Powered by Deep Web Technologies
Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

Philosophy on Vulnerability Assessments  

NLE Websites -- All DOE Office Websites (Extended Search)

capabilities/vat/assess/ capabilities/vat/assess/ ARGONNE NATIONAL LABORATORY, Nuclear Engineering Division, 9700 South Cass Ave., Argonne, IL Philosophy on Vulnerability Assessments Argonne Vulnerability Assessment Team Roger G. Johnston, Ph.D., CPP , 630-252-6168 1. There are a number of conventional tools for finding security vulnerabilities. These include security surveys, risk management, design basis threat, CARVER Method, Delphi Method, software vulnerability assessment tools, infrastructure modeling, etc. 2. These tools have some value, and indeed we have used them all. 3. Experience has shown, however, that these methods do not usually result in dramatic improvements to security, nor do they reliably predict catastrophic security incidents that

2

Seals Applications - Vulnerability Assessment Team - Nuclear...  

NLE Websites -- All DOE Office Websites (Extended Search)

Physical Security Maxims Read the Security Maxims Devil's Dictionary of Security Terms For more information: Vulnerability Assessment Section Sect. Manager: Roger G....

3

Data management for geospatial vulnerability assessment of interdependencies in US power generation  

Science Conference Proceedings (OSTI)

Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S. [Carnegie Mellon University, Pittsburgh, PA (United States). Dept. of Civil & Environmental Engineering

2009-09-15T23:59:59.000Z

4

Plutonium Vulnerability Management Plan  

Science Conference Proceedings (OSTI)

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

5

HEPA Filter Vulnerability Assessment  

SciTech Connect

This assessment of High Efficiency Particulate Air (HEPA) filter vulnerability was requested by the USDOE Office of River Protection (ORP) to satisfy a DOE-HQ directive to evaluate the effect of filter degradation on the facility authorization basis assumptions. Within the scope of this assessment are ventilation system HEPA filters that are classified as Safety-Class (SC) or Safety-Significant (SS) components that perform an accident mitigation function. The objective of the assessment is to verify whether HEPA filters that perform a safety function during an accident are likely to perform as intended to limit release of hazardous or radioactive materials, considering factors that could degrade the filters. Filter degradation factors considered include aging, wetting of filters, exposure to high temperature, exposure to corrosive or reactive chemicals, and exposure to radiation. Screening and evaluation criteria were developed by a site-wide group of HVAC engineers and HEPA filter experts from published empirical data. For River Protection Project (RPP) filters, the only degradation factor that exceeded the screening threshold was for filter aging. Subsequent evaluation of the effect of filter aging on the filter strength was conducted, and the results were compared with required performance to meet the conditions assumed in the RPP Authorization Basis (AB). It was found that the reduction in filter strength due to aging does not affect the filter performance requirements as specified in the AB. A portion of the HEPA filter vulnerability assessment is being conducted by the ORP and is not part of the scope of this study. The ORP is conducting an assessment of the existing policies and programs relating to maintenance, testing, and change-out of HEPA filters used for SC/SS service. This document presents the results of a HEPA filter vulnerability assessment conducted for the River protection project as requested by the DOE Office of River Protection.

GUSTAVSON, R.D.

2000-05-11T23:59:59.000Z

6

T-731:Symantec IM Manager Code Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code Injection Vulnerability. PLATFORM: IM Manager versions prior to 8.4.18 are affected. ABSTRACT: Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. referecnce LINKS: Symantec Security Advisory SYM11-012 Symantec Security Updates Bugtraq ID: 49742 IMPACT ASSESSMENT: High Discussion: Symantec was notified of Cross-Site Scripting and Code injection/execution issues present in the Symantec IM Manager management console. The management console fails to properly filter/validate external inputs. Successful exploitation of SQL Injection or Remote Code execution might

7

Hawaii Energy Strategy: Program guide. [Contains special sections on analytical energy forecasting, renewable energy resource assessment, demand-side energy management, energy vulnerability assessment, and energy strategy integration  

SciTech Connect

The Hawaii Energy Strategy program, or HES, is a set of seven projects which will produce an integrated energy strategy for the State of Hawaii. It will include a comprehensive energy vulnerability assessment with recommended courses of action to decrease Hawaii's energy vulnerability and to better prepare for an effective response to any energy emergency or supply disruption. The seven projects are designed to increase understanding of Hawaii's energy situation and to produce recommendations to achieve the State energy objectives of: Dependable, efficient, and economical state-wide energy systems capable of supporting the needs of the people, and increased energy self-sufficiency. The seven projects under the Hawaii Energy Strategy program include: Project 1: Develop Analytical Energy Forecasting Model for the State of Hawaii. Project 2: Fossil Energy Review and Analysis. Project 3: Renewable Energy Resource Assessment and Development Program. Project 4: Demand-Side Management Program. Project 5: Transportation Energy Strategy. Project 6: Energy Vulnerability Assessment Report and Contingency Planning. Project 7: Energy Strategy Integration and Evaluation System.

1992-09-01T23:59:59.000Z

8

An OVAL-based active vulnerability assessment system for enterprise computer networks  

Science Conference Proceedings (OSTI)

Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter ... Keywords: Attack path, Network security, Open vulnerability assessment language, Predicate logic, Relational database management system, Security vulnerability

Xiuzhen Chen; Qinghua Zheng; Xiaohong Guan

2008-11-01T23:59:59.000Z

9

Vulnerability Assessment Team (VAT) - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability Assessment Team Vulnerability Assessment Team VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

10

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

11

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

12

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

13

Definitions, Seals - Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Definitions Definitions VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

14

Safety - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety Safety VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

15

Useful Resources- Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Publications Selected Publications VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

16

India-Vulnerability Assessment and Enhancing Adaptive Capacities...  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

17

Election Security - Vulnerability Assessment Team - Nuclear Engineerin...  

NLE Websites -- All DOE Office Websites (Extended Search)

on LinkedIn The Vulnerability Assessment Team has demonstrated easy to execute, non-cyber attacks on two different kinds of electronic voting machines. We believe that too...

18

CDKN-Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Cartagena Vulnerability Assessment Cartagena Vulnerability Assessment Jump to: navigation, search Name CDKN-Colombia-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] CDKN-Colombia-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=CDKN-Colombia-Cartagena_Vulnerability_Assessment&oldid=407543

19

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-214: HP Network Node Manager Java JDK / JRE Multiple U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

20

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager Java JDK / JRE Multiple 4: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Colombia-Cartagena Vulnerability Assessment Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] Colombia-CDKN-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=Colombia-Cartagena_Vulnerability_Assessment&oldid=699760"

22

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

23

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

24

The (In)Security of Drug Testing - Vulnerability Assessment Team...  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Papers > The (In)Security of Drug Testing VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security...

25

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM Maximo Asset Management Products Java Multiple 61: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

26

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple 1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

27

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-180: IBM Application Manager For Smart Business Multiple V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin 1640752 Secunia Advisory SA53844 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

28

Assessing Network Infrastructure Vulnerabilities to Physical ...  

Science Conference Proceedings (OSTI)

... networks, air traffic control systems, and water distribution systems ... is that we consider the vulnerability to this ... States is buried in the ground within a ...

1999-11-05T23:59:59.000Z

29

India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Agency/Company /Organization Swiss Agency for Development and Cooperation Sector Energy, Land, Water Focus Area Agriculture Topics Co-benefits assessment, Background analysis Resource Type Lessons learned/best practices Website http://www.intercooperation.or Country India Southern Asia References India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change[1] India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Screenshot Contents 1 Introduction [1] 2 Community-based Institutions [2] 3 Pasture Land Development [3]

30

V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

177: VMware vCenter Chargeback Manager File Upload Handling 177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability June 13, 2013 - 6:00am Addthis PROBLEM: vCenter Chargeback Manager Remote Code Execution PLATFORM: VMware vCenter Chargeback Manager 2.x ABSTRACT: The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution REFERENCE LINKS: Secunia Advisory SA53798 VMWare Security Advisory VMSA-2013-0008 CVE-2013-3520 IMPACT ASSESSMENT: Medium DISCUSSION: The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely. IMPACT: System Access SOLUTION: Vendor recommends updating to version 2.5.1

31

Vulnerability and social risk management in India and Mexico  

E-Print Network (OSTI)

The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

Flores Ballesteros, Luis

2008-01-01T23:59:59.000Z

32

Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of  

Open Energy Info (EERE)

Impacts, Vulnerability and Adaptation: The Case of Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Agency/Company /Organization World Agroforestry Centre Sector Land Focus Area Forestry Topics Adaptation, Background analysis, Co-benefits assessment Resource Type Publications Website http://www.worldagroforestry.o Country Philippines UN Region South-Eastern Asia References Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed[1] Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Screenshot This article is a stub. You can help OpenEI by expanding it.

33

New Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

More Information More Information VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

34

Insanely Fast Microprocessor Shop - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Insanely Fast Microprocessor Shop Insanely Fast Microprocessor Shop VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

35

About Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Seals Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

36

Findings and Lessons, Seals - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Findings and Lessons Learned Findings and Lessons Learned VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

37

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

38

Common Myths about Tamper Indicating Seals - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Common Myths about Tamper Common Myths about Tamper Indicating Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

39

Rapid Sampling from Sealed Containers - Vulnerability Assessment Team -  

NLE Websites -- All DOE Office Websites (Extended Search)

Nonproliferation and Nonproliferation and National Security > VAT > Current Projects > Rapid Sampling Tools > ... from Sealed Containers VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Tamper & Intrusion Detection Rapid Sampling from Sealed Containers Demo video Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned

40

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure  

SciTech Connect

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

Suski, N; Wuest, C

2011-02-04T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

The Journal of Physical Security - Vulnerability Assessment Team - Argonne  

NLE Websites -- All DOE Office Websites (Extended Search)

Current Projects > The Journal of Physical Current Projects > The Journal of Physical Security VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

42

Current Projects: Rapid Sampling Tools - Vulnerability Assessment...  

NLE Websites -- All DOE Office Websites (Extended Search)

Applications include counter-terrorism, emergency response teams, drug and environmental raids, and waste management. For more information visit Rapid Sampling from Sealed...

43

Seals References - Vulnerability Assessment Team - Nuclear Engineering...  

NLE Websites -- All DOE Office Websites (Extended Search)

VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure) The (In)Security of Drug Testing VAT in...

44

Current Projects: GPS Spoofing - Vulnerability Assessment Team...  

NLE Websites -- All DOE Office Websites (Extended Search)

References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure) The...

45

An assessment of fire vulnerability for aged electrical relays  

SciTech Connect

There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

1995-03-01T23:59:59.000Z

46

NSTB Summarizes Vulnerable Areas  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Commonly Found in Energy Control Systems Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. The paper "Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems" describes the vulnerabilities and recommended strategies for mitigating them. It should be of use to asset owners and operators, control system vendors, system integrators, and third-party vendors interested in enhancing the security characteristics of current and future products.

47

Corrective Action Plan for INEL low-level waste management ES&H vulnerabilities  

SciTech Connect

Low-level waste (LLW) activities at INEL include numerous waste generators, storage facilities, three treatment facilities, and one disposal facility. The Working Group Assessment Team (WGAT) conducted an assessment of the LLW management program in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-2 (Conformance with Safety Standards at Department of Energy Low-Level Nuclear Waste and Disposal Facilities). Assessment included review of waste generators, liquid effluent treatment, storage facilities and practices, and a disposal facility with vaults and a shallow subsurface burial site. WGAT reviewed relevant documents and conducted tours concerning these LLW operations. The vulnerabilities identified by WGAT were similar to those self-identified by INEL (storage and disposal of LLW). This assessment resulted in the documentation of 8 vulnerabilities and 3 conditions. WGAT assessed the overall LLW/mixed low-level waste (MLLW) management program at INEL as being generally effective. As recommended by DNFSB, a site-specific Corrective Action Plan has been prepared and constitutes the initial site improvement activities.

1996-07-01T23:59:59.000Z

48

Aquifer Vulnerability Assessment to Petroleum Contaminants Based on Fuzzy Variable Set Theory and Geographic Information System  

Science Conference Proceedings (OSTI)

It is a common environmental and hydro-geological problem that groundwater system is contaminated by petroleum hydrocarbons. An important step of pollution control and treatment is aquifer vulnerability assessment. In this paper, a karst fissure groundwater ... Keywords: fuzzy variable set, GIS, aquifer, petroleum contamination, vulnerability, assessment

Li Qingguo; Ma Zhenmin; Fang Yunzhi; Chen Shouyu

2009-07-01T23:59:59.000Z

49

Fuzzy integrated vulnerability assessment model for critical facilities in combating the terrorism  

Science Conference Proceedings (OSTI)

Critical facility vulnerability assessment is a highly complex strategic activity in combating the terrorism and necessitates a structured quantified methodology to support the decision-making process in defense planning. In the system perspective, the ... Keywords: Airport, Fuzzy Cognitive Maps (FCM), Fuzzy integrated vulnerability assessment model (FIVAM), Fuzzy set theory, Interdependency, Simple Multi-Attribute Rating Technique (SMART), Terrorism

Ilker Akgun; Ahmet Kandakoglu; Ahmet Fahri Ozok

2010-05-01T23:59:59.000Z

50

T-614: Cisco Unified Communications Manager Database Security Vulnerability  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerability is due to unspecified errors in the affected software that may allow the attacker to perform SQL injections. An authenticated, remote attacker could inject arbitrary SQL code on the system, allowing the attacker to take unauthorized actions.

51

Equally Unprepared: Assessing the Hurricane Vulnerability of Undergraduate Students  

Science Conference Proceedings (OSTI)

Students have been described as being both particularly vulnerable to natural disasters and highly resilient in recovery. In addition, they often have been treated as a distinct, homogeneous group sharing similar characteristics. This research ...

Jason L. Simms; Margarethe Kusenbach; Graham A. Tobin

2013-07-01T23:59:59.000Z

52

Modeling s-t Path Availability to Support Disaster Vulnerability Assessment of Network Infrastructure  

E-Print Network (OSTI)

The maintenance of system flow is critical for effective network operation. Any type of disruption to network facilities (arcs/nodes) potentially risks loss of service, leaving users without access to important resources. It is therefore an important goal of planners to assess infrastructures for vulnerabilities, identifying those vital nodes/arcs whose debilitation would compromise the most source-sink (s-t) interaction or system flow. Due to the budgetary limitations of disaster management agencies, protection/fortification and planning for the recovery of these vital infrastructure facilities is a logical and efficient proactive approach to reducing worst-case risk of service disruption. Given damage to a network, evaluating the potential for flow between s-t pairs requires assessing the availability of an operational s-t path. Recent models proposed for identifying infrastructure vital to system flow have relied on enumeration of all s-t paths to support this task. This paper proposes an alternative model...

Matisziw, Timothy C

2010-01-01T23:59:59.000Z

53

Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements  

Science Conference Proceedings (OSTI)

This paper proposes a new approach for assessing the organization's vulnerability to information-security breaches. Although much research has been done on qualitative approaches, the literature on numerical approaches to quantify information-security ... Keywords: Information security, Information-security measurement, Risk analysis, Security threats, Vulnerability measurement

Sandip C. Patel; James H. Graham; Patricia A. S. Ralston

2008-12-01T23:59:59.000Z

54

Vulnerability assessment of medieval civic towers as a tool for retrofitting design  

Science Conference Proceedings (OSTI)

The seismic vulnerability of an ancient civic bell-tower is studied. Rather than seeing it as an intermediate stage toward a risk analysis, the assessment of vulnerability is here pursued for the purpose of optimizing the retrofit design. The vulnerability curves are drawn by carrying out a single time history analysis of a model calibrated on the basis of experimental data. From the results of this analysis, the medians of three selected performance parameters are estimated, and they are used to compute, for each of them, the probability of exceeding or attaining the three corresponding levels of light, moderate and severe damage. The same numerical model is then used to incorporate the effects of several retrofitting solutions and to re-estimate the associated vulnerability curves. The ultimate goal is to provide a numerical tool able to drive the optimization process of a retrofit design by the comparison of the vulnerability estimates associated with the different retrofitting solutions.

Casciati, Sara [ASTRA Department, University of Catania, Siracusa (Italy); Faravelli, Lucia [Department of Structural Mechanics, University of Pavia, Pavia, Pavia (Italy)

2008-07-08T23:59:59.000Z

55

Department of Energy Plutonium ES&H Vulnerability Assessment Savannah River Site interim compensatory measures  

Science Conference Proceedings (OSTI)

The Savannah River Site (SRS) has recently completed a self-assessment of potential vulnerabilities associated with plutonium and other transuranic materials stored at the site. An independent Working Group Assessment Team (WGAT) appointed by DOE/ES&H also performed an independent assessment, and reviewed and validated the site self-assessment. The purpose of this report is to provide a status of interim compensatory measures at SRS to address hazards in advance of any corrective actions. ES&H has requested this status for all vulnerabilities ranked medium or higher with respect to potential consequences to workers, environment, and the public.

Bickford, W.E.

1994-09-15T23:59:59.000Z

56

Performance Assessment of a Heat Wave Vulnerability Index for Greater London, United Kingdom  

Science Conference Proceedings (OSTI)

This study reports on the assessment of a multivariate heat wave vulnerability index (HVI) developed for London in the United Kingdom. The HVI is assessed in terms of its ability to predict whether mortality and ambulance call-out attain above ...

Tanja Wolf; Glenn McGregor; Antonis Analitis

57

Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. To address the facility-specific and site-specific vulnerabilities, responsible DOE and site-contractor line organizations have developed initial site response plans. These plans, presented as Volume 2 of this Management Response Plan, describe the actions needed to mitigate or eliminate the facility- and site-specific vulnerabilities identified by the CSV Working Group field verification teams. Initial site response plans are described for: Brookhaven National Lab., Hanford Site, Idaho National Engineering Lab., Lawrence Livermore National Lab., Los Alamos National Lab., Oak Ridge Reservation, Rocky Flats Plant, Sandia National Laboratories, and Savannah River Site.

Not Available

1994-09-01T23:59:59.000Z

58

Contact the Vulnerability Assessment Team (VAT) - Nuclear Engineering...  

NLE Websites -- All DOE Office Websites (Extended Search)

VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure) The (In)Security of Drug Testing VAT in...

59

Process Management Maturity Assessment Process Management Maturity Assessment  

E-Print Network (OSTI)

This paper outlines a Business Process Management implementation approach in a large international company. It introduces a Process Management Maturity Assessment (PMMA) which was developed to assess the implementation of Business Process Management. The maturity model is based on the assessment of nine categories which comprehensively cover all aspects which impact the success of Business Process Management. Some findings of the first assessment round are presented to illustrate the benefits of the PMMA approach.

Michael Rohloff; Michael Rohloff

2009-01-01T23:59:59.000Z

60

Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 1  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains a discussion of the chemical safety improvements planned or already underway at DOE sites to correct facility or site-specific vulnerabilities. The main part of the report is a discussion of each of the programmatic deficiencies; a description of the tasks to be accomplished; the specific actions to be taken; and the organizational responsibilities for implementation.

Not Available

1994-09-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2  

SciTech Connect

The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

Fesharaki, F.; Rizer, J.P.; Greer, L.S.

1994-05-01T23:59:59.000Z

62

Guide to Critical Infrastructure Protection Cyber Vulnerability...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized...

63

Security Automation and the National Vulnerability Database  

Science Conference Proceedings (OSTI)

... 6 Page 7. National Vulnerability Database Role Receive CVE ... Environmental Integrity ... Use Case: Vulnerability Management CVE 2012-3544 30 ...

2013-06-05T23:59:59.000Z

64

Assessment of Project Management Experience  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Assessment of Project Management Experience PMCDP for CEG Competency 1.12.2 Assessment of Project Management Experience PMCDP for CEG Competency 1.12.2 Applicant Name: Applicant Supervisor: Date (mm/dd/yyyy): Directions: Step 1: Use this template to show project management experience for CEG competency 1.12.2. Rate your experience (0 - 5) in the following project management related activities using the scale below. Step 2: Sign the completed form and have your supervisor review and sign it. Step 3: Once approved by your supervisor, submit the form as part of your Level I certification package. Note: Project management experience is distinguished from FPD experience and applies to general project management activities and experience. Positions that do not count towards experience in project management include: program manager, property manager, health, safety and security (HSS) positions, and

65

GAO-06-838R Contract Management: DOD Vulnerabilities to Contracting Fraud, Waste, and Abuse  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Accountability Office Accountability Office ington, DC 20548 Wash July 7, 2006 The Honorable John Warner Chairman The Honorable Carl Levin Ranking Member Committee on Armed Services United States Senate The Honorable Duncan Hunter Chairman The Honorable Ike Skelton Ranking Member Committee on Armed Services House of Representatives Subject: Contract Management: DOD Vulnerabilities to Contracting Fraud, Waste, and Abuse In recent years, the Department of Defense (DOD) has increasingly relied on goods and services provided by the private sector under contract. Since fiscal year 2000, DOD's contracting for goods and services has nearly doubled, and this trend is expected to continue. In fiscal year 2005 alone, DOD obligated nearly $270 billion on contracts for goods and services. Given the

66

A Hydroclimatological Assessment of Regional Drought Vulnerability: A Case Study of Indiana Droughts  

Science Conference Proceedings (OSTI)

Characterizing and developing drought climatology continues to be a challenging problem. As decision makers seek guidance on water management strategies, there is a need for assessing the performance of drought indices. This requires the ...

