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501

442

Damage Assessment Technologies for Prognostics and Proactive Management of Materials Degradation  

SciTech Connect

The Nuclear Regulatory Commission has undertaken a program to lay the groundwork for defining proactive actions to manage degradation of materials in light water reactors (LWRs). This paper discusses the U.S. Nuclear Regulatory Commissions Proactive Management of Materials Degradation (PMMD) program and its application to nuclear power plant structures, systems and components. The PMMD program is examining LWR component materials and the degradation phenomena that affect them. Of particular interest is how such phenomena can be monitored to predict degradation and prevent component failure. Some forms of degradation, such as stress corrosion cracking, are characterized by a long initiation time followed by a rapid growth phase. Monitoring such long-term degradation will require new NDE methods and measurement procedures. A critical analysis of all reactor components is required to determine if new inspection strategies are required to effectively manage slow degradation mechanisms that may lead to component failure. As reactor lifetimes are extended, degradation mechanisms previously considered too long-term to be of consequence (such as concrete and wiring insulation degradation) may become more important. This paper includes a review of techniques with potential for sensing and monitoring degradation in its early stages and will concisely explain the basic principles of PMMD and its relationship to in-service inspection, condition based maintenance, and advanced diagnostics and prognostics.

Bond, Leonard J.; Doctor, Steven R.; Griffin, Jeffrey W.; Hull, Amy; Malik, Shah

2011-02-26T23:59:59.000Z

443

Damage Assessment Technologies for Prognostics and Proactive Management of Materials Degradation  

SciTech Connect

The Nuclear Regulatory Commission has undertaken a program to lay the groundwork for defining proactive actions to manage degradation of materials in light water reactors (LWRs). This paper discusses the U.S. Nuclear Regulatory Commissions Proactive Management of Materials Degradation (PMMD) program and its application to nuclear power plant structures, systems and components. The PMMD program is examining LWR component materials and the degradation phenomena that affect them. Of particular interest is how such phenomena can be monitored to predict degradation and prevent component failure. Some forms of degradation, including some modes of stress corrosion cracking, are characterized by a long initiation time followed by a rapid growth phase. Monitoring such long-term degradation will require new non-destructive evaluation (NDE) methods and measurement procedures. A critical analysis of all reactor components is required to determine if new inspection strategies are required to effectively manage slow degradation mechanisms that may lead to component failure. As reactor lifetimes are extended, degradation mechanisms previously considered too long-term to be of consequence (such as concrete and wiring insulation degradation) may become more important. This paper includes a review of techniques with potential for sensing and monitoring degradation in its early stages and will concisely explain the basic principles of PMMD and its relationship to in-service inspection, condition based maintenance, and advanced diagnostics and prognostics.

Bond, Leonard J.; Doctor, Steven R.; Griffin, Jeffrey W.; Hull, Amy B.; Malik, Shah

2011-01-01T23:59:59.000Z

444

Assessment  

NLE Websites -- All DOE Office Websites (Extended Search)

Assessment of the Surveillance Program of the High-Level Waste Storage Tanks at Hanford :.I LALI iE REJ 163 ROOM 1t 4 F77L. -77 .:earmn OfEeg Asitn Sertr fo niomn 4 z. r...

445

Sandia National Laboratories performance assessment methodology for long-term environmental programs : the history of nuclear waste management.  

SciTech Connect

Sandia National Laboratories (SNL) is the world leader in the development of the detailed science underpinning the application of a probabilistic risk assessment methodology, referred to in this report as performance assessment (PA), for (1) understanding and forecasting the long-term behavior of a radioactive waste disposal system, (2) estimating the ability of the disposal system and its various components to isolate the waste, (3) developing regulations, (4) implementing programs to estimate the safety that the system can afford to individuals and to the environment, and (5) demonstrating compliance with the attendant regulatory requirements. This report documents the evolution of the SNL PA methodology from inception in the mid-1970s, summarizing major SNL PA applications including: the Subseabed Disposal Project PAs for high-level radioactive waste; the Waste Isolation Pilot Plant PAs for disposal of defense transuranic waste; the Yucca Mountain Project total system PAs for deep geologic disposal of spent nuclear fuel and high-level radioactive waste; PAs for the Greater Confinement Borehole Disposal boreholes at the Nevada National Security Site; and PA evaluations for disposal of high-level wastes and Department of Energy spent nuclear fuels stored at Idaho National Laboratory. In addition, the report summarizes smaller PA programs for long-term cover systems implemented for the Monticello, Utah, mill-tailings repository; a PA for the SNL Mixed Waste Landfill in support of environmental restoration; PA support for radioactive waste management efforts in Egypt, Iraq, and Taiwan; and, most recently, PAs for analysis of alternative high-level radioactive waste disposal strategies including repositories deep borehole disposal and geologic repositories in shale and granite. Finally, this report summarizes the extension of the PA methodology for radioactive waste disposal toward development of an enhanced PA system for carbon sequestration and storage systems. These efforts have produced a generic PA methodology for the evaluation of waste management systems that has gained wide acceptance within the international community. This report documents how this methodology has been used as an effective management tool to evaluate different disposal designs and sites; inform development of regulatory requirements; identify, prioritize, and guide research aimed at reducing uncertainties for objective estimations of risk; and support safety assessments.