Umarporn Charusombat; Dev Niyogi

2011-09-01T23:59:59.000Z

67

Tornado Vulnerability in Texas  

Science Conference Proceedings (OSTI)

Tornado vulnerability depends on the incidence of and societal exposure to tornadoes for a particular location. This study assesses the vulnerability of Texas counties to tornadoes using tornado incidence and societal exposure composite scores. ...

Richard W. Dixon; Todd W. Moore

2012-01-01T23:59:59.000Z

68

Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Department of Energy U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Enhancing control systems security in the energy sector NSTB September 2006 LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS Raymond K. Fink David F. Spencer Rita A. Wells NSTB INL/CON-06-11665 iii ABSTRACT Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems, or components of those systems, were reviewed to identify common problem areas. The common vulnerabilities identified ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and

69

Argonne's Vulnerability  

NLE Websites -- All DOE Office Websites (Extended Search)

finding finding and fixing security flaws Argonne's Vulnerability assessment Team VAT researchers spend their workdays devising and demonstrating ways to defeat a wide variety of security devices, systems, and programs, ranging from electronic voting machines and global positioning systems (GPS) to nuclear safeguards programs and biometrics-based access control. This involves analyzing the security features, reverse-engineering the technology or

70

Hydraulic properties of the vadose zone at two typical sites in the Western Cape for the assessment of groundwater vulnerability to pollution.  

E-Print Network (OSTI)

?? Aquifer vulnerability assessment is increasingly becoming a very significant basis in order to fulfill the water demands in South Africa. Knowledge of soil hydraulic (more)

Samuels, Donovan.

2007-01-01T23:59:59.000Z

71

Climate change vulnerability assessments as catalysts for social learning: four case studies in south-eastern Australia  

SciTech Connect

Technical assessments of vulnerability and/or risk are increasingly being undertaken to assess the impacts of climate change. Underlying this is the belief that they will bring clarity to questions regarding the scale of institutional investments required, plausible adaptation policies and measures, and the timing of their implementation. Despite the perceived importance of technical assessments in 'evidence-based' decision environments, assessments cannot be undertaken independent of values and politics, nor are they capable of eliminating the uncertainty that clouds decision-making on climate adaptation As such, assessments can trigger as many questions as they answer, leaving practitioners and stakeholders to question their value. This paper explores the value of vulnerability/risk assessments in climate change adaptation planning processes as a catalyst for learning in four case studies in Southeastern Australia. Data were collected using qualitative interviews with stakeholders involved in the assessments and analysed using a social learning framework. This analysis revealed that detailed and tangible strategies or actions often do not emerge directly from technical assessments. However, it also revealed that the assessments became important platforms for social learning. In providing these platforms, assessments present opportunities to question initial assumptions, explore multiple framings of an issue, generate new information, and galvanise support for collective actions. This study highlights the need for more explicit recognition and understanding of the important role social learning plays in climate change vulnerability assessments and adaptation planning more broadly.

Preston, Benjamin L [ORNL

2012-01-01T23:59:59.000Z

72

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

73

Linear modeling and simulation of low-voltage electric system for single-point vulnerability assessment of military installation  

Science Conference Proceedings (OSTI)

This paper describes the formulation and development of a linear model to support the single-point vulnerability assessment of electric distribution systems at existing and future U.S. Department of Defense (DoD) military sites. The model uses flow sensitivity ...

Edgar C. Portante; Thomas N. Taxon; James A. Kavicky; Tarek Abdallah; Timothy K. Perkins

2008-12-01T23:59:59.000Z

74

GIS-based method for the environmental vulnerability assessment to volcanic ashfall at Etna Volcano  

Science Conference Proceedings (OSTI)

The response of environment to ashfall was evaluated aiming at defining the vulnerability in the areas surrounding Mt. Etna volcano, Sicily. The two utilized scenarios assume different thickness of ashfall, over distances comparable with those covered ... Keywords: Corine land cover, Environmental vulnerability, GIS, Volcanic risk

Silvia Rapicetta; Vittorio Zanon

2009-09-01T23:59:59.000Z

75

Extended defense systems :I. adversary-defender modeling grammar for vulnerability analysis and threat assessment.  

SciTech Connect

Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenarios possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.

Merkle, Peter Benedict

2006-03-01T23:59:59.000Z

76

Plutonium working group report on environmental, safety and health vulnerabilities associated with the Department`s plutonium storage. Volume II, part 7: Mound working group assessment team report  

Science Conference Proceedings (OSTI)

This is the report of a visit to the Mound site by the Working Group Assessment Team (WGAT) to assess plutonium vulnerabilities. Purposes of the visit were: to review results of the site`s self assessment of current practices for handling and storing plutonium; to conduct an independent assessment of these practices; to reconcile differences and assemble a final list of vulnerabilities; to calculate consequences and probability for each vulnerability; and to issue a report to the Working Group. This report, representing completion of the Mound visit, will be compiled along with those from all other sites with plutonium inventories as part of a final report to the Secretary of Energy.

NONE

1994-09-01T23:59:59.000Z

77

Assessment of chemical vulnerabilities in the Hanford high-level waste tanks  

SciTech Connect

The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

Meacham, J.E. [and others

1996-02-15T23:59:59.000Z

78

Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 2, Working Group Assessment Team reports; Vulnerability development forms; Working group documents  

Science Conference Proceedings (OSTI)

The Secretary of Energy`s memorandum of August 19, 1993, established an initiative for a Department-wide assessment of the vulnerabilities of stored spent nuclear fuel and other reactor irradiated nuclear materials. A Project Plan to accomplish this study was issued on September 20, 1993 by US Department of Energy, Office of Environment, Health and Safety (EH) which established responsibilities for personnel essential to the study. The DOE Spent Fuel Working Group, which was formed for this purpose and produced the Project Plan, will manage the assessment and produce a report for the Secretary by November 20, 1993. This report was prepared by the Working Group Assessment Team assigned to the Hanford Site facilities. Results contained in this report will be reviewed, along with similar reports from all other selected DOE storage sites, by a working group review panel which will assemble the final summary report to the Secretary on spent nuclear fuel storage inventory and vulnerability.

Not Available

1993-11-01T23:59:59.000Z

79

Putting vulnerability to climate change on the map: a review of approaches, benefits, and risks  

Science Conference Proceedings (OSTI)

There is growing demand among stakeholders across public and private institutions for spatially-explicit information regarding vulnerability to climate change at the local scale. However, the challenges associated with mapping the geography of climate change vulnerability are non-trivial, both conceptually and technically, suggesting the need for more critical evaluation of this practice. Here, we review climate change vulnerability mapping in the context of four key questions that are fundamental to assessment design. First, what are the goals of the assessment? A review of published assessments yields a range of objective statements that emphasize problem orientation or decision-making about adaptation actions. Second, how is the assessment of vulnerability framed? Assessments vary with respect to what values are assessed (vulnerability of what) and the underlying determinants of vulnerability that are considered (vulnerability to what). The selected frame ultimately influences perceptions of the primary driving forces of vulnerability as well as preferences regarding management alternatives. Third, what are the technical methods by which an assessment is conducted? The integration of vulnerability determinants into a common map remains an emergent and subjective practice associated with a number of methodological challenges. Fourth, who participates in the assessment and how will it be used to facilitate change? Assessments are often conducted under the auspices of benefiting stakeholders, yet many lack direct engagement with stakeholders. Each of these questions is reviewed in turn by drawing on an illustrative set of 45 vulnerability mapping studies appearing in the literature. A number of pathways for placing vulnerability

Preston, Benjamin L [ORNL

2011-01-01T23:59:59.000Z

80

Assessment of Groundwater Vulnerability to Contamination Using Capture Zone Delineation in Shenzhen City, China  

Science Conference Proceedings (OSTI)

As a result of the large risk associated with the contamination of aquifers, it becomes imperative to protect groundwater supply areas. One of the practical methods that is projected for the protection of aquifers is to zone a boundary around current ... Keywords: MODPATH, capture zones, delineation, groundwater contamination, vulnerability

Chiha Aida; Aiguo Zhou; Jianwei Zhou; ShaoGang Dong

2009-07-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Vulnerability assessment of groundwater resources: A modelling-based approach to the Mancha Occidental aquifer, Spain  

Science Conference Proceedings (OSTI)

The semiarid Mancha Occidental aquifer represents a paradigmatic case of intensive groundwater use for agriculture. Irrigation has proven a catalyst for welfare in the area over the last three decades, if at a significant environmental cost and while ... Keywords: Aquifer, Groundwater, Mancha Occidental, Participatory modelling, Vulnerability, Water Framework Directive

Pedro Martnez-Santos; M. Ramn Llamas; Pedro E. Martnez-Alfaro

2008-09-01T23:59:59.000Z

82

National Vulnerability Database Full Vulnerability Listing  

Science Conference Proceedings (OSTI)

NVD Complete Vulnerability Listing. This web page contains direct links to every National Vulnerability Database vulnerability entry. ...

83

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Attachmate Reflection Products Java Multiple Vulnerabilities 2: Attachmate Reflection Products Java Multiple Vulnerabilities V-022: Attachmate Reflection Products Java Multiple Vulnerabilities November 13, 2012 - 1:00am Addthis PROBLEM: Attachmate Reflection Products Java Multiple Vulnerabilities PLATFORM: Reflection X 2011 Reflection Suite for X 2011 Reflection for Secure IT Server for Windows Reflection for Secure IT Client and Server for UNIX ABSTRACT: Security issues related to Reflection PKI Services Manager REFERENCE LINKS: PKI Services Manager Technical Note 2560 Secunia Advisory SA51256 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 IMPACT ASSESSMENT: High DISCUSSION: Attachmate has acknowledged multiple vulnerabilities in some Reflection

84

Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling  

Science Conference Proceedings (OSTI)

Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

2009-03-26T23:59:59.000Z

85

Environmental Management Assessment of the Fernald Environmental Management Project (FEMP)  

Science Conference Proceedings (OSTI)

This report documents the results of the Environmental Management Assessment performed at the Fernald Environmental Management Project (FEMP) in Fernald, Ohio. During this assessment, the activities conducted by the assessment team included review of internal documents and reports from previous audits and assessments; interviews with US Department of Energy (DOE) and FEMP contractor personnel; and inspection and observation of selected facilities and operations. The onsite portion of the assessment was conducted from March 15 through April 1, 1993, by DOE`s Office of Environmental Audit (EH-24) located within the Office of the Assistant Secretary for Environment, Safety, and Health (EH-1). EH-24 carries out independent assessments of DOE facilities and activities as part of the EH-1 Environment, Safety, and Health (ES&H) Oversight Audit Program. The EH-24 program is designed to evaluate the status of DOE facilities and activities with respect to compliance with Federal, state, and local environmental laws and regulations; compliance with DOE Orders, Guidance and Directives; conformance with accepted industry practices and standards of performance; and the status and adequacy of management systems developed to address environmental requirements. The Environmental Management Assessment of FEMP focused on the adequacy of environmental management systems. Further, in response to requests by the Office of Environmental Restoration and Waste Management (EM) and Fernald Field Office (FN), Quality Assurance and Environmental Radiation activities at FEMP were evaluated from a programmatic standpoint. The results of the evaluation of these areas are contained in the Environmental Protection Programs section in this report.

Not Available

1993-04-01T23:59:59.000Z

86

Vulnerability Assessments - Vulnerability Assessment Team - Nuclear...  

NLE Websites -- All DOE Office Websites (Extended Search)

Useful Resources Useful Resources Contact the VAT Contact the VAT Other Nonproliferation & National Security Capabilities Work with Argonne Contact us For Employees Site...

87

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

88

Integrated Assessment as a Step Toward Reducing Climate Vulnerability in the Southwestern United States  

Science Conference Proceedings (OSTI)

Managing the effects of climate change requires new approaches to develop and deliver relevant climate information to regional and local decision makers, and to infuse that knowledge into their decision support systems. In the southwestern United ...

R. C. Bales; D. M. Liverman; B. J. Morehouse

2004-11-01T23:59:59.000Z

89

Vulnerability And Risk Assessment Using The Homeland-Defense Operational Planning System (HOPS)  

DOE Green Energy (OSTI)

For over ten years, the Counterproliferation Analysis and Planning System (CAPS) at Lawrence Livermore National Laboratory (LLNL) has been a planning tool used by U.S. combatant commands for mission support planning against foreign programs engaged in the manufacture of weapons of mass destruction (WMD). CAPS is endorsed by the Secretary of Defense as the preferred counterproliferation tool to be used by the nation's armed services. A sister system, the Homeland-Defense Operational Planning System (HOPS), is a new operational planning tool leveraging CAPS expertise designed to support the defense of the U.S. homeland. HOPS provides planners with a basis to make decisions to protect against acts of terrorism, focusing on the defense of facilities critical to U.S. infrastructure. Criticality of facilities, structures, and systems is evaluated on a composite matrix of specific projected casualty, economic, and sociopolitical impact bins. Based on these criteria, significant unidentified vulnerabilities are identified and secured. To provide insight into potential successes by malevolent actors, HOPS analysts strive to base their efforts mainly on unclassified open-source data. However, more cooperation is needed between HOPS analysts and facility representatives to provide an advantage to those whose task is to defend these facilities. Evaluated facilities include: refineries, major ports, nuclear power plants and other nuclear licensees, dams, government installations, convention centers, sports stadiums, tourist venues, and public and freight transportation systems. A generalized summary of analyses of U.S. infrastructure facilities is presented.

Durling, Jr., R L; Price, D E; Spero, K K

2005-01-03T23:59:59.000Z

90

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

91

CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT This Fiscal Year...

92

Marginal Lands: Concept, Assessment and Management  

SciTech Connect

Marginal lands have received wide attention for their potential to improve food security and support bioenergy production. However, environmental, ecosystem service, and sustainability concerns have been widely raised over the use of marginal land. Knowledge of the extent, location, and quality of marginal lands as well as their assessment and management are limited and diverse. This paper provides a review of the historical development of marginal concept, its application and assessment. Limitations and priority research needs of marginal land assessment and management were discussed.

Kang, Shujiang [ORNL; Post, Wilfred M [ORNL; West, Tristram O. [Joint Global Change Research Institute, PNNL; Bandaru, Vara Prasad [ORNL; Izaurralde, Dr. R. Cesar [Pacific Northwest National Laboratory (PNNL); Wang, Dali [ORNL; Nichols, Dr Jeff A [ORNL

2013-01-01T23:59:59.000Z

93

Seismic Vulnerability Assessment for Massive Structure: Case Study for Sofia City  

SciTech Connect

An advanced modeling technique, which allows us to compute realistic synthetic seismograms, is used to create a database of synthetic accelerograms in a set of selected sites located within Sofia urban area. The accelerograms can be used for the assessment of the local site response, represented in terms of Response Spectra Ratio (RSR). The result of this study, i.e. time histories, response spectra and other ground motion parameters, can be used for different earthquake engineering analyses. Finally, with the help of 3D finite elements modeling, the building structural performance is assessed.

Paskaleva, Ivanka; Koleva, Gergana [CLSMEE-BAS, 3 Acad. G. Bonchev str, 1113 Sofia (Bulgaria); Vaccari, Franco; Panza, Giuliano F. [DST-University of Trieste, E. Weiss 4, 34127 Trieste (Italy)

2008-07-08T23:59:59.000Z

94

PRIVACY IMPACT ASSESSMENT: Integrated Safety Management Workshop  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Integrated Integrated Safety Management Workshop Registration PIA Template Version 3 - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/o2061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Departmental Element&·Slte 16/Jun/09 Idaho National Laboratory Engineering Research Office Building (EROB) Name of-Information System or IT Project Integrated Safety Management Workshop Registration Exhibit Project UID 207765 NewPIA D Update 0 DOE PIA - ISMS Workshop Finallxw.doc N T "tl I

95

Assessment of the Emergency Management Program Training and Drills...  

NLE Websites -- All DOE Office Websites (Extended Search)

Laboratory Subject: Office of Enforcement and Oversight's Office of Safety and Emergency Management Evaluations Activity Report of the Assessment of the Emergency Management...

96

Assessment of groundwater management at Hanford  

SciTech Connect

A comprehensive review of the groundwater management and environmental monitoring programs at the Hanford reservation was initiated in 1973. A large number of recommendations made as a result of this review are summarized. The purpose of the Hanford Hydrology Program is to maintain a groundwater surveillance network to assess contamination of the natural water system. Potential groundwater contamination is primarily a function of waste management decisions. The review revealed that although the hydrology program would greatly benefit from additional improvements, it is adequate to predict levels of contaminants present in the groundwater system. Studies are presently underway to refine advanced mathematical models to use results of the hydrologic investigation in forecasting the response of the system to different long-term management decisions. No information was found which indicates that a hazard through the groundwater pathway presently exists as a result of waste operations at Hanford. (CH)

Deju, R.A.

1975-02-11T23:59:59.000Z

97

Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities IAJIT First Online Publication  

E-Print Network (OSTI)

Abstract: In order to perform the analysis and mitigation efforts related with the Information Security risks there exists quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly addresses the needs and priorities of the technical community rather than the management. For the enterprise management, this information is essentially required as a decision making aid for the asset allocation and the prioritization of mitigation efforts. So ideally the outcome of an information security risk method must be in synchronization with the enterprise objectives to act as a useful decision tool for the management. Also in the modelling of the threat domain, attack trees are frequently utilized. However the execution of attack tree modelling is costly from the effort and timing requirements and also has inherent scalability issues. So within this article our design-science research based work on an information security risk assessment method that addresses these two issues of enterprise objective inclusion and model scalability will be outlined.

Bugra Karabey; Nazife Baykal

2011-01-01T23:59:59.000Z

98

MANAGEMENT ASSESSMENT AN INTEGRATED ENVIRONMENT SAFETY & HEALTH MANAGEMENT SYSTEM (ISMS) CORE FUNCTION FOR FEEDBACK & CONTINUOUS IMPROVEMENT  

Science Conference Proceedings (OSTI)

Management assessment is required of US Department of Energy contractors by 10 CFR 830.122 and DOE Order 414.1. The management assessment process is a rigorous, preplanned, forward-looking review. It is required to be performed by owners of the processes that are being assessed. Written from the perspective of the Assessment Program Director and an Assessment Specialist, this paper describes the evolution of the process used by CH2MHILL to implement its management assessment program over the past two years including: roles, responsibilities, and details about our program improvement project designed to produce a clear picture of management processes and to identify opportunities for improvement. The management assessment program is essential to successful implementation, maintenance, and improvement of the CH2MHILL Integrated Environment, Safety, and Health Management System (ISMS). The management assessment program implements, in part, ISMS Core Function No. 5. ''Feedback and Continuous Improvement''. Organizations use the management assessment process to assess ISMS implementation and effectiveness. Management assessments evaluate the total picture of how well management processes are meeting organizational objectives and the customer's requirements and expectations. The emphasis is on management issues affecting performance, systems, and processes such as: strategic planning, qualification, training, staffing, organizational interfaces, communication, cost and schedule control and mission objectives. Management assessments should identify any weaknesses in the management aspects of performance and make process improvements. All managers from first line supervisors to the president and general manager are involved in the management assessment process. More senior managers, in conducting their assessment, will use data from lower levels of management. This approach will facilitate the objective of having managers closer to the work under review focusing on more compliance- and process-oriented aspects of work performance, while senior managers will concentrate on more strategic issues, having more access to information generated from assessments by their subordinates.

VON WEBER, M.

2005-07-26T23:59:59.000Z

99

Implementing Management Systems-Based Assessments  

SciTech Connect

A management system approach for evaluating environment, safety, health, and quality is in use at Sandia National Laboratories (SNL). Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy under contract DE-AC04-94AL85000. As a multi-program national laboratory, SNL has many diverse operations including research, engineering development and applications, production, and central services supporting all activities and operations. Basic research examples include fusion power generation, nuclear reactor experiments, and investigation of combustion processes. Engineering development examples are design, testing, and prototype developments of micro-mechanical systems for safe'~arding computer systems, air bags for automobiles, satellite systems, design of transportation systems for nuclear materials, and systems for use in medical applications such as diagnostics and surgery. Production operations include manufacture of instrumented detection devices, radioisotopes, and replacement parts for previously produced engineered systems. Support services include facilities engineering, construction, and site management, site security, packaging and transportation of hazardous materials wastes, ES&H functional programs to establish requirements and guidance to comply with federal, state, local, and contractual requirements and work safety. In this diverse environment, unlike more traditional single function business units, an integrated consistent management system is not typical. Instead, each type of diverse activity has its own management system designed and distributed around the operations, personnel, customers, and facilities (e.g., hazards involved, security, regulatory requirements, and locations). Laboratory managers are not likely to have experience in the more traditional hierarchical or command and control structures and thus do not share oversight expectations found in centralized management systems. The resulting corporate management system gives the appearance of an assembly of multiple, nearly independent operating units. The executive management system maintains these separate units, encouraging autonomy and creativity by establishing a minimum of requirements and procedures. In any organization, senior management has a responsibility to ensure that all operating units are meeting requirements. Part of this responsibility is fulfilled by conducting oversight or assurance activities, to determine the effectiveness of established systems in meeting requirements and performance expectations. Internal independent assessment is one of these assurance activities. Independent appraisals are combined with external audits and appraisals, self-assessments, peer reviews, project reviews, and other internal and external audits (e.g., financial, contractual) for a more complete assurance view. At SNL, internal independent appraisals are performed by the Audit Center, which reports directly to the Executive Vice President. ES&H independent appraisals are the responsibility of the ES&H and Quality Assessments Department, with a staff complement of eight. With our organization's charter to perform internal, independent appraisals, we set out to develop an approach and associated tools, which would be useful in the overall SNL environment and within our resource limitations.

Campisi, John A.; Reese, Robert T.

1999-05-03T23:59:59.000Z

100

Federal Energy Management Program: Assess Potential Agency Size Changes  

NLE Websites -- All DOE Office Websites (Extended Search)

Assess Potential Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions to someone by E-mail Share Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Facebook Tweet about Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Twitter Bookmark Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Google Bookmark Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Delicious Rank Federal Energy Management Program: Assess Potential Agency Size Changes that Impact Greenhouse Gas Emissions on Digg Find More places to share Federal Energy Management Program: Assess

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

Climate Vulnerability, Risk assessment and management in a Post-Kyoto PI: Gunter Stephan  

E-Print Network (OSTI)

into R&D and the transfer of clean (low-carbon and energy- efficient) technologies from set incentives for greenhouse gas reductions and for investments into adaptation by private. Is this pure marketing or can these incentives be effective tools for combating climate change? Task 2: Global

Richner, Heinz

102

An Assessment of Integrated Health Management Frameworks  

Science Conference Proceedings (OSTI)

In order to meet the ever increasing demand for energy, the United States nuclear industry is turning to life extension of existing nuclear power plants (NPPs). Economically ensuring the safe, secure, and reliable operation of aging NPPs presents many challenges. The 2009 Light Water Reactor Sustainability Workshop identified online monitoring of active and structural components as essential to better understanding and management of the challenges posed by aging NPPs. Additionally, there is increasing adoption of condition-based maintenance (CBM) for active components in NPPs. These techniques provide a foundation upon which a variety of advanced online surveillance, diagnostic, and prognostic techniques can be deployed to continuously monitor and assess the health of NPP systems and components. The next step in the development of advanced online monitoring is to move beyond CBM to estimating the remaining useful life of active components using prognostic tools. Deployment of prognostic health management (PHM) on the scale of an NPP requires the use of an integrated health management (IHM) framework - a software product (or suite of products) used to manage the necessary elements needed for a complete implementation of online monitoring and prognostics. This paper provides a thoughtful look at the desirable functions and features of IHM architectures. A full PHM system involves several modules, including data acquisition, system modeling, fault detection, fault diagnostics, system prognostics, and advisory generation (operations and maintenance planning). The standards applicable to PHM applications are indentified and summarized. A list of evaluation criteria for PHM software products, developed to ensure scalability of the toolset to an environment with the complexity of an NPP, is presented. Fourteen commercially available PHM software products are identified and classified into four groups: research tools, PHM system development tools, deployable architectures, and peripheral tools.

Lybeck, Nancy; Coble, Jamie B.; Tawfik, Magdy; Bond, Leonard J.

2012-05-18T23:59:59.000Z

103

JC3 High Impact Assessment Bulletins | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

High Impact High Impact Assessment Bulletins JC3 High Impact Assessment Bulletins RSS August 9, 2013 V-215: NetworkMiner Directory Traversal and Insecure Library Loading Vulnerabilities The vulnerabilities are reported in versions 1.4.1 and prior August 8, 2013 V-214: Mozilla Firefox Multiple Vulnerabilities The vulnerabilities are reported in versions prior to 23.0. August 5, 2013 V-211: IBM iNotes Multiple Vulnerabilities IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability August 2, 2013 V -209:Cisco WAAS (Wide Area Application Services) Arbitrary Code Execution Vulnerabilities Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated,

104

CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT This Fiscal Year 2008 Civilian Radioactive Waste Management Fee Adequacy Letter Report presents an evaluation of the adequacy of the one mill per kilowatt-hour fee paid by commercial nuclear power generators for the permanent disposal of their spent nuclear fuel by the Government. This evaluation recommends no fee change. CIVILIAN RADIOACTIVE WASTE MANAGEMENT 2008 FEE ADEQUACY ASSESSMENT LETTER REPORT More Documents & Publications FY 2007 Fee Adequacy, Pub 2008 Fiscal Year 2007 Civilian Radioactive Waste Management Fee Adequacy Assessment Report January 16, 2013 Secretarial Determination of the Adequacy of the Nuclear

105

Senior Technical Safety Manager Qualification Program Self-Assessment -  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Senior Technical Safety Manager Qualification Program Senior Technical Safety Manager Qualification Program Self-Assessment - Chief of Nuclear Safety Senior Technical Safety Manager Qualification Program Self-Assessment - Chief of Nuclear Safety A self-assessment of the CNS Senior Technical Safety Manager (STSM) Qualification Program was conducted during the week of July 8, 2013, when all STSM-qualified staff members were present in Germantown, Maryland. This was the first self-assessment that CNS has conducted. In accordance CNS Standard Operating Procedure SOP-016, Senior Technical Safety Manager Qualification Program, a self-assessment is required once every four years. Chief of Nuclear Safety STSM Self-Assessment, August 2013 More Documents & Publications 2010 Annual Workforce Analysis and Staffing Plan Report - Chief of Nuclear

106

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Medium Impact Medium Impact Assessment Bulletins JC3 Medium Impact Assessment Bulletins RSS December 4, 2012 V-039: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability Samsung has issued a security advisory and an optional firmware update for all current Samsung networked laser printers and multifunction devices to enhance Simple Network Management Protocol (SNMP) security. November 30, 2012 V-037: Wireshark Multiple Bugs Let Remote Users Deny Service Several vulnerabilities were reported in Wireshark. November 29, 2012 V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. November 27, 2012 V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws

107

Environmental Management Assessment of the National Renewable Energy Laboratory (NREL)  

SciTech Connect

This report documents the results of the environmental management assessment performed at the National Renewable Energy Laboratory (NREL) in Golden, Colorado. The onsite portion of the assessment was conducted from September 14 through September 27, 1993, by DOE`s Office of Environmental Audit (EH-24) located within the Office of the Assistant Secretary for Environment, Safety, and Health (EH-1). During this assessment, the activities conducted by the assessment team included reviews of internal documents and reports from previous audits and assessments; interviews with US Department of Energy (DOE) and NREL contractor personnel; and inspections and observations of selected facilities and operations. The environmental management assessment of NREL focused on the adequacy of environmental management systems and assessed the formality of programs employing an approach that recognizes the level of formality implementing environmental programs may vary commensurate with non-nuclear research and development operations. The Assessment Team evaluated environmental monitoring, waste management and National Environmental Policy Act (NEPA) activities at NREL, from a programmatic standpoint. The results of the evaluation of these areas are contained in the Environmental Protection Programs section of this report. The scope of the NREL Environmental Management Assessment was comprehensive and included all areas of environmental management. At the same time, environmental monitoring, waste management, and NEPA activities were evaluated to develop a programmatic understanding of these environmental disciplines, building upon the results of previous appraisals, audits, and reviews performed at the NREL.

1993-09-01T23:59:59.000Z

108

Risk Assessment and Risk Management/Mitigation  

Science Conference Proceedings (OSTI)

... Emergency Management Agency FEMP Federal Energy ... defines key terms, designates guidelines, and ... the many software products developed by ...

2007-10-03T23:59:59.000Z

109

V-145: IBM Tivoli Federated Identity Manager Products Java Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: IBM Tivoli Federated Identity Manager Products Java Multiple 5: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 - 12:09am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities PLATFORM: IBM Tivoli Federated Identity Manager versions 6.1, 6.2.0, 6.2.1, and 6.2.2. IBM Tivoli Federated Identity Manager Business Gateway versions 6.1.1, 6.2.0, 6.2.1 and 6.2.2. ABSTRACT: IBM has acknowledged a weakness and two vulnerabilities in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway REFERENCE LINKS: IBM Reference #:1634544 Secunia Advisory SA53233 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: Medium DISCUSSION: CVE-2013-0440 - Unspecified vulnerability in IBM Java

110

Independent Oversight Assessment, DOE Office of Environmental Management  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Assessment, DOE Office of Environmental Assessment, DOE Office of Environmental Management Headquarters - November 2012 Independent Oversight Assessment, DOE Office of Environmental Management Headquarters - November 2012 November 2012 Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters The U.S. Department of Energy (DOE) Office of Enforcement and Oversight (Independent Oversight), within the Office of Health, Safety and Security (HSS), conducted an independent assessment of the safety culture1 at the DOE Office of Environmental Management (EM) - Headquarters (EM-HQ). The primary objective of the evaluation was to provide information regarding the status of the safety culture at EM-HQ. The data collection phase of the assessment occurred in April and May 2012.

111

Protocols for conducting Environmental Management Assessments of DOE organizations  

SciTech Connect

To assess the effectiveness of DOE`s environmental programs, the Office of Environmental Audit conducts Environmental Management Assessments of DOE programs and facilities. These assessments take a broad programmatic view of environmental systems which may cover multiple sites. The focus of the assessment is on the infrastructure, systems, programs, and tools to manage environmental issues, not on the compliance issues themselves. Protocols have been developed to assist in the conduct of Environmental Management Assessments. The protocols are, based on and serve as implementing guidelines for the Environmental Management Section of ``Performance Objectives and Criteria for Conducting DOE Environmental Audits`` (DOE/EH-022). They are intended to provide guidance to the Assessment Team in conducting these reviews.

1993-08-01T23:59:59.000Z

112

Software Vulnerability Taxonomy Consolidation  

SciTech Connect

In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to system administrators, software developers and vulnerability researchers is not yet achieved, this work has resulted in the most exhaustive collection of vulnerability data to date.

Polepeddi, S

2004-12-08T23:59:59.000Z

113

Maintenance Work Management -- Best Practices Guidelines: Maintenance Assessment and Improvement  

Science Conference Proceedings (OSTI)

This report on maintenance work management best practices is part of EPRI's Plant Maintenance Optimization (PMO) development efforts. Based on a series of assessment and improvement projects, the report describes the process and typical results.

1998-03-12T23:59:59.000Z

114

CRAD, Configuration Management Assessment Plan | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Configuration Management Assessment Plan Configuration Management Assessment Plan CRAD, Configuration Management Assessment Plan Performance Objective: The objective of this assessment is to determine whether a Configuration Management Program (CM) is in place which allows for the availability and retrievability of accurate information, improves response to design and operational decisions, enhances worker safety, increases facility safety and reliability, increases efficiency of work efforts, and helps maintain integrity of interfacing orders. Criteria: The CM program supports DOE program implementation through the following: It provides the mechanisms for identifying, cataloging, and maintaining the design requirements and design basis (established to satisfy DOE O 420.1 Facility Safety). It carries forward the technical baseline established in the design

115

Quantifying software vulnerability  

Science Conference Proceedings (OSTI)

The technique known as ACE Analysis allows researchers to quantify a hardware structure's Architectural Vulnerability Factor (AVF) using simulation. This allows researchers to understand a hardware structure's vulnerability to soft errors and consider ... Keywords: fault tolerance, modeling, soft errors

Vilas Sridharan; David R. Kaeli

2008-05-01T23:59:59.000Z

116

Value-Based Maintenance Grid for Assessing Work Management  

Science Conference Proceedings (OSTI)

The Value-Based Maintenance Grid is a tool that assesses maintenance processes in fossil power plants. Reliability Management Group (RMG) and EPRI jointly developed the grid in 1995. It is based on RMG's Reliability Management Grid, a tool RMG has used successfully in other competitive industries such as manufacturing and refining.

1999-03-12T23:59:59.000Z

117

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS Introduction SCADA Security for Managers and Operators Intermediate SCADA Security Training Course Slides...

118

Windthrow Assessment and Management in British Columbia.  

E-Print Network (OSTI)

season, a 25-year storm on October 17, 1996 blew down 325 trees. Winds were from the southeast with clearcuts or partial cuts. Studies of windthrow in natural stands, and wind regimes are in the second............................................................................................................iii Section 1. Wind Damage Associated with Management .............................................. 1

Mitchell, Stephen

119

Application of Risk Assessment and Management to Nuclear Safety |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Application of Risk Assessment and Management to Nuclear Safety Application of Risk Assessment and Management to Nuclear Safety Application of Risk Assessment and Management to Nuclear Safety September 20, 2012 Presenter: Commissioner George Apostolakis US Nuclear Regulatory Commission Topics covered: Management of (unquantified at the time) uncertainty was always a concern. Defense-in-depth and safety margins became embedded in the regulations. "Defense-in-Depth is an element of the NRC's safety philosophy that employs successive compensatory measures to prevent accidents or mitigate damage if a malfunction, accident, or naturally caused event occurs at a nuclear facility." [Commission's White Paper, February 1999] Design Basis Accidents are postulated accidents that a nuclear facility must be designed and built to withstand without loss to the

120

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Shockwave Player Multiple Vulnerabilities 1: Adobe Shockwave Player Multiple Vulnerabilities V-131: Adobe Shockwave Player Multiple Vulnerabilities April 11, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Shockwave Player PLATFORM: The vulnerabilities are reported in versions 12.0.0.112 and prior ABSTRACT: This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system REFERENCE LINKS: Secunia Advisory: SA52981 Adobe Security Bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385 CVE-2013-1386 IMPACT ASSESSMENT: High DISCUSSION: This update resolves : 1) A buffer overflow vulnerability that could lead to code execution 2) Memory corruption vulnerabilities that could lead to code execution 3) Memory leakage vulnerability that could be exploited to reduce the

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

Climate?related vulnerability and adaptive?capacity in Ethiopias Borana and Somali communities Final assessment report  

E-Print Network (OSTI)

BTClick here to enter textT 2 Executive Summary Pastoral communities in the Borana and Shinile zones of Ethiopia have been changing and adapting their livelihoods to changing environmental conditions for centuries. Recurrent droughts have been a major issue throughout history in the Ethiopian lowlands, and strategies to cope with, and adapt to these droughts are embedded in communities traditional social structures and resource management systems. Local and scientific observations show that the regions climate is changing. Recent evidence includes increasing temperatures and drought frequency, as well as unpredictable rains that fall in shorter but more intense episodes. The magnitude and rate of current climate change, combined with additional environmental, social and political issues, are making many traditional coping strategies ineffective and/or unsustainable, amplifying environmental degradation and food insecurity, and forcing communities to rapidly find new livelihood strategies. The communities participating in this study have many ideas on how to prepare for future climate change, demonstrating a strong motivation to move out of poverty and take their future into their

Batrice Rich (iisd; Cynthia B. Awuor (care International; Anne Hammill (iisd

2009-01-01T23:59:59.000Z

122

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

,. - -i * PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: FERNALD HISTORICAL RECORDS SYSTEM PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/02061.pdf Please complete electronically: no hand-written slibmisslons will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Departmental Element & SIte· June 4, 2009 Office of Legacy Management, Morgantown, WV Name of Information System or IT Project LM Records Handling System (LMRHS01) - Fernald Historical Records System exhIbit Project UIO 019-10-01-31-02-1014-00

123

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

-. -. ., ,-- -.' * PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: ELECTRONIC RECORDS KEEPING SYSTEM PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1. Department of Energy Privacy Program, Appendix A. Privacy Impact Assessments. for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetext/neword/206/02061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Deparbnental Element & Site . June 4, 2009 Office of Legacy Management, Morgantown, WV :;:~:f~~r~;;:reC: LM Records Handling System (LMRHS01) - Electronic Records Keeping System exhibit Project UID 019-10-01-31-02-1014-00

124

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

* PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM ROCKY FLATS ENVIRONMENTAL RECORDS DATABASE PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/o2061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Departmental Element & Site June 4,2009 Office of Legacy Management, Morgantown, WV Name of Information LM Records Handling System (LMRHS01) - Rocky Flats Environmental Records System or IT Project Database exhibit Project UID 019-10-01-31-02-1014-00

125

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

'" '" " * .1 * PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: FREEDOM OF INFORMAnON ACT/ PRIVACY ACT PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/02061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE 1- PRIVACY NEEDS ASSESSMENT Date Oeparbn~ntal Element" Site June 4, 2009 Office of Legacy Management, Morgantown, WV Name of Information System or IT Project LM Records Handling System (LMRHS01) - Freedom of Information Act/Privacy

126

Environmental Assessment : Squawfish Management Program : Final.  

DOE Green Energy (OSTI)

Bonneville Power Administration (BPA) proposes to decrease the number of northern squawfish (Ptychocheilus oregonensis) in reservoirs in the Columbia River system. The goal of the Squawfish Management Program is to reduce losses of outmigrating juvenile salmon and steelhead (salmonids) to northern squawfish predation. The objective is to reduce the number of northern squawfish that feed on juvenile salmonids (smolts) by 10 to 20 percent to alter the age and size structure of the northern squawfish population. The hypothesis, based on computer modeling, indicates that sustained northern squawfish harvest (5 to 10 years) and the resultant population restructuring may reduce losses of juvenile salmonids to predation by up to 50 percent or more within 10 years. The proposed action would target northern squawfish 11 inches and longer, the size in which northern squawfish being preying significantly on juvenile salmonids. BPA proposes to fund three types of fisheries to harvest northern squawfish. BPA also proposes to fund monitoring activities of these fisheries to determine whether desired or other results occur. The three fisheries methods proposed are: (1) commercial Tribal fishing; (2) sport reward fishing; and (3) fishing from restricted areas of each dam ( dam angling''). These fisheries were tested in 1990 and 1991.

United States. Bonneville Power Administration.

1992-05-01T23:59:59.000Z

127

V-038: Google Chrome Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Two Vulnerabilities 8: Google Chrome Two Vulnerabilities V-038: Google Chrome Two Vulnerabilities December 3, 2012 - 1:00am Addthis PROBLEM: Google Chrome Two Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 23.0.1271.95. ABSTRACT: Two vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA51447 CVE-2012-5137 CVE-2012-5138 IMPACT ASSESSMENT: High DISCUSSION: Two vulnerabilities have been reported in Google Chrome, where one has an unknown impact and the other can be exploited by malicious people to compromise a user's system. 1) An error exists when handling file paths. 2) A use-after-free error exists when handling media sources. The vulnerabilities are reported in versions prior to 23.0.1271.95. IMPACT:

128

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Secure Gateway Unspecified Vulnerability 6: Citrix Secure Gateway Unspecified Vulnerability T-566: Citrix Secure Gateway Unspecified Vulnerability February 28, 2011 - 11:22pm Addthis PROBLEM: Citrix Secure Gateway Unspecified Vulnerability. PLATFORM: Citrix Secure Gateway version 3.1.4 ABSTRACT: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia Advisory SA43497 Citrix Support IMPACT ASSESSMENT: High Discussion: This vulnerability only affects Secure Gateway version 3.1.4. Secure Gateway version 3.2.0 is not affected by this vulnerability, but Citrix recommends that customers currently using this version upgrade their deployments to version 3.2.1 in line with the guidance provided in

129

Empirical Estimates and Observations of 0Day Vulnerabilities  

Science Conference Proceedings (OSTI)

We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day.

Miles A. McQueen; Trevor A. McQueen; Wayne F. Boyer; May R. Chaffin

2009-01-01T23:59:59.000Z

130

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

94: IBM Multiple Products Multiple Vulnerabilities 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1 IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2 ABSTRACT: A weakness and multiple vulnerabilities have been reported in multiple IBM products. REFERENCE LINKS: IBM Reference #:1625624 IBM Product Security Incident Response Blog Secunia Advisory SA52132

131

Steam Generator Management Program: Assessment of Steam Generator Tube Plugs  

Science Conference Proceedings (OSTI)

EPRI Steam Generator Management Program guidelines require that utilities perform integrity assessments of all steam generator (SG) components, including tube plugs. SG inspection outages should specifically include monitoring of degradation in tube hardware such as plugs. This report provides guidance for utility engineers to use in determining tube plug inspection requirements, including scope, technique, and periodicity.BackgroundGenerally, utilities perform ...