Marietta, Melvin Gary; Anderson, D. Richard; Bonano, Evaristo J.; Meacham, Paul Gregory (Raytheon Ktech, Albuquerque, NM)

2011-11-01T23:59:59.000Z

446

Semi-annual report of the Department of Energy, Office of Environmental Management, Quality Assessment Program  

SciTech Connect

This report presents the results from the analysis of the 43rd set of environmental quality assessment samples (QAP XLIII) that were received on or before December 1, 1995. This Quality Assessment Program (QAP) is designed to test the quality of the environmental measurements being reported to the Department of Energy by its contractors. Since 1976, real or synthetic environmental samples that have been prepared and thoroughly analyzed at the Environmental Measurements Laboratory (EML) have been distributed at first quarterly and then semi-annually to these contractors. Their results, which are returned to EML within 90 days, are compiled with EML`s results and are reported back to the participating contractors 30 days later. A summary of the reported results is available to the participants 2 days after the reporting deadline via a modem-telephone connection to the EML computer.

Sanderson, C.G.; Greenlaw, P.

1996-02-01T23:59:59.000Z

447

Semi-annual report of the Department of Energy, Office of Environmental Management, Quality Assessment Program  

SciTech Connect

This report presents the results from the analysis of the 42st set of environmental quality assessment samples (QAP XLII) that were received on or before June 1, 1995. This Quality Assessment Program (QAP) is designed to test the quality of the environmental measurements being reported to the Department of Energy by its contractors. Since 1976, real or synthetic environmental samples that have been prepared and thoroughly analyzed at the Environmental Measurements Laboratory (EML) have been distributed at first quarterly and then semi-annually to these contractors. Their results, which are returned to EML within 90 days, are compiled with EML`s results and are reported back to the participating contractors 30 days later. A summary of the reported results is available to the participants 2 days after the reporting deadline via a modem-telephone connection to the EML computer.

Sanderson, C.G.; Greenlaw, P.; Pan, V.

1995-07-03T23:59:59.000Z

448

Semi-annual report of the Department of Energy, Office of Environmental Management, Quality Assessment Program  

SciTech Connect

This report presents the results from the analysis of the 44th set of environmental quality assessment samples (QAP XLIV) that were received on or before June 3, 1996. The QAP is designed to test the quality of environmental measurements being reported to the Department of Energy by it`s contractors. Since 1976, samples have been prepared and analyzed by the Environmental measurements Laboratory.

Sanderson, C.G.; Greenlaw, P.

1996-07-01T23:59:59.000Z

449

PERFORMANCE ASSESSMENT TO SUPPORT CLOSURE OF SINGLE-SHELL TANK WASTE MANAGEMENT AREA C AT THE HANFORD SITE  

SciTech Connect

Current proposed regulatory agreements (Consent Decree) at the Hanford Site call for closure of the Single-Shell Tank (SST) Waste Management Area (WMA) C in the year 2019. WMA C is part of the SST system in 200 East area ofthe Hanford Site and is one of the first tank farm areas built in mid-1940s. In order to close WMA C, both tank and facility closure activities and corrective actions associated with existing soil and groundwater contamination must be performed. Remedial activities for WMA C and corrective actions for soils and groundwater within that system will be supported by various types of risk assessments and interim performance assessments (PA). The U.S. Department of Energy, Office of River Protection (DOE-ORP) and the State ofWashington Department of Ecology (Ecology) are sponsoring a series of working sessions with regulators and stakeholders to solicit input and to obtain a common understanding concerning the scope, methods, and data to be used in the planned risk assessments and PAs to support closure of WMA C. In addition to DOE-ORP and Ecology staff and contractors, working session members include representatives from the U.S. Enviromnental Protection Agency, the U.S. Nuclear Regulatory Commission (NRC), interested tribal nations, other stakeholders groups, and members of the interested public. NRC staff involvement in the working sessions is as a technical resource to assess whether required waste determinations by DOE for waste incidental to reprocessing are based on sound technical assumptions, analyses, and conclusions relative to applicable incidental waste criteria.