2013-08-28T23:59:59.000Z

132

PRIVACY IMPACT ASSESSMENT: OFFICE OF LEGACY MANAGEMENT: RECORDS  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

OFFICE OFFICE OF LEGACY MANAGEMENT: RECORDS HANDLING SYSTEM: ENERGY EMPLOYEES OCCUPATIONAL ILLNESS COMPENSATION PROGRAM ACT PIA Template Version - May, 2009 Department of Energy Privacy Impact Assessment (PIA) Guidance Is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program, Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting a PIA: http://www.directives.doe.gov/pdfs/doe/doetextlneword/206/02061.pdf Please complete electronically: no hand-written submissions will be accepted. This template may not be modified. MODULE I - PRIVACY NEEDS ASSESSMENT Date Departmental Element &Site June 4, 2009 Office of Legacy Management, Morgantown, WV Name of Information LM Records Handling System (LMRHS01) - Energy Employees Occupational Illness System or IT Project Compensation Program Act exhibit

133

Implementation of Industrial Assessment Center Energy and Waste Management Recommendations  

E-Print Network (OSTI)

The Industrial Assessment Center at Texas A&M University is funded by the U.S. Department of Energy and involves students in the analysis of nearby Texas manufacturers. Through these analyses, the Industrial Assessment Center determines means by which the industries may reduce their energy consumption and waste production to reduce production costs. The energy conservation and waste reduction projects are studied by the students and formally presented in a technical report detailing the associated costs and savings. The report is sent to the company which then is responsible for the implementation of the projects, including funding. Case studies of three successful assessments are provided, and were chosen due to management cooperation and the implementation of a diverse group of energy conservation and waste management recommendations.

King, J. D.; Eggebrecht, J. A.; Heffington, W. M.

1997-04-01T23:59:59.000Z

134

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

NLE Websites -- All DOE Office Websites (Extended Search)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

135

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

National Nuclear Security Administration (NNSA)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

136

Integrated Safeguards and Security Management Self-Assessment 2004  

Science Conference Proceedings (OSTI)

In 2002 Ernest Orlando Lawrence Berkeley National Laboratory deployed the first Integrated Safeguards and Security Management (ISSM) Self-Assessment process, designed to measure the effect of the Laboratory's ISSM efforts. This process was recognized by DOE as a best practice and model program for self-assessment and training. In 2004, the second Self-Assessment was launched. The cornerstone of this process was an employee survey that was designed to meet several objectives: (1) Ensure that Laboratory assets are protected. (2) Provide a measurement of the Laboratory's current security status that can be compared against the 2002 Self-Assessment baseline. (3) Educate all Laboratory staff about security responsibilities, tools, and practices. (4) Provide security staff with feedback on the effectiveness of security programs. (5) Provide line management with the information they need to make informed decisions about security. This 2004 Self Assessment process began in July 2004 with every employee receiving an information packet and instructions for completing the ISSM survey. The Laboratory-wide survey contained questions designed to measure awareness and conformance to policy and best practices. The survey response was excellent--90% of Berkeley Lab employees completed the questionnaire. ISSM liaisons from each division followed up on the initial survey results with individual employees to improve awareness and resolve ambiguities uncovered by the questionnaire. As with the 2002 survey, the Self-Assessment produced immediate positive results for the ISSM program and revealed opportunities for longer-term corrective actions. Results of the questionnaire provided information for organizational profiles and an institutional summary. The overall level of security protection and awareness was very high--often above 90%. Post-survey work by the ISSM liaisons and line management consistently led to improved awareness and metrics, as shown by a comparison of profiles at the end of phase one (August 6, 2004) and phase two (November 1, 2004). The Self-Assessment confirmed that classified information is not held or processed at Berkeley Lab. The survey results also identified areas where increased employee knowledge and awareness of Laboratory policy would be beneficial, the two most prominent being password usage and wireless network service. Line management will be able to determine additional corrective actions based on the results of the Self-Assessment. Future assessments will raise the ratings bar for some existing program elements and add new elements to stimulate further improvements in Laboratory security.

Lunford, Dan; Ramsey, Dwayne

2005-04-01T23:59:59.000Z

137

Thermodynamic data management system for nuclear waste disposal performance assessment  

Science Conference Proceedings (OSTI)

Thermodynamic property values for use in assessing the performance of a nuclear waste repository are described. More emphasis is on a computerized data base management system which facilitates use of the thermodynamic data in sensitivity analysis and other studies which critically assess the performance of disposal sites. Examples are given of critical evaluation procedures; comparison of apparent equilibrium constants calculated from the data base, with other work; and of correlations useful in estimating missing values of both free energy and enthalpy of formation for aqueous species. 49 refs., 11 figs., 6 tabs.

Phillips, S.L.; Hale, F.V.; Siegel, M.D.

1988-04-01T23:59:59.000Z

138

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

139

V-125: Cisco Connected Grid Network Management System Multiple  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Cisco Connected Grid Network Management System Multiple 5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am Addthis PROBLEM: Cisco Connected Grid Network Management System Multiple Vulnerabilities PLATFORM: Cisco Connected Grid Network Management System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco Security Notice CVE-2013-1171 Secunia Advisory SA52834 SecurityTracker Alert ID: 1028374 SecurityTracker Alert ID: 1028373 CVE-2013-1163 CVE-2013-1171 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to

140

V-036: EMC Smarts Network Configuration Manager Database Authentication  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: EMC Smarts Network Configuration Manager Database 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: EMC Identifier: ESA-2012-057 Secunia Advisory SA51408 SecurityTracker Alert ID: 1027812 CVE-2012-4614 CVE-2012-4615 IMPACT ASSESSMENT: Medium DISCUSSION: The systems uses a hard-coded key to encrypt authentication credentials on the target system [CVE-2012-4615]. A local user with knowledge of the key

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

U-116: IBM Tivoli Provisioning Manager Express for Software Distribution  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IBM Tivoli Provisioning Manager Express for Software 6: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities March 5, 2012 - 7:00am Addthis PROBLEM: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities PLATFORM: IBM Tivoli Provisioning Manager Express for Software Distribution 4.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system. reference LINKS: Secunia Advisory SA48216 CVE-2012-0198 CVE-2012-0199 IMPACT ASSESSMENT: High Discussion: Certain input passed via "Printer.getPrinterAgentKey" to the SoapServlet

142

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

143

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

144

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

162: Drupal Multiple Vulnerabilities 162: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

145

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

146

T-540: Sybase EAServer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: Sybase EAServer Multiple Vulnerabilities 40: Sybase EAServer Multiple Vulnerabilities T-540: Sybase EAServer Multiple Vulnerabilities January 24, 2011 - 6:16am Addthis PROBLEM: Sybase EAServer Multiple Vulnerabilities PLATFORM: Sybase EAServer versions 6.3 and prior ABSTRACT: Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information. Sybase EAServer versions 6.3 and prior are affected. reference LINKS: Bugtraq ID: 45809 SyBase Advisory IMPACT ASSESSMENT: Medium Discussion: Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over

147

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

148

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

62: Drupal Multiple Vulnerabilities 62: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

149

T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities 6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities March 14, 2011 - 3:05pm Addthis PROBLEM: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. PLATFORM: Sun Solaris 10 ABSTRACT: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. reference LINKS: Secunia Advisory: SA43747 Oracle Sun Advisory: CVE Multiple Vulnerabilities in Adobe Flash Player Secure List: SA43747 Oracle Sun Support Adobe Flash Player for Linux and Solaris IMPACT ASSESSMENT: High Discussion: Oracle has acknowledged multiple vulnerabilities in Solaris, which can be exploited by malicious people to disclose sensitive information, bypass

150

Management Assessment Quality Assurance Guidance in support of EM environmental sampling and analysis activities  

SciTech Connect

This document is one of several guidance documents developed by DOE EM pertaining to environmental restoration and waste management sampling and analysis activities. This guidance contains performance objectives and representative assessment criteria that can be used to conduct management assessments.

1994-05-01T23:59:59.000Z

151

Independent Oversight Assessment, DOE Office of Environmental Management Headquarters- November 2012  

Energy.gov (U.S. Department of Energy (DOE))

Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters

152

Strategic environmental assessment as an approach to assess waste management systems. Experiences from an Austrian case study  

Science Conference Proceedings (OSTI)

Waste management has evolved from the simple transportation of waste to landfills to complex systems, including waste prevention and waste recycling as well as several waste treatment and landfill technologies. To assess the environmental, economical ... Keywords: Life cycle assessment, Participation, Strategic environmental assessment, Waste management

Stefan Salhofer; Gudrun Wassermann; Erwin Binner

2007-05-01T23:59:59.000Z

153

Management and organizational assessments: a review of selected organizations  

Science Conference Proceedings (OSTI)

This report is part of a larger project designed to assist the NRC in its responsibilities for assessing the management and organization of utilities applying for an operating license for a nuclear power plant. This report reviews the processes and criteria used by other organizations that conduct management and organization audits and evaluations. It was undertaken in order to provide data and a basis for future analysis by taking a comparative perspective. When considering changes in criteria and procedures as the NRC is doing, a standard benchmark is the performance of other organizations that are similarly situated. It was our goal to directly inform the NRC about the activities of other organizations so that a reconsideration of NRC activities could benefit from the perspective of organizations with a longer, broader, and different experience than the NRC has in the management and organization area. Data collected for this report has provided useful information in designing organization and administration guidelines and assessment procedures for consideration by the NRC.

Nadel, M.V.; Kerwin, C.M.

1984-02-01T23:59:59.000Z

154

Ames Laboratory integrated safety management self-assessment report  

SciTech Connect

The implementation of Integrated Safety Management (ISM) at Ames Laboratory began with the signing of the ISM Implementation Charter on February 24, 1997 (see Appendix A). The first step toward implementation of ISM at Ames Laboratory is the performance of a Self-Assessment (SA). In preparation for the SA, a workshop on ISM was provided to the Laboratory`s Environment, Safety, and Health (ES&H) Coordinators, Safety Review Committee members, and the Environment, Safety, Health and Assurance (ESH&A) staff. In addition, a briefing was given to the Laboratory`s Executive Council and Program Directors. Next, an SA Team was organized. The Team was composed of four Ames Laboratory and four Department of Energy-Chicago Operations Office (DOE-CH) staff members. The purpose of this SA was to determine the current status of ES&H management within Ames Laboratory, as well as to identify areas which need to be improved during ISM implementation. The SA was conducted by reviewing documents, interviewing Ames Laboratory management and staff, and performing walkthroughs of Laboratory areas. At the conclusion of this SA, Ames Laboratory management was briefed on the strengths, weaknesses, and the areas of improvement which will assist in the implementation of ISM.

NONE

1997-10-01T23:59:59.000Z

155

Knowledge management adoption and assessment for SMEs by a novel MCDM approach  

Science Conference Proceedings (OSTI)

This paper aims to clarify the misunderstanding of high expenditure on knowledge management systems adoption, and provides a novel approach for the most emergent knowledge management components to catch up to the pace of their rivals for the late adopters ... Keywords: Knowledge Management (KM), Knowledge management adoption, Knowledge management assessment, Multiple Criteria Decision Making (MCDM), Small and Medium Enterprises (SME)

Ying-Hsun Hung; Seng-Cho T. Chou; Gwo-Hshiung Tzeng

2011-05-01T23:59:59.000Z

156

Self Assessment Survey - Vulnerability Assessment Team - Nuclear...  

NLE Websites -- All DOE Office Websites (Extended Search)

Useful Resources Useful Resources Contact the VAT Contact the VAT Other Nonproliferation & National Security Capabilities Work with Argonne Contact us For Employees Site...

157

Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Performing Energy Security Assessments - Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers ii Contents EXECUTIVE SUMMARY ........................................................................................................ v 1. INTRODUCTION ............................................................................................................... 1 1.1 Facilities to be Assessed...........................................................................................................................1 2. BEGINNING THE ENERGY SECURITY ASSESSMENT PROCESS ............................... 2 2.1 Assign an Energy Security Manager .........................................................................................................2 2.2 Define the Mission of the Installation

158

Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers  

NLE Websites -- All DOE Office Websites (Extended Search)

Performing Energy Security Assessments - Performing Energy Security Assessments - A How-To Guide for Federal Facility Managers ii Contents EXECUTIVE SUMMARY ........................................................................................................ v 1. INTRODUCTION ............................................................................................................... 1 1.1 Facilities to be Assessed...........................................................................................................................1 2. BEGINNING THE ENERGY SECURITY ASSESSMENT PROCESS ............................... 2 2.1 Assign an Energy Security Manager .........................................................................................................2 2.2 Define the Mission of the Installation

159

Energy vulnerability relationships  

Science Conference Proceedings (OSTI)

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

160

Enforcement Guidance Supplement 01-22, Management and Independent Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

EGS: 01-02 Appendix E- Operational Procedures for Enforcement Department of Energy Washington, DC 20585 December 17, 2001 MEMORANDUM FOR: DOE PAAA COORDINATORS CONTRACTOR PAAA COORDINATORS FROM: R. KEITH CHRISTOPHER DIRECTOR OFFICE OF PRICE-ANDERSON ENFORCEMENT SUBJECT: Enforcement Guidance Supplement 01-02: Management and Independent Assessment Section 1.3 of the Operational Procedures for Enforcement, published in June 1998, provides the opportunity for the Office of Price-Anderson Enforcement (OE) to periodically issue clarifying guidance regarding the processes used in its enforcement activities. OE typically issues such guidance in the form of Enforcement Guidance Supplements (EGSs), which provide information or recommendations only and impose no

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

Integrated Substation Equipment Risk and Performance Assessment Tool for Asset Management and Smart Grid Implementation  

Science Conference Proceedings (OSTI)

Risk assessment and risk management are key elements in any well-developed asset management plan, and an increasing number of utility managers are devoting resources to improving their ability to understand and make risk-based decisions. Consequently, there is growing interest in the tools and methodologies required to better assess equipment performance and risk and provide quantitative information to drive asset management decision processes. In addition, risk and performance assessment tools can be in...

2009-12-23T23:59:59.000Z

162

Manager's Signature Log Privacy Impact Assessment, Office of...  

NLE Websites -- All DOE Office Websites (Extended Search)

Documents & Publications iManage Strategic Integrated Procurement Enterprise System (STRIPES) PIA, Office of Procurement and Assistance Management Integrated Safety Management...

163

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilit...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis...

164

V-122: IBM Tivoli Application Dependency Discovery Manager Java...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities March...

165

V-145: IBM Tivoli Federated Identity Manager Products Java Multiple...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 -...

166

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Multiple Vulnerabilities 1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: versions prior to 26.0.1410.43. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Secunia Advisory SA52761 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. IMPACT: 1) A use-after-free error exists in Web Audio.

167

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Vulnerabilities 5: Google Chrome Multiple Vulnerabilities V-105: Google Chrome Multiple Vulnerabilities March 6, 2013 - 12:09am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome prior to 25.0.1364.152. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA52454 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities in Google Chrome may have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in frame loader. 2) A use-after-free error exists in browser navigation handling.

168

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

169

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Unified Customer Voice Portal (CVP) Multiple 2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT: Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. REFERENCE LINKS: Secunia Advisory SA53306 Cisco Advisory ID cisco-sa-20130508-cvp Cisco Applied Mitigation Bulletin CVE-2013-1220 CVE-2013-1221 CVE-2013-1222 CVE-2013-1223 CVE-2013-1224 CVE-2013-1225 IMPACT ASSESSMENT: Medium DISCUSSION:

170

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

171

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

172

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Data Studio Web Console Java Multiple Vulnerabilities 8: IBM Data Studio Web Console Java Multiple Vulnerabilities V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities June 14, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE REFERENCE LINKS: Secunia Advisory SA53778 IBM Flash Alert 1640533 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: High DISCUSSION: An unspecified vulnerability within the JSSE component could allow: 1) A remote attacker to cause a denial of service 2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of

173

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

174

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

175

U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Bugzilla LDAP Injection and Information Disclosure 1: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities September 5, 2012 - 6:00am Addthis PROBLEM: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: Bugzilla is prone to an LDAP-injection vulnerability and an information-disclosure vulnerability reference LINKS: Bugzilla Homepage Bugzilla Security Advisory Bugtraq ID: 55349 Secunia Advisory SA50433 CVE-2012-3981 CVE-2012-4747 IMPACT ASSESSMENT: Medium Discussion: A vulnerability and a security issue have been reported, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used

176

V-062: Asterisk Two Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Asterisk Two Denial of Service Vulnerabilities 2: Asterisk Two Denial of Service Vulnerabilities V-062: Asterisk Two Denial of Service Vulnerabilities January 4, 2013 - 6:00am Addthis PROBLEM: Asterisk Two Denial of Service Vulnerabilities PLATFORM: The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x. ABSTRACT: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA51689 Asterisk Project Security Advisories CVE-2012-5976 CVE-2012-5977 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via

177

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

178

U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities 6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities December 22, 2011 - 6:30am Addthis PROBLEM: Mozilla Firefox / Thunderbird Multiple Vulnerabilities . PLATFORM: Mozilla Firefox 8.x and Mozilla Thunderbird 8.x ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. reference LINKS: Advisory 2011-53 Advisory 2011-54 Advisory 2011-55 Advisory 2011-56 Advisory 2011-57 Advisory 2011-58 Secunia Advisory: SA47302 IMPACT ASSESSMENT: High Discussion: Vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further

179

U-104: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Flash Player Multiple Vulnerabilities 4: Adobe Flash Player Multiple Vulnerabilities U-104: Adobe Flash Player Multiple Vulnerabilities February 16, 2012 - 6:30am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. reference LINKS: Adobe Security Bulletin Secunia Advisory 48033 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Adobe Flash Player, which

180

U-246: Tigase XMPP Dialback Protection Bypass Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Tigase XMPP Dialback Protection Bypass Vulnerability 6: Tigase XMPP Dialback Protection Bypass Vulnerability U-246: Tigase XMPP Dialback Protection Bypass Vulnerability August 28, 2012 - 7:00am Addthis PROBLEM: Tigase XMPP Dialback Protection Bypass Vulnerability PLATFORM: Tigase 5.x ABSTRACT: A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. reference LINKS: XMPP Standards Foundation Secunia Advisory SA50362 tigase.org CVE-2012-4670 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Multiple Vulnerabilities 4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system. PLATFORM: Google Chrome 28.x ABSTRACT: The vulnerabilities are reported in versions prior to 29.0.1547.57 REFERENCE LINKS: Secunia Advisory ID: 1028921 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose

182

T-730: Vulnerability in Citrix Provisioning Services could result in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

730: Vulnerability in Citrix Provisioning Services could result 730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution September 29, 2011 - 8:30am Addthis PROBLEM: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution. PLATFORM: This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6 Service Pack 1. ABSTRACT: Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. reference LINKS: Citrix Document ID: CTX130846 Security Focus: Bugtraq ID 49803 IMPACT ASSESSMENT:

183

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Multiple Vulnerabilities 8: Google Chrome Multiple Vulnerabilities V-208: Google Chrome Multiple Vulnerabilities August 1, 2013 - 2:32am Addthis PROBLEM: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. PLATFORM: Google Chrome 28.x ABSTRACT: Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54325 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to

184

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

185

U-249: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

49: Google Chrome Multiple Vulnerabilities 49: Google Chrome Multiple Vulnerabilities U-249: Google Chrome Multiple Vulnerabilities August 31, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome 21.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome. reference LINKS: Secunia Advisory SA50447 Stable Channel Update CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An out-of-bounds read error exists when handling line breaks. 2) A bad cast error exists within run-ins.

186

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

187

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Access Gateway Unspecified Security Bypass 6: Citrix Access Gateway Unspecified Security Bypass Vulnerability V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway PLATFORM: Standard Edition 5.0.x prior to 5.0.4.223524. Versions 4.5.x and 4.6.x are not affected by this vulnerability ABSTRACT: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA52479 Security Tracker Alert ID 1028255 com/id/1028255 CVE-2013-2263 Citrix Knowledge Center IMPACT ASSESSMENT: High DISCUSSION: The vulnerability could allow an unauthenticated user to gain access to network resources. IMPACT:

188

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Mozilla Firefox Multiple Vulnerabilities 4: Mozilla Firefox Multiple Vulnerabilities V-214: Mozilla Firefox Multiple Vulnerabilities August 8, 2013 - 2:16am Addthis PROBLEM: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. PLATFORM: Mozilla Firefox 22.x ABSTRACT: The vulnerabilities are reported in versions prior to 23.0. REFERENCE LINKS: Secunia Advisory SA54418 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can

189

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

190

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

191

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

192

V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability 3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability April 1, 2013 - 1:26am Addthis PROBLEM: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability PLATFORM: VMware ESX Server 4.x VMware ESXi 4.x VMware ESXi 5.x ABSTRACT: A vulnerability has been reported in VMware ESX and ESXi REFERENCE LINKS: VMware ESXi security update Secunia Advisory SA52844 CVE-2012-5134 IMPACT ASSESSMENT: High DISCUSSION: The ESXi userworld libxml2 library has been updated to resolve a security issue IMPACT: VMware ESX and ESXi can be exploited by malicious people to compromise a vulnerable system SOLUTION: The vendor has issued a fix, VMware ESXi 5.0, Patch Release ESXi500-201303001 (2044373) Addthis Related Articles U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets

193

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Informix Genero libpng Integer Overflow Vulnerability 4: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT ASSESSMENT: Medium DISCUSSION: The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix

194

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

195

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

196

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google Picasa BMP and TIFF Images Processing Vulnerabilities 6: Google Picasa BMP and TIFF Images Processing Vulnerabilities V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities March 21, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been discovered in Google Picasa PLATFORM: Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac ABSTRACT: Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA51652 Picasa Release Notes IMPACT ASSESSMENT: High DISCUSSION: 1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field. 2) The application bundles a vulnerable version of LibTIFF.

197

An Assessment of Integrated Health Management (IHM) Frameworks  

Science Conference Proceedings (OSTI)

In order to meet the ever increasing demand for energy, the United States nuclear industry is turning to life extension of existing nuclear power plants (NPPs). Economically ensuring the safe, secure, and reliable operation of aging nuclear power plants presents many challenges. The 2009 Light Water Reactor Sustainability Workshop identified online monitoring of active and structural components as essential to the better understanding and management of the challenges posed by aging nuclear power plants. Additionally, there is increasing adoption of condition-based maintenance (CBM) for active components in NPPs. These techniques provide a foundation upon which a variety of advanced online surveillance, diagnostic, and prognostic techniques can be deployed to continuously monitor and assess the health of NPP systems and components. The next step in the development of advanced online monitoring is to move beyond CBM to estimating the remaining useful life of active components using prognostic tools. Deployment of prognostic health management (PHM) on the scale of a NPP requires the use of an integrated health management (IHM) framework - a software product (or suite of products) used to manage the necessary elements needed for a complete implementation of online monitoring and prognostics. This paper provides a thoughtful look at the desirable functions and features of IHM architectures. A full PHM system involves several modules, including data acquisition, system modeling, fault detection, fault diagnostics, system prognostics, and advisory generation (operations and maintenance planning). The standards applicable to PHM applications are indentified and summarized. A list of evaluation criteria for PHM software products, developed to ensure scalability of the toolset to an environment with the complexity of a NPP, is presented. Fourteen commercially available PHM software products are identified and classified into four groups: research tools, PHM system development tools, deployable architectures, and peripheral tools.

N. Lybeck; M. Tawfik; L. Bond; J. Coble

2012-05-01T23:59:59.000Z

198

Vulnerability due to Nocturnal Tornadoes  

Science Conference Proceedings (OSTI)

This study investigates the human vulnerability caused by tornadoes that occurred between sunset and sunrise from 1880 to 2007. Nocturnal tornadoes are theorized to enhance vulnerability because they are difficult to spot and occur when the ...

Walker S. Ashley; Andrew J. Krmenec; Rick Schwantes

2008-10-01T23:59:59.000Z

199

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

200

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

Life cycle assessment of bagasse waste management options  

Science Conference Proceedings (OSTI)

Bagasse is mostly utilized for steam and power production for domestic sugar mills. There have been a number of alternatives that could well be applied to manage bagasse, such as pulp production, conversion to biogas and electricity production. The selection of proper alternatives depends significantly on the appropriateness of the technology both from the technical and the environmental points of view. This work proposes a simple model based on the application of life cycle assessment (LCA) to evaluate the environmental impacts of various alternatives for dealing with bagasse waste. The environmental aspects of concern included global warming potential, acidification potential, eutrophication potential and photochemical oxidant creation. Four waste management scenarios for bagasse were evaluated: landfilling with utilization of landfill gas, anaerobic digestion with biogas production, incineration for power generation, and pulp production. In landfills, environmental impacts depended significantly on the biogas collection efficiency, whereas incineration of bagasse to electricity in the power plant showed better environmental performance than that of conventional low biogas collection efficiency landfills. Anaerobic digestion of bagasse in a control biogas reactor was superior to the other two energy generation options in all environmental aspects. Although the use of bagasse in pulp mills created relatively high environmental burdens, the results from the LCA revealed that other stages of the life cycle produced relatively small impacts and that this option might be the most environmentally benign alternative.

Kiatkittipong, Worapon [Department of Chemical Engineering, Faculty of Engineering and Industrial Technology, Silpakorn University, Nakhon Pathom 73000 (Thailand); National Center of Excellence for Environmental and Hazardous Waste Management, Chulalongkorn University, Bangkok 10330 (Thailand); Wongsuchoto, Porntip [National Center of Excellence for Environmental and Hazardous Waste Management, Chulalongkorn University, Bangkok 10330 (Thailand); Pavasant, Prasert [National Center of Excellence for Environmental and Hazardous Waste Management, Chulalongkorn University, Bangkok 10330 (Thailand); Department of Chemical Engineering, Faculty of Engineering, Chulalongkorn University, Bangkok 10330 (Thailand)], E-mail: prasert.p@chula.ac.th

2009-05-15T23:59:59.000Z

202

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mac RealPlayer Multiple Vulnerabilities 2: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

203

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: Mac RealPlayer Multiple Vulnerabilities 42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

204

Final Environmental assessment for the Uranium Lease Management Program  

SciTech Connect

The US Department of Energy (DOE) has prepared a programmatic environmental assessment (EA) of the proposed action to continue leasing withdrawn lands and DOE-owned patented claims for the exploration and production of uranium and vanadium ores. The Domestic Uranium Program regulation, codified at Title 10, Part 760.1, of the US Code of Federal Regulations (CFR), gives DOE the flexibility to continue leasing these lands under the Uranium Lease Management Program (ULMP) if the agency determines that it is in its best interest to do so. A key element in determining what is in DOE`s ``best interest`` is the assessment of the environmental impacts that may be attributable to lease tract operations and associated activities. On the basis of the information and analyses presented in the EA for the ULMP, DOE has determined that the proposed action does not constitute a major Federal action significantly affecting the quality of the human environment, as defined in the National Environmental Policy Act (NEPA) of 1969 (42 United States Code 4321 et seq.), as amended.Therefore, preparation of an environmental impact statement is not required for the ULMP,and DOE is issuing this Finding, of No Significant Impact (FONSI).

NONE

1995-07-01T23:59:59.000Z

205

Energy Management Assessment Matrix for Small Companies | ENERGY...  

NLE Websites -- All DOE Office Websites (Extended Search)

Facility owners and managers Existing buildings Commercial new construction Industrial energy management Small business Service providers Service and product providers Verify...

206

Plutonium working group report on environmental, safety and health vulnerabilities associated with the Department`s plutonium storage. Volume 2, Appendix A: Process and protocol  

SciTech Connect

This appendix contains documentation prepared by the Plutonium ES and H Vulnerability Working Group for conducting the Plutonium ES and H Vulnerability Assessment and training the assessment teams. It has the following five parts. (1) The Project Plan describes the genesis of the project, sets forth the goals, objectives and scope, provides definitions, the projected schedule, and elements of protocol. (2) The Assessment Plan provides a detailed methodology necessary to guide the many professionals who have been recruited to conduct the DOE-wide assessment. It provides guidance on which types and forms of plutonium are to be considered within the scope of the assessment, and lays out the assessment methodology to be used. (3) The memorandum from the Project to Operations Office Managers provides the protocol and direction for participation in the assessment by external stakeholders and members of the public; and the guidance for the physical inspection of plutonium materials in storage. (4) The memorandum from the Project to the assessment teams provides guidance for vulnerability screening criteria, vulnerability evaluation and prioritization process, and vulnerability quantification for prioritization. (5) The Team Training manual was used at the training session held in Colorado Springs on April 19--21, 1994 for all members of the Working Group Assessment Teams and for the leaders of the Site Assessment Teams. The goal was to provide the same training to all of the individuals who would be conducting the assessments, and thereby provide consistency in the conduct of the assessments and uniformity in reporting of the results. The training manual in Section A.5 includes supplemental material provided to the attendees after the meeting.

NONE

1994-09-01T23:59:59.000Z

207

Lawrence Livermore National Security Cost Model Functional Management Assessment  

Science Conference Proceedings (OSTI)

The scope of the Functional Management Assessment of the cost model included a review of the plan and progress of the Cost Model Review Team. The review focused on processes in place to ensure simplicity, compliance with cost accounting standards and indirect cost allocation methodology, and the change management plan. This was intended to be a high-level initial review in order to provide recommendations for a subsequent more comprehensive review. The single document reviewed by the team during the assessment was the Indirect Cost Recovery Model Review, which describes how the indirect rate restructure and new organizational structure have resulted in streamlined charging practices to better understand and strategically manage costs. ISSUE 1: The cost model focuses heavily on rate structure but not on cost management. Significant progress has been made to simplify the rate structure. The number of indirect rates has been reduced from 67 different indirect rates used under the prior contract to 32 rates in the first year of the LLNS contract, with a goal of further reduction to 16 for FY09. The reductions are being recommended by a broad-based Working Group driven by Lab leadership desiring a simplified rate structure that would make it easier to analyze the true cost of overhead, be viewed as equitable, and ensure appropriate use of Service, i.e., operations, Centers. This has been a real challenge due to the significant change in approach from one that previously involved a very complex rate structure. Under this prior approach, the goal was to manage the rates, and rates were established at very detailed levels that would 'shine the light' on pools of overhead costs. As long as rates stayed constant or declined, not as much attention tended to be given to them, particularly with so many pools to review (184 indirect rate pools in FY05). However, as difficult and important as simplifying the rate structure has been, the fundamental reason for the simplification is to make it easier to analyze the true cost of overhead so the costs can be effectively managed. For the current year, the overall the goal of keeping the total cost of an FTE to FY07 levels. This approach reflects the past practice of managing to rates rather than focusing on costs, although streamlined with the more simplified rate structure. Given all the challenges being faced with the contract transition, this was a reasonable interim tactic for dealing with the known cost increases such as fees and taxes. Nonetheless, in order to take full advantage of the opportunities that exist for making sound decisions for further reducing the rates themselves, the Laboratory needs to implement an ongoing and disciplined approach to understanding and managing overhead cost. ISSUE 2: The NIF has a significantly different rate structure than other Laboratory work. Because of its significant size and unique organizational structure as a major construction project, the National Ignition Facility (NIF) has indirect charges that vary from the norm. These variations were reviewed and approved by and disclosed to the NNSA in the Laboratory's past annual Disclosure Statements. In mid-FY 09, NIF will begin transition from a construction line item to an operational center. The reallocation of costs when this occurs could significantly impact the Laboratory's rates and rate structure planning for that transition from a cost- and rate- impact standpoint should begin soon. ISSUE 3: The new rate model must be finalized shortly in order to implement the model beginning in FY 09. As noted in Issue No.1, a Working Group has developed a simplified rate structure for the Lab to use for FY09. The Working Group has evaluated the cost impacts of the simplified rate structure at the major program level and identified a disparate impact in the Safeguards and Security area where a substantial increase in overhead cost allocation may need to be mitigated. The simplified rate structure will need to be approved by the Laboratory Director and issued within the Laboratory to formulate detailed bu

Tevis, J; Hirahara, J; Thomas, B; Mendez, M

2008-06-12T23:59:59.000Z

208

Adaptive capacity and its assessment  

SciTech Connect

This paper reviews the concept of adaptive capacity and various approaches to assessing it, particularly with respect to climate variability and change. I find that adaptive capacity is a relatively under-researched topic within the sustainability science and global change communities, particularly since it is uniquely positioned to improve linkages between vulnerability and resilience research. I identify opportunities for advancing the measurement and characterization of adaptive capacity by combining insights from both vulnerability and resilience frameworks, and I suggest several assessment approaches for possible future development that draw from both frameworks and focus on analyzing the governance, institutions, and management that have helped foster adaptive capacity in light of recent climatic events.

Engle, Nathan L.

2011-04-20T23:59:59.000Z

209

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

210

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Lotus Domino Multiple Vulnerabilities 8: IBM Lotus Domino Multiple Vulnerabilities V-118: IBM Lotus Domino Multiple Vulnerabilities March 25, 2013 - 12:40am Addthis PROBLEM: IBM Lotus Domino Multiple Vulnerabilities PLATFORM: IBM Domino 8.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Lotus Domino REFERENCE LINKS: IBM Reference #:1627597 Secunia Advisory SA52753 CVE-2012-6277 CVE-2013-0486 CVE-2013-0487 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access. Successful exploitation may require certain knowledge of Domino server configuration. 2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

211

T-625: Opera Frameset Handling Memory Corruption Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Opera Frameset Handling Memory Corruption Vulnerability 5: Opera Frameset Handling Memory Corruption Vulnerability T-625: Opera Frameset Handling Memory Corruption Vulnerability May 18, 2011 - 3:05pm Addthis PROBLEM: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. PLATFORM: Opera versions prior to 11.11 ABSTRACT: The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page. reference LINKS: Secunia Advisory: SA44611 Opera Knowledge Base Opera 11.11 for Windows Opera Download Opera Mobile IMPACT ASSESSMENT: High Discussion: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a

212

U-100: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Vulnerabilities 0: Google Chrome Multiple Vulnerabilities U-100: Google Chrome Multiple Vulnerabilities February 10, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. PLATFORM: Google Chrome 16.x ABSTRACT: A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Reference LINKS: Google Announcements and Release Channel Secunia Advisory SA47938 Security Tracker ID 1026654 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some

213

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

214

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Drupal Secure Password Hashes Module Security Bypass 74: Drupal Secure Password Hashes Module Security Bypass Vulnerability T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability July 22, 2011 - 3:00pm Addthis PROBLEM: Drupal Secure Password Hashes Module Security Bypass Vulnerability PLATFORM: Drupal Secure Password Hashes 6.X-1.0 Drupal Secure Password Hashes 5.X-1.4 ABSTRACT: The Secure Password Hashes module for Drupal is prone to a security-bypass vulnerability. reference LINKS: Drupal Homepage SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities IMPACT ASSESSMENT: Medium Discussion: This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the {users} database column but does not replace the pass attribute of the account

215

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Security AppScan Enterprise Multiple Vulnerabilities 9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security AppScan Enterprise Multiple Vulnerabilities PLATFORM: IBM Rational AppScan 5.x IBM Rational AppScan 8.x ABSTRACT: IBM has acknowledged multiple vulnerabilities REFERENCE LINKS: IBM Reference #:1626264 Secunia Advisory SA52764 CVE-2008-4033 CVE-2012-4431 CVE-2012-5081 CVE-2013-0473 CVE-2013-0474 CVE-2013-0510 CVE-2013-0511 CVE-2013-0512 CVE-2013-0513 CVE-2013-0532 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a

216

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Multiple vulnerabilities have been reported in Puppet 1: Multiple vulnerabilities have been reported in Puppet V-111: Multiple vulnerabilities have been reported in Puppet March 14, 2013 - 12:12am Addthis PROBLEM: Multiple vulnerabilities have been reported in Puppet PLATFORM: Puppet 2.x Puppet 3.x Puppet Enterprise 1.x Puppet Enterprise 2.x ABSTRACT: Puppet Multiple Vulnerabilities REFERENCE LINKS: Puppet Blog Secunia Advisory SA52596 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request. 2) An input validation error exists in the application and can be exploited

217

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

218

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

219

National Vulnerability Database Home  

Science Conference Proceedings (OSTI)

... August 6, 2007: A US Office of Management and Budget memorandum requires specific secure configuration settings for Microsoft operating ...

220

Environmental Assessment for the Proposed Los Alamos National Laboratory Trails Management Program, Los Alamos, New Mexico  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

31 31 Environmental Assessment for the Proposed Los Alamos National Laboratory Trails Management Program, Los Alamos, New Mexico September 2, 2003 Department of Energy National Nuclear Security Administration Los Alamos Site Office Environmental Assessment for the Proposed LANL Trails Management Program DOE LASO September 2, 2003 iii Contents Acronyms and Terms................................................................................................................................vii Executive Summary ...................................................................................................................................ix 1.0 Purpose and Need ..............................................................................................................................1

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

[Environmental Hazards Assessment Program annual report, June 1992--June 1993]. Survey of environmental management training coordinators: Risk assessment/risk management training needs  

SciTech Connect

The Medical University of South Carolina (MUSC) is conducting a survey of Risk Assessment and Risk Management. They are developing information on the existing level of risk associated with training and the perceived need for this training by both federal and private organizations. The purpose of the questionnaire is to determine the available training and the perception of the Risk Management process in the DOE. Of particular interest is the requirement for Risk Assessment/Management training in organizations that will be involved in the Decontamination and Decommissioning of DOE Facilities. The survey questions and instructions are included.

1993-12-01T23:59:59.000Z

222

Lawrence Livermore National Security CFO Processes Functional Management Assessment  

Science Conference Proceedings (OSTI)

The scope of the Functional Management Assessment of the CFO included a review of the CFO Organizational Structure, including deployed financial services and the division of responsibilities and internal controls between CFO and other organizations that perform financial functions across the Laboratory. In addition, the assessment team solicited input from end users and reviewers. Three issues discussed are: ISSUE 1: Financial activities and cash transactions are occurring outside the CFO organization. Approximately $200M of non-purchase order spending occurs in seven areas outside CFO control (travel, relocation, special disbursements, IPO, legal, risk management, and freight). NIF financial services have not been integrated into the CFO organization and operate outside CFO control. Business risks--There is no single point of financial accountably; Currently within the CFO and Business and Operations organizations there is a lack of clarity of roles and responsibilities for financial activities; Financial talent within the laboratory is fragmented; and Inefficiencies exist based on the current structure; An example of the above business risks associated with organizational structure can be observed in the process for reimbursement of relocation costs to employees. Currently, Human Resources and Travel both administer portions of an employee's relocation. Costs are reviewed for compliance with FAR travel guidelines and for compliance with the offer letter but there is no financial review for allowability of costs nor is there a single point where the total relocation costs are reviewed. Through the e-pay system the check is processed by the CFO organization but there is no review by that organization. ISSUE 2: Impact of involuntary separation on current and future activities. 3 risks are: (1) Loss of internal controls--with the upcoming involuntary reductions there will be a loss of personnel with institutional knowledge which will increase the risk of losing internal control on some processes. The organization needs to be cognizant of this risk and take measures to minimize financial risk and ensure on-going A-123 compliance. (2) Project Costing Implementation (PCI) delay--the implementation of PCI is key to achieving integration and reporting of financial data. Presently, business analysts spend half of their time collecting and compiling data and 94% of the labs financial management reports are created using spreadsheets. Currently, the PCI project is on schedule but the involuntary reductions may result in loss of support in this area. (3) Financial Performance Milestones not met--for FY-08 there are fixed, base and stretch financial performance milestones for the laboratory. With reductions in staff the risk of missing key milestones increases. ISSUE 3: Strategically growing the Work for Others (WFO) Portfolio. A key objective of the laboratory is to increase WFO. Greater reliance on WFO will result in additional funding sources and increase the number of control points and financial activities to be monitored thus increasing the level of financial complexity at the lab. The CFO organization should work now to improve controls and processes to accommodate these changes. In particular the following areas should be focused on: (1) Cost reporting needs to be streamlined; (2) Cost Transfer controls need to be increased; and (3) Timely monitoring and close out of contracts needs occur.

Sparks, A; Sampson, D; Thomas, B; Mendez, M

2008-06-12T23:59:59.000Z

223

Chemical Safety Vulnerability Working Group report. Volume 1  

Science Conference Proceedings (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

Not Available

1994-09-01T23:59:59.000Z

224

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

225

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

226

U-234: Oracle MySQL User Login Security Bypass Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

234: Oracle MySQL User Login Security Bypass Vulnerability 234: Oracle MySQL User Login Security Bypass Vulnerability U-234: Oracle MySQL User Login Security Bypass Vulnerability August 14, 2012 - 7:00am Addthis PROBLEM: Oracle MySQL User Login Security Bypass Vulnerability PLATFORM: Version(s): prior to 5.1.63 and 5.5.25 are vulnerable. ABSTRACT: Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions. REFERENCE LINKS: http://www.securityfocus.com/bid/53911/discuss CVE-2012-2122 IMPACT ASSESSMENT: Medium Discussion: Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in

227

U-158: HP NonStop Server Java Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP NonStop Server Java Multiple Vulnerabilities 8: HP NonStop Server Java Multiple Vulnerabilities U-158: HP NonStop Server Java Multiple Vulnerabilities April 30, 2012 - 7:00am Addthis PROBLEM: HP NonStop Server Java Multiple Vulnerabilities PLATFORM: HP NonStop Server 6.x ABSTRACT: Multiple vulnerabilities have been reported in HP NonStop Server Reference links: Secunia Advisory SA48977 CVE-2011-3547 CVE-2011-3551 CVE-2011-3553 IMPACT ASSESSMENT: High Discussion: HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact: Successful exploitation of this vulnerability may allow remote manipulation

228

Nanomaterial Exposure A d M Assessment and Management ...  