BERGERON MP

2010-01-14T23:59:59.000Z

450

Technical Note: Seasonality in alpine water resources management a regional assessment  

E-Print Network (OSTI)

Abstract. Alpine regions are particularly affected by seasonal variations in water demand and water availability. Especially the winter period is critical from an operational point of view, as being characterised by high water demands due to tourism and low water availability due to the temporal storage of precipitation as snow and ice. The clear definition of summer and winter periods is thus an essential prerequisite for water resource management in alpine regions. This paper presents a GIS-based multi criteria method to determine the winter season. A snow cover duration dataset serves as basis for this analysis. Different water demand stakeholders, the alpine hydrology and the present day water supply infrastructure are taken into account. Technical snow-making and (winter) tourism were identified as the two major seasonal water demand stakeholders in the study area, which is the Kitzbueheler region in the Austrian Alps. Based upon different geographical datasets winter was defined as the period from December to March, and summer as the period from April to November. By determining potential regional water balance deficits or surpluses in the present day situation and in future, important management decisions such as water storage and allocation can be made and transposed to the local level. 1

Hydrology; D. Vanham; E. Fleischhacker; W. Rauch

2007-01-01T23:59:59.000Z

451

National Climate Assessment: Indicators System  

NLE Websites -- All DOE Office Websites (Extended Search)

Indicators System Print E-mail Indicators System Print E-mail What are the goals for the NCA indicators? The vision for the National Climate Assessment (NCA) is to create a system of indicators that will help inform policy-makers and citizens understand key aspects of our changing climate. Scientific information about physical climate conditions, climate impacts, vulnerabilities, and preparedness will be tracked and compiled. These measures are called indicators. The goals of the Indicators System are to: Provide meaningful, authoritative climate-relevant measures about the status, rates, and trends of key physical, ecological, and societal variables and values Inform decisions on management, research, and education at regional to national scales Identify climate-related conditions and impacts to help develop effective mitigation and adaptation measures

452

Risk assessment and optimization (ALARA) analysis for the environmental remediation of Brookhaven National Laboratory`s hazardous waste management facility  

SciTech Connect

The Department of Energy`s (DOE) Office of Environment, Safety, and Health (EH) sought examples of risk-based approaches to environmental restoration to include in their guidance for DOE nuclear facilities. Extensive measurements of radiological contamination in soil and ground water have been made at Brookhaven National Laboratory`s Hazardous Waste Management Facility (HWMF) as part of a Comprehensive Environmental Response, Compensation and Liability Act (CERCLA) remediation process. This provided an ideal opportunity for a case study. This report provides a risk assessment and an {open_quotes}As Low as Reasonably Achievable{close_quotes} (ALARA) analysis for use at other DOE nuclear facilities as an example of a risk-based decision technique.

Dionne, B.J.; Morris, S. III; Baum, J.W. [and others

1998-03-01T23:59:59.000Z

453

The economics of nuclear decontamination: assessing policy options for the management of land around Fukushima dai-ichi  

Science Journals Connector (OSTI)

Abstract In the light of the Japanese government's intensive efforts to decontaminate areas affected by radioactive Caesium from Fukushima dai-ichi nuclear power plant, I create a framework for assessing the merits of management options. In particular I consider delayed intervention as a possible policy. Delay can be optimal because allowing the natural decay of radiation can lower significantly the costs of achieving targets for exposure. Using some benchmark data for Japan I estimate that optimal delay is positive for most reasonable parameter values. Optimal delay generally lies in the range of 310 years with a central figure of 8.8 years. There is however considerable uncertainty over some of the key parameter values, particularly with regard to the behaviour of currently evacuated inhabitants.

Alistair Munro

2013-01-01T23:59:59.000Z

454

Development of a MATLAB/STK TLE Accuracy Assessment Tool, in support of the NASA Ames Space Traffic Management Project  

E-Print Network (OSTI)

In order to improve the effectiveness of conjunction analysis using publically available Two Line Elements (TLEs) a number of strategies are being investigated as part of the Space Traffic Management project at NASA Ames Research Center. To assist in evaluating the effectiveness of these approaches a tool was developed in the MATLAB programming language that interfaces with the AGI Satellite Toolkit and with Microsoft Excel. The TLEs and any available truth ephemerides are read in by the tool and propagated orbits are compared using STK to estimate the errors. This tool is employed to determine the covariance and investigate the growth of errors in propagating the orbit of the CNESStella geodetic satellite. The different sources of error are assessed and future improvements to the tool are suggested.

Mason, James

2013-01-01T23:59:59.000Z

455

Power grid vulnerability: A complex network approach  

Science Journals Connector (OSTI)

Power grids exhibit patterns of reaction to outages similar to complex networks. Blackout sequences follow power laws as complex systems operating near a critical point. Here the tolerance of electric power grids to both accidental and malicious outages is analyzed in the framework of complex network theory. In particular the quantity known as efficiency is modified by introducing a new concept of distance between nodes. As a result a new parameter called net-ability is proposed to evaluate the performance of power grids. A comparison between efficiency and net-ability is provided by estimating the vulnerability of sample networks in terms of both the metrics.

S. Arianos; E. Bompard; A. Carbone; F. Xue

2009-01-01T23:59:59.000Z

456

Water Management  

NLE Websites -- All DOE Office Websites (Extended Search)

Water Management This department applies multi-disciplinary science and technology-based modeling to assess complex environmental systems. It integrates ecology, anthropology, and...

457

Social vulnerability indicators as a sustainable planning tool  

SciTech Connect

In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with nati