Science Conference Proceedings (OSTI)

... Page 20. Purpose of the Assessment BASIC AEROSOL CHARACTERIZATION ... counting - Aerodynamic - Thermodynamic - Electrical mobility ...

2012-10-10T23:59:59.000Z

229

Structural fatigue assessment and management of large-scale port logistics equipments  

Science Conference Proceedings (OSTI)

With the advances of port enterprises, much intensive research has been gradually involved in the structural fatigue assessment and management of port logistics equipments. However, relevant work on large-scale port logistics equipments is still ... Keywords: S-N curve, crack formation, crack propagation life, fatigue assessment, fracture mechanics, gantry cranes, large-scale port logistics equipment, structural safety assessment

Yuan Liu; Weijian Mi; Huiqiang Zheng

2008-11-01T23:59:59.000Z

230

A semantic approach to life cycle assessment applied on energy environmental impact data management  

Science Conference Proceedings (OSTI)

Environmental impact assessment of goods and services is nowadays a major challenge for both economic and ethical reasons. Life Cycle Assessment (LCA) provides a well-accepted methodology for modelling environmental impacts of human activities. One stage ... Keywords: energy impact data management, life cycle assessment, ontology

Benjamin Bertin; Vasile-Marian Scuturici; Emmanuel Risler; Jean-Marie Pinon

2012-03-01T23:59:59.000Z

231

Cost Quality Management Assessment for the Idaho Operations Office. Final report  

SciTech Connect

The Office of Engineering and Cost Management (EM-24) conducted a Cost Quality Management Assessment of EM-30 and EM-40 activities at the Idaho National Engineering Laboratory on Feb. 3--19, 1992 (Round I). The CQMA team assessed the cost and cost-related management activities at INEL. The Round II CQMA, conducted at INEL Sept. 19--29, 1994, reviewed EM-30, EM-40, EM-50, and EM-60 cost and cost-related management practices against performance objectives and criteria. Round II did not address indirect cost analysis. INEL has made measurable progress since Round I.

NONE

1995-06-01T23:59:59.000Z

232

Review and Assessment of Air Quality Management Activities in Texas  

Science Conference Proceedings (OSTI)

Many air quality studies indicate that ozone, fine particulates, and haze are interrelated and often regional in extent. Emission management strategies to mitigate these pollutants are likely to involve regional control measures. This report summarizes recent air quality studies in the State of Texas to support the development of integrated air quality management strategies to meet new air quality standards.

1999-07-02T23:59:59.000Z

233

Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)  

SciTech Connect

The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

2013-02-01T23:59:59.000Z

234

Phase 2 cost quality management assessment report for the Office of Technology Development (EM-50)  

SciTech Connect

The Office of Environmental Management (EM) Head quarters (HQ) Cost Quality Management Assessment (CQMA) evaluated the practices of the Office of Technology Development (EM-50). The CQMA reviewed EM-50 management documents and reported results in the HQ CQMA Phase 1 report (March 1993). In this Assessment Phase, EM-50 practices were determined through interviews with staff members. The interviews were conducted from the end of September through early December 1993. EM-50 management documents (Phase 1) and practices (Phase 2) were compared to the Performance Objectives and Criteria (POCs) contained in the DOE/HQ Cost Quality Management Assessment Handbook. More detail on the CQMA process is provided in section 2. Interviewees are listed in appendix A. Documents reviewed during Phase 2 are listed in appendix B. Section 3 contains detailed observations, discussions, and recommendations. A summary of observations and recommendations is presented.

Not Available

1994-08-01T23:59:59.000Z

235

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE))

The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides...

236

NSTB Summarizes Vulnerable Areas | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. NSTB Summarizes Vulnerable Areas More Documents & Publications...

237

Environmental management assessment of the Waste Isolation Pilot Plant (WIPP), Carlsbad, New Mexico  

SciTech Connect

This document contains the results of the Environmental Management Assessment of the Waste Isolation Pilot Plant (WIPP). This Assessment was conducted by EH-24 from July 19 through July 30, 1993 to advise the Secretary of Energy of the adequacy of management systems established at WIPP to ensure the protection of the environment and compliance with Federal, state, and DOE environmental requirements. The mission of WIPP is to demonstrate the safe disposal of transuranic (TRU) waste. During this assessment, activities and records were reviewed and interviews were conducted with personnel from the management and operating contractors. This assessment revealed that WIPP`s environmental safety and health programs are satisfactory, and that all levels of the Waste Isolation Division (WID) management and staff consistently exhibit a high level of commitment to achieve environmental excellence.

Not Available

1993-07-01T23:59:59.000Z

238

Fiscal Year 2007 Civilian Radioactive Waste Management Fee Adequacy Assessment Report  

Energy.gov (U.S. Department of Energy (DOE))

U.S. Department of Energy Office of Civilian Radioactive Waste Management Fee Adequacy Assessment Report is to present an analysis of the adequacy of the fee being paid by nuclear power utilities...

239

Risk Assessment and Management for Interconnected and Interactive Critical Flood Defense Systems  

E-Print Network (OSTI)

to engineer-based RAM analyses. What is needed is a suite ofunits and levels of analysis for ICIS RAM, the island alsoanalysis (Phase II) for performing Risk Assessment and Management (RAM)

Hamedifar, Hamed

2012-01-01T23:59:59.000Z

240

Estimating Potential Evaporation from Vegetated Surfaces for Water Management Impact Assessments Using Climate Model Output  

Science Conference Proceedings (OSTI)

River basin managers concerned with maintaining water supplies and mitigating flood risk in the face of climate change are taking outputs from climate models and using them in hydrological models for assessment purposes. While precipitation is the ...

Victoria A. Bell; Nicola Gedney; Alison L. Kay; Roderick N. B. Smith; Richard G. Jones; Robert J. Moore

2011-10-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

Idaho National Engineering and Environmental Laboratory Wildland Fire Management Environmental Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72 72 April 2003 IDAHO NATIONAL ENGINEERING AND ENVIRONMENTAL LABORATORY WILDLAND FIRE MANAGEMENT ENVIRONMENTAL ASSESSMENT iii CONTENTS ACRONYMS.................................................................................................................................. v 1. INTRODUCTION ................................................................................................................... 1 1.1. Purpose and Need ......................................................................................................................... 1 1.2. Background................................................................................................................................... 1 1.3. Related Actions ............................................................................................................................

242

Assessment of Residential Energy Management Systems for Demand Response Applications  

Science Conference Proceedings (OSTI)

This Technical Update provides a description of what a residential energy management system comprises, with a focus on demand response applications. It includes findings from a survey of residential energy management system technology vendors; system pricing and availability; an overview of technology components and features; customer load monitoring and control capabilities; utility demand response control functions; communications protocols and technologies supported; and options for demand response si...

2009-12-22T23:59:59.000Z

243

Steam Generator Management Program: Steam Generator Integrity Assessment Guidelines  

Science Conference Proceedings (OSTI)

This report provides guidance for evaluating the condition of steam generator (SG) tubes based on nondestructive examination (NDE) or in situ pressure testing. The integrity assessments are normally performed during a reactor refueling outage. Nuclear power plant licensees who follow the guidance in this report will have satisfied the requirements for degradation assessments, condition monitoring, and operational assessment as defined in the Nuclear Energy Institute (NEI) Steam Generator Program Guidelin...

2009-11-19T23:59:59.000Z

244

Overhead Transmission Inspection, Assessment, and Asset Management Reference Guide - 2013  

Science Conference Proceedings (OSTI)

The emphasis within the transmission arena has shifted from designing and building new transmission facilities to optimizing the use, performance, and life of existing facilities. In the early 1990s, EPRI established an initiative to examine the capabilities and limitations of existing inspection and assessment methods and technology. One of the key needs identified was information on methods and technologies for inspecting/assessing the conditions ...

2013-12-22T23:59:59.000Z

245

Incentives in Water Management Reform: Assessing the Effect on Water Use,  

NLE Websites -- All DOE Office Websites (Extended Search)

Incentives in Water Management Reform: Assessing the Effect on Water Use, Incentives in Water Management Reform: Assessing the Effect on Water Use, Production and Poverty in the Yellow River Basin Speaker(s): Jinixia Wang Date: May 22, 2003 - 12:00pm Location: Bldg. 90 The purpose of this presentation is to better understand water management reform in China's rural communities, focusing on the effect of incentives to water managers on the nation's water resources and the welfare of the rural population. Based on a survey study in the Yellow River Basin, our findings show that Water User Associations and contracting have begun to systematically replace traditional forms of collective management. The analysis demonstrates, however, that it is not a nominal implementation of the reform that matters, but rather it is a creation of new management

246

Environmental management assessment of the National Institute for Petroleum and Energy Research  

Science Conference Proceedings (OSTI)

This report documents the results of the environmental management assessment of the National Institute for Petroleum and Energy Research (NIPER), located in Bartlesville, Oklahoma. The assessment was conducted August 15-26, 1994, by the DOE Office of Environmental Audit (EH-24), located within the Office of Environment, Safety and Health. The assessment included reviews of documents and reports, as well as inspections and observations of selected facilities and operations. Further, the team conducted interviews with management and staff from the Bartlesville Project Office (BPO), the Office of Fossil Energy (FE), the Pittsburgh Energy Technology Center (PETC), state and local regulatory agencies, and BDM Oklahoma (BDM-OK), which is the management and operating (M&O) contractor for NIPER. Because of the transition from a cooperative agreement to an M&O contract in January 1994, the scope of the assessment was to evaluate (1) the effectiveness of BDM-OK management systems being developed and BPO systems in place and under development to address environmental requirements; (2) the status of compliance with DOE Orders, guidance, and directives; and (3) conformance with accepted industry management practices. An environmental management assessment was deemed appropriate at this time in order to identify any systems modifications that would provide enhanced effectiveness of the management systems currently under development.

NONE

1994-08-01T23:59:59.000Z

247

Hybrid Kansei-SOM model using risk management and company assessment for stock trading  

Science Conference Proceedings (OSTI)

Risk management and stock assessment are key methods for stock trading decisions. In this paper, we present a new stock trading method using Kansei evaluation integrated with a Self-Organizing Map model for improvement of a stock trading system. The ... Keywords: Hybrid intelligent trading system, Investment risk, Kansei evaluation, Risk management, Self-Organizing Map, Stock trading system

Hai V. Pham, Eric W. Cooper, Thang Cao, Katsuari Kamei

2014-01-01T23:59:59.000Z

248

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

security of IBM Tivoli Application Dependency Discovery Manager March 28, 2013 V-121: Google Chrome Multiple Vulnerabilities Multiple vulnerabilities have been reported in Google...

249

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

250

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

97: Cisco Adaptive Security Appliances Denial of Service 97: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device. reference LINKS: Vendor Advisory Secunia ID 49647 CVE-2012-3058 IMPACT ASSESSMENT: High Discussion: Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco

251

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot. 2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check

252

V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: Cisco Prime Data Center Network Manager JBoss RMI Services 14: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands November 1, 2012 - 6:00am Addthis PROBLEM: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands PLATFORM: All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability. ABSTRACT: A vulnerability was reported in Cisco Prime Data Center Network Manager. REFERENCE LINKS: Cisco Advisory ID: cisco-sa-20121031-dcnm SecurityTracker Alert ID: 1027712 CVE-2012-5417 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability exists because JBoss Application Server Remote Method

253

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

204: HP Network Node Manager i Input Validation Hole Permits 204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

254

U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager i Input Validation Hole Permits 4: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks July 3, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 8.x, 9.0x, 9.1x ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027215 CVE-2012-2018 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP Network Node Manager i. The software does not properly filter HTML code from user-supplied input before

255

Energy Spending and Vulnerable Households  

E-Print Network (OSTI)

offthanbefore.Inparticularlargehouseholdswithlow incomesseemtohavebeenadverselyaffectedbythenewtariffstructuressince theyhavecomparablylargeenergyexpenditure(Bennetetal.,2002). 5. VulnerableHouseholdsandEnergySpending The... tariffscanplayanimportantpartinthepublicdebate on eradicating fuel poverty and helping the vulnerable households. Smart metering can provide consumers with information on the actual energy consumptionandmight lead to...

Jamasb, Tooraj; Meier, Helena

2011-01-26T23:59:59.000Z

256

A framework for the assessment of severe accident management strategies  

SciTech Connect

Severe accident management can be defined as the use of existing and/or altemative resources, systems and actors to prevent or mitigate a core-melt accident. For each accident sequence and each combination of severe accident management strategies, there may be several options available to the operator, and each involves phenomenological and operational considerations regarding uncertainty. Operational uncertainties include operator, system and instrumentation behavior during an accident. A framework based on decision trees and influence diagrams has been developed which incorporates such criteria as feasibility, effectiveness, and adverse effects, for evaluating potential severe accident management strategies. The framework is also capable of propagating both data and model uncertainty. It is applied to several potential strategies including PWR cavity flooding, BWR drywell flooding, PWR depressurization and PWR feed and bleed.

Kastenberg, W.E. [ed.; Apostolakis, G.; Dhir, V.K. [California Univ., Los Angeles, CA (United States). Dept. of Mechanical, Aerospace and Nuclear Engineering] [and others

1993-09-01T23:59:59.000Z

257

T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google SketchUp v8.x - '.DAE' File Memory Corruption 6: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability September 14, 2011 - 9:28am Addthis PROBLEM: Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. PLATFORM: Google SketchUp 8 is vulnerable; other versions may also be affected. ABSTRACT: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability reference LINKS: Vulnerability-Lab SketchUp Downloads IMPACT ASSESSMENT: Medium Discussion: A Memory Corruption vulnerability is detected on the Google s SketchUp v8.x. The vulnerability is caused by an memory corruption when processing corrupt DAE files through the filter, which could be exploited by attackers

258

V-070: Apache CouchDB Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache CouchDB Multiple Vulnerabilities 0: Apache CouchDB Multiple Vulnerabilities V-070: Apache CouchDB Multiple Vulnerabilities January 16, 2013 - 1:00am Addthis PROBLEM: Apache CouchDB Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.0.4, 1.1.2, and 1.2.1. ABSTRACT: Multiple vulnerabilities have been reported in Apache CouchDB REFERENCE LINKS: Secunia Advisory SA51765 Seclists.org/fulldisclosure/2013/Jan/80 Seclists.org/fulldisclosure/2013/Jan/81 Seclists.org/fulldisclosure/2013/Jan/82 CVE-2012-5641 CVE-2012-5649 CVE-2012-5650 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed via the query parameters to browser-based test suite is not

259

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability 7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability July 11, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Adobe ColdFusion PLATFORM: The vulnerability is reported in version 10 for Windows, Macintosh, and Linux ABSTRACT: The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets REFERENCE LINKS: Secunia Advisory SA54024 Adobe Security Bulletin APSB13-19 Stackoverflow.com CVE-2013-3350 IMPACT ASSESSMENT: High DISCUSSION: The hotfix resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets IMPACT: Security Bypass

260

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities 3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities January 26, 2011 - 7:35am Addthis PROBLEM: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. PLATFORM: Wireshark 0.8.20 through 1.2.8. ABSTRACT: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application. reference LINKS: Securityfocus IMPACT ASSESSMENT: Medium Discussion: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.Exploiting these issues may allow attackers to crash the

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability 18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability July 23, 2012 - 6:49am Addthis PROBLEM: Cisco Linksys WMB54G TFTP Command Injection Vulnerability PLATFORM: Cisco Linksys WMB54G 1.x ABSTRACT: System access from local network reference LINKS: Bugtraq ID: 54615 Original Advisory Secunia Advisory SA49868 Cisco Advisory ID: cisco-sa-20111019-cs IMPACT ASSESSMENT: Medium Discussion: A vulnerability in Cisco Linksys WMB54G was reported, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to missing input validation in the TFTP service when running the firmware update functionality and can be exploited to inject and execute arbitrary shell commands. Additionally, it may be

262

U-099: MySQL Unspecified Code Execution Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

099: MySQL Unspecified Code Execution Vulnerability 099: MySQL Unspecified Code Execution Vulnerability U-099: MySQL Unspecified Code Execution Vulnerability February 9, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a vulnerable system. PLATFORM: MySQL 5.x ABSTRACT: Successful exploitation allows execution of arbitrary code. Reference LINKS: Secunia Advisory SA47894 No CVE references currently available. IMPACT ASSESSMENT: Medium Discussion: The vulnerability is reported in version 5.5.20. Other versions may also be affected. The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb on Debian 6.0. Impact: System access from local network Solution: An effective workaround cannot currently be provided due to limited vulnerability details.

263

V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: RealPlayer MP4 Processing Buffer Overflow Vulnerability 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when processing MP4 files and can be exploited to cause a heap-based buffer overflow via a specially crafted MP4 file. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 16.0.1.18. Addthis Related Articles U-042: Mac RealPlayer Multiple Vulnerabilities V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

264

Assessment of public perception of radioactive waste management in Korea.  

Science Conference Proceedings (OSTI)

The essential characteristics of the issue of radioactive waste management can be conceptualized as complex, with a variety of facets and uncertainty. These characteristics tend to cause people to perceive the issue of radioactive waste management as a 'risk'. This study was initiated in response to a desire to understand the perceptions of risk that the Korean public holds towards radioactive waste and the relevant policies and policy-making processes. The study further attempts to identify the factors influencing risk perceptions and the relationships between risk perception and social acceptance.

Trone, Janis R.; Cho, SeongKyung (Myongji University, Korea); Whang, Jooho (Kyung Hee University, Korea); Lee, Moo Yul

2011-11-01T23:59:59.000Z

265

Configuration Management Assessment Plan - Developed By NNSA/Nevada Site Office Independent Oversight Division  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Configuration Management Configuration Management Assessment Plan NNSA/Nevada Site Office Independent Oversight Division Performance Objective: The objective of this assessment is to determine whether a Configuration Management Program (CM) is in place which allows for the availability and retrievability of accurate information, improves response to design and operational decisions, enhances worker safety, increases facility safety and reliability, increases efficiency of work efforts, and helps maintain integrity of interfacing orders. Criteria: The CM program supports DOE program implementation through the following: It provides the mechanisms for identifying, cataloging, and maintaining the design requirements and design basis (established to satisfy DOE O 420.1 Facility Safety).

266

Plutonium working group report on environmental, safety and health vulnerabilities associated with the department`s plutonium storage. Volume II, Appendix B, Part 9: Oak Ridge site site team report  

Science Conference Proceedings (OSTI)

This report provides the input to and results of the Department of Energy (DOE) - Oak Ridge Operations (ORO) DOE Plutonium Environment, Safety and Health (ES & H) Vulnerability Assessment (VA) self-assessment performed by the Site Assessment Team (SAT) for the Oak Ridge National Laboratory (ORNL or X-10) and the Oak Ridge Y-12 Plant (Y-12) sites that are managed by Martin Marietta Energy Systems, Inc. (MMES). As initiated (March 15, 1994) by the Secretary of Energy, the objective of the VA is to identify and rank-order DOE-ES&H vulnerabilities associated for the purpose of decision making on the interim safe management and ultimate disposition of fissile materials. This assessment is directed at plutonium and other co-located transuranics in various forms.

NONE

1994-09-01T23:59:59.000Z

267

Security risk assessment: toward a comprehensive practical risk management  

Science Conference Proceedings (OSTI)

This paper introduces a unique approach to a more integrated security risk assessment SRA. This is formalised based on the proven mathematical methods described in various articles in the literature and combined with the work developed by the author. ...

Danilo Valeros Bernardo

2012-01-01T23:59:59.000Z

268

Technology assessment of alternative transportation fuels. Management report No. 15  

DOE Green Energy (OSTI)

Progress is outlined in a technological assessment of hybrid, i.e., internal combustion engine-electric, automobiles and the effects of such highway transportation electrification on energy use. (LCL)

Not Available

1977-04-11T23:59:59.000Z

269

Assessment of Existing Plant Instrumentation for Severe Accident Management  

Science Conference Proceedings (OSTI)

During an accident, information would be needed for diagnosing a plant's status and confirming its response to mitigative actions. It is important to determine the information necessary for severe accident management and to ensure that this information could be derived from plant instrumentation.

1993-12-01T23:59:59.000Z

270

Los Alamos Site Office Nuclear Maintenance Management Program Oversight Self-Assessment, April 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

11-18 11-18 Site: Los Alamos National Laboratory Subject: Office of Enforcement and Oversight's Office of Safety and Emergency Management Evaluations Activity Report for the Los Alamos Site Office Nuclear Maintenance Management Program Oversight Self-Assessment Dates of Activity : 11/14/2011 - 11/18/2011 Report Preparer: Tim Martin Activity Description/Purpose: This activity report documents the results of the U.S. Department of Energy (DOE) Office of Health, Safety and Security (HSS) review of the Los Alamos Site Office (LASO) self-assessment of LASO's Nuclear Maintenance Management Program (NMMP) oversight program and activities. This self-assessment was led by the DOE LASO Facility Operations/Safety Engineering Team's (FO/SET) Nuclear Facility Maintenance Manager and was

271

Vulnerabilities Analyzing Model for Alert Correlation in Distributed Environment  

Science Conference Proceedings (OSTI)

With the growing deployment of host and network intrusion detection systems, managing alerts from these systems becomes critically important. A promising approach is to develop a cooperation module between several IDS to achieve alerts correlation and ... Keywords: alert correlation, prerequisites and consequences, hyper-alert type, vulnerability tuple

Wen Long; Yang Xin; Yixian Yang

2009-07-01T23:59:59.000Z

272

NISTIR 7669, Open Vulnerability Assessment Language ...  

Science Conference Proceedings (OSTI)

... These validations are based on the test requirements defined in this document, which cover four distinct but related ... Window Vista Windows 7 ...

2013-04-25T23:59:59.000Z

273

Security Maxims - Vulnerability Assessment Team - Nuclear Engineering...  

NLE Websites -- All DOE Office Websites (Extended Search)

Tobias Maxim 5: Encryption is largely irrelevant. From Marc Weber Tobias. Red Herring Maxim: At some point in any challenging security application, somebody (or nearly...

274

Safety - Vulnerability Assessment Team - Nuclear Engineering...  

NLE Websites -- All DOE Office Websites (Extended Search)

Nuclear Safety Materials Disposition Decontamination & Decommissioning Nuclear Criticality Safety Nuclear Data Program Nuclear Waste Form Modeling Departments Engineering...

275

More information - Vulnerability Assessment Team - Nuclear Engineering...  

NLE Websites -- All DOE Office Websites (Extended Search)

We've devised fundamentally new approaches to tamper detection, intrusion detection, nuclear safeguards and cargo security. Team members have won numerous awards, including: 2013...

276

Assessing the vulnerability of replicated network services  

Science Conference Proceedings (OSTI)

Client-server networks are pervasive, fundamental, and include such key networks as the Internet, power grids, and road networks. In a client-server network, clients obtain a service by connecting to one of a redundant set of servers. These networks ...

George Dean Bissias; Brian Neil Levine; Ramesh K. Sitaraman

2010-11-01T23:59:59.000Z

277

Hazardous Materials Management and Emergency Response training Center needs assessment  

SciTech Connect

For the Hanford Site to provide high-quality training using simulated job-site situations to prepare the 4,000 Site workers and 500 emergency responders for known and unknown hazards a Hazardous Materials Management and Emergency Response Training Center is needed. The center will focus on providing classroom lecture as well as hands-on, realistic training. The establishment of the center will create a partnership among the US Department of Energy; its contractors; labor; local, state, and tribal governments; and Xavier and Tulane Universities of Louisiana. This report presents the background, history, need, benefits, and associated costs of the proposed center.

McGinnis, K.A. [Westinghouse Hanford Co., Richland, WA (United States); Bolton, P.A. [Pacific Northwest Lab., Richland, WA (United States); Robinson, R.K. [RKR, Inc. (United States)

1993-09-01T23:59:59.000Z

278

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

279

U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, 4: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information October 4, 2012 - 6:00am Addthis PROBLEM: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information PLATFORM: HP Network Node Manager I (NNMi) v9.20 for HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. reference LINKS: HP Security Bulletin: c03507708 SecurityTracker Alert ID: 1027605 Security Focus: 524302 CVE-2012-3267 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Network Node

280

U-201: HP System Management Homepage Bugs Let Remote Users Deny Service |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: HP System Management Homepage Bugs Let Remote Users Deny 1: HP System Management Homepage Bugs Let Remote Users Deny Service U-201: HP System Management Homepage Bugs Let Remote Users Deny Service June 28, 2012 - 7:00am Addthis PROBLEM: A vulnerability was reported in HP System Management Homepage. PLATFORM: Version(s): prior to 7.1.1 ABSTRACT: The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Reference links: Original Advisory Security Tracker ID 1027209 CVE-2012-2012, CVE-2012-2013, CVE-2012-2014 CVE-2012-2015, CVE-2012-2016 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP System Management Homepage. A remote authenticated user can gain elevated privileges. A remote authenticated

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

Natural resource management activities at the Savannah River Site. Environmental Assessment  

Science Conference Proceedings (OSTI)

This environmental assessment (EA) reviews the environmental consequences of ongoing natural resource management activities on the Savannah River Site (SRS). Appendix A contains the Natural Resources Management Plant (NRMP). While several SRS organizations have primary responsibilities for different elements of the plan, the United States Department of Agriculture (USDA), Forest Service, Savannah River Forest Station (SRFS) is responsible for most elements. Of the river scenarios defined in 1985, the High-Intensity Management alternative established the upper bound of environmental consequences; it represents a more intense level of resource management than that being performed under current resource management activities. This alternative established compliance mechanisms for several natural resource-related requirements and maximum practical timber harvesting. Similarly, the Low-Intensity Management alternative established the lower bound of environmental consequences and represents a less intense level of resource management than that being performed under current resource management activities. This alternative also established compliance mechanisms, but defined a passively managed natural area. The Proposed Action of this EA describes the current level of multiple-natural resource management. This EA reviews the proposed action, and the high and low intensity alternative scenarios.

Not Available

1993-07-01T23:59:59.000Z

282

Assessing the Potential for Renewable Energy Development on DOE Legacy Management Lands  

NLE Websites -- All DOE Office Websites (Extended Search)

Legacy Management Legacy Management DOE/GO-102008-2435 February 2008 Assessing the Potential for Renewable Energy Development on DOE Legacy Management Lands Puerto Rico Alaska Assessing the Potential for Renewable Energy Development on DOE Legacy Management Lands Authors: Doug Dahle, Dennis Elliott, Donna Heimiller, Mark Mehos, Robi Robichaud, Marc Schwartz, Byron Stafford, and Andy Walker Published by National Renewable Energy Laboratory 1617 Cole Boulevard Golden, Colorado 80401-3393 NREL is a U.S. Department of Energy Laboratory Operated by the Midwest Research Institute * Battelle DOE/GO-102008-2435 February 2008 NOTICE This report was prepared as an account of work sponsored by an agency of the United States

283

Assessment of Safety Culture at the U.S. Departmen to Energy Office of Environmental Management Headquarters, November 2012  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Assessment of Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters May 2011 November 2012 Office of Safety and Emergency Management Evaluations Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Independent Oversight Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters Table of Contents 1.0 Introduction........................................................................................................................................... 1 2.0 Scope and Methodology ....................................................................................................................... 2

284

Assessment of Safety Culture at the U.S. Departmen to Energy Office of Environmental Management Headquarters, November 2012  

NLE Websites -- All DOE Office Websites (Extended Search)

Assessment of Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters May 2011 November 2012 Office of Safety and Emergency Management Evaluations Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Independent Oversight Assessment of Safety Culture at the U.S. Department of Energy Office of Environmental Management Headquarters Table of Contents 1.0 Introduction........................................................................................................................................... 1 2.0 Scope and Methodology ....................................................................................................................... 2

285

Idaho National Engineering and Environmental Laboratory Wildland Fire Management Environmental Assessment - April 2003  

SciTech Connect

DOE prepared an environmental assessment (EA)for wildland fire management activities on the Idaho National Engineering and Environmental Laboratory (INEEL) (DOE/EA-1372). The EA was developed to evaluate wildland fire management options for pre-fire, fire suppression, and post fire activities. Those activities have an important role in minimizing the conversion of the native sagebrush steppe ecosystem found on the INEEL to non-native weeds. Four alternative management approaches were analyzed: Alternative 1 - maximum fire protection; Alternative 2 - balanced fire protection; Alternative 2 - balanced fire protection; Alternative 3 - protect infrastructure and personnel; and Alternative 4 - no action/traditional fire protection.

Irving, J.S.

2003-04-30T23:59:59.000Z

286

Idaho National Engineering and Environmental Laboratory Wildland Fire Management Environmental Assessment  

SciTech Connect

DOE prepared an environmental assessment (EA)for wildland fire management activities on the Idaho National Engineering and Environmental Laboratory (INEEL) (DOE/EA-1372). The EA was developed to evaluate wildland fire management options for pre-fire, fire suppression, and post fire activities. Those activities have an important role in minimizing the conversion of the native sagebrush steppe ecosystem found on the INEEL to non-native weeds. Four alternative management approaches were analyzed: Alternative 1 - maximum fire protection; Alternative 2 - balanced fire protection; Alternative 2 - balanced fire protection; Alternative 3 - protect infrastructure and personnel; and Alternative 4 - no action/traditional fire protection.

Irving, John S

2003-04-01T23:59:59.000Z

287

Coastal Impacts, Adaptation, and Vulnerabilities  

E-Print Network (OSTI)

· Robert R. Twilley, Louisiana State University · Jordan West, U.S. Environmental Protection Agency Chapter and Restoration Authority of Louisiana · Richard Raynie, Coastal Protection and Restoration Authority of Louisiana.3.7 Emergency Response, Recovery, and Vulnerability Reduction 4.3.8 Coastal and Nearshore Oil and Ga0 4.4 Human

Kossin, James P.

288

Understanding cyber threats and vulnerabilities  

Science Conference Proceedings (OSTI)

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ... Keywords: actor, critical infrastructure, cyber crime, cyber terrorism, cyber threat, cyber vulnerabilities

Eric Luiijf

2012-01-01T23:59:59.000Z

289

RCRA Assessment Plan for Single-Shell Tank Waste Management Area A-AX at the Hanford Site  

Science Conference Proceedings (OSTI)

This document describes a groundwater assessment plan for the single-shell tank systems in Waste Management Area A-AX at the Hanford Site.

Narbutovskih, Susan M.; Chou, Charissa J.

2006-03-03T23:59:59.000Z

290

Human Health Risk Assessment of Chemicals Encountered in Vegetation Management on Electric Utility Rights-of-Way  

Science Conference Proceedings (OSTI)

This report discusses the human health risk assessment of chemicals encountered in vegetation management on electric utility rights-of-way (ROWs).

2003-12-03T23:59:59.000Z

291

Security Evaluation for Software System with Vulnerability Life Cycle and User Profiles  

Science Conference Proceedings (OSTI)

This paper proposes the definition of a security criterion and security assessment based on the criterion. More precisely, we present a stochastic model with a vulnerability life-cycle model and a user profile using continuous-time Markov chains. The ... Keywords: vulnerability, security evaluation, user profile

Hiroyuki Okamura; Masataka Tokuzane; Tadashi Dohi

2012-11-01T23:59:59.000Z

292

T-703: Cisco Unified Communications Manager Open Query Interface Lets  

NLE Websites -- All DOE Office Websites (Extended Search)

703: Cisco Unified Communications Manager Open Query Interface 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5 ABSTRACT: A remote user can obtain database contents, including authentication credentials. reference LINKS: SecurityTracker Alert ID: 1025971 Cisco Document ID: 113190 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents. A remote user can access an open

293

U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: McAfee Web Gateway Web Access Cross Site Scripting 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI. reference LINKS: McAfee Web Gateway Release Notes Bugtraq ID: 50341 Secunia Advisory: SA46570 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in McAfee Web Gateway, which can be

294

V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: PuTTY SSH Handshake Integer Overflow Vulnerabilities 3: PuTTY SSH Handshake Integer Overflow Vulnerabilities V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities August 7, 2013 - 6:00am Addthis PROBLEM: SEARCH-LAB has reported some vulnerabilities in PuTTY PLATFORM: PuTTY 0.x ABSTRACT: The vulnerabilities can be exploited by malicious people to potentially compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520 CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerabilities are caused due to some integer overflow errors when handling the SSH handshake and can be exploited to cause heap-based buffer overflows via a negative handshake message length. IMPACT: Successful exploitation of may allow execution of arbitrary code

295

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

098: ISC BIND Deleted Domain Name Resolving Vulnerability 098: ISC BIND Deleted Domain Name Resolving Vulnerability U-098: ISC BIND Deleted Domain Name Resolving Vulnerability February 8, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ABSTRACT: The vulnerability is caused due to an error within the cache update policy. reference LINKS: Original Advisory Secunia Advisory SA47884 CVE-2012-1033 IMPACT ASSESSMENT: High Discussion: Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The

296

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: ModSecurity Multipart Message Parsing Security Bypass 5: ModSecurity Multipart Message Parsing Security Bypass Vulnerability V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability October 18, 2012 - 6:00am Addthis PROBLEM: ModSecurity Multipart Message Parsing Security Bypass Vulnerability PLATFORM: Modsecurity Versions prior to 2.70 ABSTRACT: SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions REFERENCE LINKS: SEC Consult Secunia Advisory SA49853 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules. IMPACT: Remote Security Bypass SOLUTION: Update to version 2.70. Addthis Related Articles V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

297

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM WebSphere Commerce User Information Disclosure 2: IBM WebSphere Commerce User Information Disclosure Vulnerability U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability October 2, 2012 - 6:00am Addthis PROBLEM: IBM WebSphere Commerce User Information Disclosure Vulnerability PLATFORM: WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11 WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6 ABSTRACT: A vulnerability in WebSphere Commerce could allow disclosure of user personal data. reference LINKS: IBM Security Bulletin 1612484 X-Force Vulnerability Database (78867) Secunia Advisory SA50821 CVE-2012-4830 IMPACT ASSESSMENT: Medium Discussion: A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.

298

U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Microsoft Windows win32k.sys Memory Corruption Vulnerability 5: Microsoft Windows win32k.sys Memory Corruption Vulnerability U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability December 20, 2011 - 9:45am Addthis PROBLEM: Microsoft Windows win32k.sys Memory Corruption Vulnerability. PLATFORM: Operating System Microsoft Windows 7 ABSTRACT: Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. reference LINKS: Secunia Advisory SA47237 MS11-087:Article ID: 2639417 IMPACT ASSESSMENT: High Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page

299

V-082: Novell GroupWise Client Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Novell GroupWise Client Two Vulnerabilities 2: Novell GroupWise Client Two Vulnerabilities V-082: Novell GroupWise Client Two Vulnerabilities February 1, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Novell GroupWise Client PLATFORM: Novell GroupWise 2012 Novell GroupWise Client 2012 Novell GroupWise Client 8.x Novell GroupWise Server 8.x ABSTRACT: Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52031 CVE-2012-0439 CVE-2013-0804 Novell KB 7011687 Novell KB 7011688 IMPACT ASSESSMENT: High DISCUSSION: The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on

300

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

76: VMware vCenter Operations Cross-Site Scripting Vulnerability 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory Secunia Advisory SA50795 CVE-2012-5050 IMPACT ASSESSMENT: Medium Discussion: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact: A vulnerability in VMware vCenter Operations, which can be exploited to

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

94: IBM solidDB Password Hash Authentication Bypass 94: IBM solidDB Password Hash Authentication Bypass Vulnerability T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability April 4, 2011 - 6:08am Addthis PROBLEM: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: IBM solidDB 4.x - IBM solidDB 6.x ABSTRACT: This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. REFERENCE LINKS: IBM Security Alert Secunia Advisory: SA44030 ZDI Advisory: ZDI-11-115 IBM solidDB Support IMPACT ASSESSMENT: Medium Discussion: The specific flaw exists within the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol

302

V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IntegraXor ActiveX Control Buffer Overflow Vulnerability 6: IntegraXor ActiveX Control Buffer Overflow Vulnerability V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability February 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in IntegraXor PLATFORM: Integraxor Versions prior to 4.x ABSTRACT: The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow. REFERENCE LINKS: Secunia Advisory SA52073 CVE-2012-4700 US-CERT Advisory IMPACT ASSESSMENT: High DISCUSSION: Successfully exploiting this vulnerability could lead to a DoS for the application or could allow an attacker to execute arbitrary code. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 4.00 build 4280.0 Addthis Related Articles

303

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability January 23, 2012 - 9:00am Addthis PROBLEM: Linux Kernel "/proc//mem" Privilege Escalation Vulnerability. PLATFORM: Linux Kernel 2.6.x ABSTRACT: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges reference LINKS: Linux Kernel Update CVE-2012-0056 Red Hat Bugzilla Bug 782642 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to the kernel not properly restricting access to "/proc//mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.

304

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java. IMPACT: Apache can be exploited by malicious people to conduct spoofing attacks. SOLUTION: The vendor has issued a fix. Addthis Related Articles

305

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: ISC DHCP Multiple Denial of Service Vulnerabilities 4: ISC DHCP Multiple Denial of Service Vulnerabilities U-224: ISC DHCP Multiple Denial of Service Vulnerabilities July 31, 2012 - 7:00am Addthis PROBLEM: ISC DHCP Multiple Denial of Service Vulnerabilities PLATFORM: ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1 ABSTRACT: ISC DHCP is prone to multiple denial-of-service vulnerabilities. reference LINKS: BIND and DHCP Security Updates Released Bugtraq ID: 54665 Secunia Advisory SA50018 CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests

306

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

211: IBM iNotes Multiple Vulnerabilities 211: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

307

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability 5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability June 27, 2011 - 4:31pm Addthis PROBLEM: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability PLATFORM: Mozilla Firefox ABSTRACT: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. reference LINKS: Securityfocus Mozilla Firefox Homepage MFSA 2011-27: XSS encoding hazard with inline SVG IMPACT ASSESSMENT: High Discussion: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to

308

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities August 6, 2012 - 7:00am Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions 2.0.1.358 and earlier. ABSTRACT: Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software reference LINKS: BlackBerry Article ID: KB31675 Secunia Advisory SA50164 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0773 CVE-2012-0779 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

309

Chief of Nuclear Safety (CNS) Senior Technical Safety Manager (STSM) Qualification Program Self-Assessment Report - August 2013  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Chief of Nuclear Safety (CNS) Chief of Nuclear Safety (CNS) Self-Assessment Report Senior Technical Safety Manager Qualification Program CONTENTS Background ................................................................................................................................ 1 Results ....................................................................................................................................... 1 Assessment Criteria ................................................................................................................... 1 Finding ....................................................................................................................................... 2 Observation ............................................................................................................................... 2

310

V-207: Wireshark Multiple Denial of Service Vulnerabilities ...  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

311

V-019: Google Chrome Multiple Vulnerabilities | Department of...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Google Chrome Multiple Vulnerabilities V-019: Google Chrome Multiple Vulnerabilities November 8, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

312

A generalized multistage optimization modeling framework for life cycle assessment-based integrated solid waste management  

Science Conference Proceedings (OSTI)

Solid waste management (SWM) is an integral component of civil infrastructure and the global economy, and is a growing concern due to increases in population, urbanization, and economic development. In 2011, 1.3 billion metric tons of municipal solid ... Keywords: Decision support, Life cycle assessment, Multi-stage, Optimization, Solid waste

James W. Levis, Morton A. Barlaz, Joseph F. Decarolis, S. Ranji Ranjithan

2013-12-01T23:59:59.000Z

313

NEHRP - Hazard Vulnerability and Disaster Resiliency ...  

Science Conference Proceedings (OSTI)

... Hazard Vulnerability and Disaster Resiliency. 2013. ... gaps for achieving resilience in the ... protection, emergency response, business continuity, and ...

314

Columbia River Gorge Vegetation Management Project Final Environmental Assessment DOE/EA-1162  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

COLUMBIA COLUMBIA RIVER MANAGEMENT PR GORGE OJECT VEGETAT ON Final Environmental Assessment DO E/EA-l 162 BONNEVILLE row,. ..", ",,,,.,,0. W x ? -- -- ------ .- .-- b I . , (, I I I ( t ,1 ,0 , . ,' I , ,- , !" 1 , I I ,; ,, 1 1 I .1 . . COLUMBIA RIVER GORGE VEGETATION MANAGEMENT ENVIRONMENTAL ASSESSMENT (Hanford-Ostrander and North BonnevilI&Midway Transmission Line Rights-of-Way) Table of Contents Page . 2 3 pqose and Need Background hbfic evolvement Swq ' ' Decbions to Be Made PROPOSED A~ON AND ~~RNA~S Mtemative k No Action " Manual, Mechnical, and Biological Metbh - Ntemative W. Proposed Action- htegrated Vegetation Management ~) tih Herbicides Herbici& Meth& -. PhedActions Comparison of Mtematives ~ . . . . . . ti~D E~OW~ ~ E_O_~m .. CONSEQ~N~S Affmd Environment . Environment Consquen~ hti Use Soils Vegetation Water Resources WildlfeResources Air Quali@lGlobal Warning

315

Locating Climate Insecurity: Where Are the Most Vulnerable Places in  

Open Energy Info (EERE)

Locating Climate Insecurity: Where Are the Most Vulnerable Places in Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Agency/Company /Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.org/system/research_items/pdfs/19/original.pdf?128 UN Region: "Sub-Saharan Africa" is not in the list of possible values (Eastern Africa, Middle Africa, Northern Africa, Southern Africa, Western Africa, Caribbean, Central America, South America, Northern America, Central Asia, Eastern Asia, Southern Asia, South-Eastern Asia, Western Asia, Eastern Europe, Northern Europe, Southern Europe, Western Europe, Australia and New Zealand, Melanesia, Micronesia, Polynesia, Latin America and the Caribbean) for this property.

316

T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Drupal Prepopulate - Multiple vulnerabilities 7: Drupal Prepopulate - Multiple vulnerabilities T-657: Drupal Prepopulate - Multiple vulnerabilities June 29, 2011 - 3:34pm Addthis PROBLEM: Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. PLATFORM: Prepopulate module for Drupal 6.x versions prior to 6.x-2.2 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2011-023 Prepopulate module Prepopulate 6.x-2.2 Update IMPACT ASSESSMENT: High Discussion: The Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. Users privileged to

317

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

318

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

319

Risk management & organizational uncertainty implications for the assessment of high consequence organizations  

SciTech Connect

Post hoc analyses have demonstrated clearly that macro-system, organizational processes have played important roles in such major catastrophes as Three Mile Island, Bhopal, Exxon Valdez, Chernobyl, and Piper Alpha. How can managers of such high-consequence organizations as nuclear power plants and nuclear explosives handling facilities be sure that similar macro-system processes are not operating in their plants? To date, macro-system effects have not been integrated into risk assessments. Part of the reason for not using macro-system analyses to assess risk may be the impression that standard organizational measurement tools do not provide hard data that can be managed effectively. In this paper, I argue that organizational dimensions, like those in ISO 9000, can be quantified and integrated into standard risk assessments.

Bennett, C.T.

1995-02-23T23:59:59.000Z

320

Scientific basis for risk assessment and management of uranium mill tailings  

Science Conference Proceedings (OSTI)

A National Research Council study panel, convened by the Board on Radioactive Waste Management, has examined the scientific basis for risk assessment and management of uranium mill tailings and issued this final report containing a number of recommendations. Chapter 1 provides a brief introduction to the problem. Chapter 2 examines the processes of uranium extraction and the mechanisms by which radionuclides and toxic chemicals contained in the ore can enter the environment. Chapter 3 is devoted to a review of the evidence on health risks associated with radon and its decay products. Chapter 4 provides a consideration of conventional and possible new technical alternatives for tailings management. Chapter 5 explores a number of issues of comparative risk, provides a brief history of uranium mill tailings regulation, and concludes with a discussion of choices that must be made in mill tailing risk management. 211 refs., 30 figs., 27 tabs.

Not Available

1986-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po "DOE and its contractors are required to perform management and independent assessments in accordance with: * Title 10, Code of Federal Regulations (CFR), Part 830, Subpart A, "Quality Assurance Requirements"; * DOE O 414.1C, Quality Assurance;

322

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

DOE G 414.1-1B: Management and Assessments Guide for Use with 10 DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po DOE G 414.1-1B: Management and Assessments Guide for Use with 10 CFR Part 830, Subpart A, and DOE O 414.1C, Quality Assurance; DOE M 450.4-1, Integrated Safety Management System Manual; and DOE O 226.1A, Implementation of Department of Energy Oversight Po "DOE and its contractors are required to perform management and independent assessments in accordance with: * Title 10, Code of Federal Regulations (CFR), Part 830, Subpart A, "Quality Assurance Requirements"; * DOE O 414.1C, Quality Assurance;

323

Environmental Management Assessment of the Continuous Electron Beam Accelerator Facility (CEBAF)  

SciTech Connect

This report documents the results of the Environmental Management Assessment performed at the Continuous Electron Beam Accelerator Facility (CEBAF) in Newport News, Virginia. During this assessment, activities and records were reviewed and interviews were conducted with personnel from the CEBAF Site Office; the CEBAF management and operating contractor (M&O), Southeastern Universities Research Association, Inc. (SURA); the Oak Ridge Field Office (OR); and the responsible DOE Headquarters Program Office, the Office of Energy Research (ER). The onsite portion of the assessment was conducted from March 8 through March 19, 1993, by the US Department of Energy`s (DOE`s) Office of Environmental Audit (EH-24) located within the office of Environment, Safety and Health (EH). DOE 5482.1 B, ``Environment, Safety and Health Appraisal Program,`` and Secretary of Energy Notice (SEN)-6E-92, ``Departmental Organizational and Management Arrangements,`` establish the mission of EH-24 to provide comprehensive, independent oversight of Department-wide environmental programs on behalf of the Secretary of Energy. The ultimate goal of EH-24 is enhancement of environmental protection and minimization of risk to public health and the environment. EH-24 accomplishes its mission utilizing systematic and periodic evaluations of the Department`s environmental programs within line organizations, and through use of supplemental activities which serve to strengthen self-assessment and oversight functions within program, field, and contractor organizations.

1993-03-01T23:59:59.000Z

324

V-211: IBM iNotes Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

325

V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting 6: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions V-026: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions November 16, 2012 - 6:00am Addthis PROBLEM: RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions. PLATFORM: RSA Data Protection Manager Appliance versions 2.7.x and 3.x ABSTRACT: Two vulnerabilities were reported in RSA Data Protection Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1027781 EMC Identifier: ESA-2012-055 RSA Worldwide Customer Support CVE-2012-4612 CVE-2012-4613 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities were reported in RSA Data Protection Manager. A remote

326

U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc 0:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands September 28, 2012 - 6:00am Addthis PROBLEM: Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands PLATFORM: Control Manager - 3.0, 3.5, 5.0, 5.5, 6.0 ABSTRACT: Trend Micro has been notified of a potential product vulnerability in Control Manager. reference LINKS: Trend Micro Technical Support ID 1061043 SecurityTracker Alert ID: 1027584 Secunia Advisory SA50760 CVE-2012-2998 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in Trend Micro Control Manager, which can

327

Review of the Independent Integrated Safety Management/Integrated Work Management Assessment of Research and Develoopment and Programmatic Work at the Los Alamos National Laboratory, December 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Independent Integrated Safety Independent Integrated Safety Management/Integrated Work Management Assessment of Research and Development and Programmatic Work at the Los Alamos National Laboratory December 2011 Office of Safety and Emergency Management Evaluations Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Table of Contents 1.0 Purpose ................................................................................................................................................... 1 2.0 Background ............................................................................................................................................ 1 3.0 Scope ...................................................................................................................................................... 1

328

Radiological Dose Assessment Related to Management of Naturally Occurring Radioactive Materials Generated by the Petroleum Industry  

NLE Websites -- All DOE Office Websites (Extended Search)

Tebes is affiliated with the University of Illinois. Tebes is affiliated with the University of Illinois. ANL/EAD-2 Radiological Dose Assessment Related to Management of Naturally Occurring Radioactive Materials Generated by the Petroleum Industry by K.P. Smith, D.L. Blunt, G.P. Williams, and C.L. Tebes * Environmental Assessment Division Argonne National Laboratory, 9700 South Cass Avenue, Argonne, Illinois 60439 September 1996 Work sponsored by the United States Department of Energy, Office of Policy iii CONTENTS ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii NOTATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

329

The increasing importance of risk assessment and management in environmental decision-making  

SciTech Connect

Because environmental problems are growing and resources for dealing with them are shrinking, the environmental movement is witnessing an evolutionary shift toward greater emphasis on the use of risk assessment and management tools in setting environmental standards, determining levels of cleanup and deciding environmental program funding priorities. This change has important ramifications for the Department of Energy (DOE) and its national laboratories in terms of the costs of weapons facilities cleanup, the types of cleanup technology that will be emphasized and the way the DOE programs will be run. Other Federal agencies responsible for cleanup operations [e.g., the Environmental Protection Agency (EPA) and the Department of Defense (DOD)] will be similarly affected. This paper defines risk management and risk assessment and explains why these concepts will be of growing importance in the 1990s. It also defines other relevant terms. The paper develops a rationale for why risk assessment and management will be of increasing importance in environmental decision-making in the 1990s and beyond.

Jaksch, J.A.

1992-06-01T23:59:59.000Z

330

Waste management project's alternatives: A risk-based multi-criteria assessment (RBMCA) approach  

Science Conference Proceedings (OSTI)

Highlights: Black-Right-Pointing-Pointer We examine the evaluation of a waste management project's alternatives. Black-Right-Pointing-Pointer We present a novel risk-based multi-criteria assessment (RBMCA) approach. Black-Right-Pointing-Pointer In the RBMCA the evaluation criteria are based on the quantitative risk analysis of the project's alternatives. Black-Right-Pointing-Pointer Correlation between the criteria weight values and the decision makers' risk preferences is examined. Black-Right-Pointing-Pointer Preference to the multi-criteria against the one-criterion evaluation process is discussed. - Abstract: This paper examines the evaluation of a waste management project's alternatives through a quantitative risk analysis. Cost benefit analysis is a widely used method, in which the investments are mainly assessed through the calculation of their evaluation indicators, namely benefit/cost (B/C) ratios, as well as the quantification of their financial, technical, environmental and social risks. Herein, a novel approach in the form of risk-based multi-criteria assessment (RBMCA) is introduced, which can be used by decision makers, in order to select the optimum alternative of a waste management project. Specifically, decision makers use multiple criteria, which are based on the cumulative probability distribution functions of the alternatives' B/C ratios. The RBMCA system is used for the evaluation of a waste incineration project's alternatives, where the correlation between the criteria weight values and the decision makers' risk preferences is analyzed and useful conclusions are discussed.

Karmperis, Athanasios C., E-mail: athkarmp@mail.ntua.gr [National Technical University of Athens, School of Mechanical Engineering, Sector of Industrial Management and Operational Research, Athens (Greece); Sotirchos, Anastasios, E-mail: anasot@mail.ntua.gr [National Technical University of Athens, School of Mechanical Engineering, Sector of Industrial Management and Operational Research, Athens (Greece); Aravossis, Konstantinos, E-mail: arvis@mail.ntua.gr [National Technical University of Athens, School of Mechanical Engineering, Sector of Industrial Management and Operational Research, Athens (Greece); Tatsiopoulos, Ilias P., E-mail: itat@central.ntua.gr [National Technical University of Athens, School of Mechanical Engineering, Sector of Industrial Management and Operational Research, Athens (Greece)

2012-01-15T23:59:59.000Z

331

U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Net4Switch ipswcom ActiveX Control Buffer Overflow 8: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability February 22, 2012 - 8:00am Addthis PROBLEM: A vulnerability was reported in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system. PLATFORM: Net4Switch ipswcom ActiveX Control 1.x ABSTRACT: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. reference LINKS: Vendor Advisory Secunia Advisroy 48125 No CVE references. IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

332

V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow 19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis PROBLEM: Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system. PLATFORM: Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x ABSTRACT: The vulnerability is confirmed in the following products and versions: * Kingsoft Writer 2012 version 8.1.0.3030. * Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 8.1.0.3385. REFERENCE LINKS: Secunia Advisory SA53266 CVE-2013-3934 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a

333

U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Oracle AutoVue ActiveX Control Insecure Method 18: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities October 25, 2011 - 8:45am Addthis PROBLEM: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities. PLATFORM: The vulnerabilities are confirmed in version 20.0.2 build 7910 (AutoVueX.ocx 20.1.1.7910). Other versions may also be affected. ABSTRACT: Successful exploitation of the vulnerabilities allows execution of arbitrary code. reference LINKS: Bugtraq ID: 50321 Secunia Advisory SA46473 Oracle AutoVue IMPACT ASSESSMENT: High Discussion: Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the

334

V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: MediaWiki CentralAuth Extension Authentication Bypass 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for MediaWik REFERENCE LINKS: Secunia Advisory SA54723 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie. IMPACT:

335

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

336

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-057: eXtplorer "ext_find_user()" Authentication Bypass V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

337

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

338

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat Security Bypass and Denial of Service 7: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities November 6, 2012 - 6:00am Addthis PROBLEM: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities PLATFORM: Apache Tomcat 5.x Apache Tomcat 6.x Apache Tomcat 7.x ABSTRACT: Two vulnerabilities were reported in Apache Tomcat REFERENCE LINKS: Apache.org Apache Tomcat Denial of Service Apache Tomcat DIGEST authentication weaknesses Secunia Advisory SA51138 CVE-2012-2733 CVE-2012-3439 IMPACT ASSESSMENT: Medium DISCUSSION: A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error within the "parseHeaders()" function

339

U-172: OpenOffice.org Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: OpenOffice.org Two Vulnerabilities 72: OpenOffice.org Two Vulnerabilities U-172: OpenOffice.org Two Vulnerabilities May 18, 2012 - 7:00am Addthis PROBLEM: OpenOffice.org Two Vulnerabilities PLATFORM: OpenOffice.org 3.3, Other versions may also be affected. ABSTRACT: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system. Reference LINKS: Secunia Advisory SA46992 CVE-2012-1149 CVE-2012-2149 IMPACT ASSESSMENT: High Discussion: 1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file. 2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect

340

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apache Struts "ParameterInterceptor" Security Bypass 2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Apache Struts PLATFORM: The vulnerability is reported in versions prior to 2.3.14.1 ABSTRACT: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA53495 Apache Struts Advisory S2-012 Apache Struts Advisory S2-013 CVE-2013-1965 CVE-2013-1966 IMPACT ASSESSMENT: High DISCUSSION: A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request

342

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

343

U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Apache OFBiz Cross-Site Scripting and Code Execution 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior versions may also be affected. references LINKS: Vendor Advisory Secunia Advisory 48800 CVE-2012-1621 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised within the "getServerError()" function in checkoutProcess.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code

344

T-572: VMware ESX/ESXi SLPD denial of service vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: VMware ESX/ESXi SLPD denial of service vulnerability 72: VMware ESX/ESXi SLPD denial of service vulnerability T-572: VMware ESX/ESXi SLPD denial of service vulnerability March 8, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions. PLATFORM: ESX/ESXi 4.0, 4.1 ABSTRACT: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. reference LINKS: VMware Security Advisory: VMSA-2011-0004 VMware vSphere 4 VMware ESXi 4.1 Update CVE-2010-3609 IMPACT ASSESSMENT: Moderate Discussion: A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.

345

V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Novell iPrint Client Unspecified Buffer Overflow 8: Novell iPrint Client Unspecified Buffer Overflow Vulnerability V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability May 3, 2013 - 6:00am Addthis PROBLEM: Novell iPrint Client Unspecified Buffer Overflow Vulnerability PLATFORM: Novell iPrint Client 5.x ABSTRACT: A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system REFERENCE LINKS: Secunia Advisory SA53261 Novell KB 7012344 Novell KB 7008708 CVE-2013-1091 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an unspecified error and can be exploited to cause a stack-based buffer overflow. IMPACT: Successful exploitation may allow execution of arbitrary code SOLUTION: Vendor recommendation is to update to Version 5.90

346

NV: Nessus Vulnerability Visualization for the Web  

SciTech Connect

Network vulnerability is a critical component of network se- curity. Yet vulnerability analysis has received relatively lit- tle attention from the security visualization community. In this paper we describe nv, a web-based Nessus vulnerability visualization. Nv utilizes treemaps and linked histograms to allow system administrators to discover, analyze, and man- age vulnerabilities on their networks. In addition to visual- izing single Nessus scans, nv supports the analysis of sequen- tial scans by showing which vulnerabilities have been fixed, remain open, or are newly discovered. Nv was also designed to operate completely in-browser, to avoid sending sensitive data to outside servers. We discuss the design of nv, as well as provide case studies demonstrating vulnerability analysis workflows which include a multiple-node testbed and data from the 2011 VAST Challenge.

Harrison, Lane [University of North Carolina, Charlotte; Spahn, Riley B [ORNL; Iannacone, Michael D [ORNL; Downing, Evan P [ORNL; Goodall, John R [ORNL

2012-01-01T23:59:59.000Z

347

Life cycle assessment of solid waste management options for Eskisehir, Turkey  

SciTech Connect

Life cycle assessment (LCA) methodology was used to determine the optimum municipal solid waste (MSW) management strategy for Eskisehir city. Eskisehir is one of the developing cities of Turkey where a total of approximately 750 tons/day of waste is generated. An effective MSW management system is needed in this city since the generated MSW is dumped in an unregulated dumping site that has no liner, no biogas capture, etc. Therefore, five different scenarios were developed as alternatives to the current waste management system. Collection and transportation of waste, a material recovery facility (MRF), recycling, composting, incineration and landfilling processes were considered in these scenarios. SimaPro7 libraries were used to obtain background data for the life cycle inventory. One ton of municipal solid waste of Eskisehir was selected as the functional unit. The alternative scenarios were compared through the CML 2000 method and these comparisons were carried out from the abiotic depletion, global warming, human toxicity, acidification, eutrophication and photochemical ozone depletion points of view. According to the comparisons and sensitivity analysis, composting scenario, S3, is the more environmentally preferable alternative. In this study waste management alternatives were investigated only on an environmental point of view. For that reason, it might be supported with other decision-making tools that consider the economic and social effects of solid waste management.

Banar, Mufide [Anadolu University, Faculty of Engineering and Architecture, Department of Environmental Engineering, Iki Eylul Campus, 26555 Eskisehir (Turkey)], E-mail: mbanar@anadolu.edu.tr; Cokaygil, Zerrin; Ozkan, Aysun [Anadolu University, Faculty of Engineering and Architecture, Department of Environmental Engineering, Iki Eylul Campus, 26555 Eskisehir (Turkey)

2009-01-15T23:59:59.000Z

348

Mining Bug Databases for Unidentified Software Vulnerabilities  

SciTech Connect

Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

2012-06-01T23:59:59.000Z

349

U-198: IBM Lotus Expeditor Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

350

Vulnerability analysis of three remote voting methods  

E-Print Network (OSTI)

This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities.

Enguehard, Chantal

2009-01-01T23:59:59.000Z

351

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This...

352

Multics Security Evaluation (Volume II): Vulnerability Analysis  

Science Conference Proceedings (OSTI)

Page 1. ESD-TR-74-J93, Vor. II ' MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS Pau r A. Karger, 2Lt ...

2013-04-15T23:59:59.000Z

353

Toward a Resiliency and Vulnerability Observatory Network ...  

Science Conference Proceedings (OSTI)

... is already undertaking extensive investment in its ... vulnerability or more generally, equity, should permeate all ... etc.), parcel and/or tax portfolio data ...

2009-02-05T23:59:59.000Z

354

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

High Impact High Impact Assessment Bulletins JC3 High Impact Assessment Bulletins RSS November 7, 2012 V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code Several vulnerabilities were reported in Adobe Flash Player. November 5, 2012 V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System Two vulnerabilities were reported in HP Performance Insight. November 2, 2012 V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information Three vulnerabilities were reported in Apple iOS. November 1, 2012 V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let

355

U-238: HP Service Manager Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Service Manager Input Validation Flaw Permits Cross-Site 8: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks U-238: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks August 17, 2012 - 7:00am Addthis PROBLEM: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 7.11, 9.21, 9.30 ABSTRACT: Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. REFERENCE LINKS: www2.hp.com http://www.securitytracker.com/id/1027399 CVE-2012-3251 IMPACT ASSESSMENT: Moderate Discussion: A vulnerability was reported in HP Service Manager. A remote user can conduct cross-site scripting attacks. The software does not properly filter

356

U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: HP Network Node Manager i Input Validation Flaw Permits 9: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks August 7, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: HP Network Node Manager I (NNMi) v8.x, v9.0x, v9.1x, v9.20 for HP-UX, Linux, Solaris, and Windows ABSTRACT: Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Reference LINKS: HP Document ID: c03405705 SecurityTracker Alert ID: 1027345 Bugtraq ID: 54815 CVE-2012-2022 IMPACT ASSESSMENT:

357

U-238: HP Service Manager Input Validation Flaw Permits Cross-Site  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

38: HP Service Manager Input Validation Flaw Permits Cross-Site 38: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks U-238: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks August 17, 2012 - 7:00am Addthis PROBLEM: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks PLATFORM: Version(s): 7.11, 9.21, 9.30 ABSTRACT: Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. REFERENCE LINKS: www2.hp.com http://www.securitytracker.com/id/1027399 CVE-2012-3251 IMPACT ASSESSMENT: Moderate Discussion: A vulnerability was reported in HP Service Manager. A remote user can conduct cross-site scripting attacks. The software does not properly filter

358

Result Summary for the Area 5 Radioactive Waste Management Site Performance Assessment Model Version 4.113  

Science Conference Proceedings (OSTI)

Preliminary results for Version 4.113 of the Nevada National Security Site Area 5 Radioactive Waste Management Site performance assessment model are summarized. Version 4.113 includes the Fiscal Year 2011 inventory estimate.

Shott, G. J.

2012-04-15T23:59:59.000Z

359

Environmental assessment of garden waste management in the Municipality of Aarhus, Denmark  

Science Conference Proceedings (OSTI)

An environmental assessment of six scenarios for handling of garden waste in the Municipality of Aarhus (Denmark) was performed from a life cycle perspective by means of the LCA-model EASEWASTE. In the first (baseline) scenario, the current garden waste management system based on windrow composting was assessed, while in the other five scenarios alternative solutions including incineration and home composting of fractions of the garden waste were evaluated. The environmental profile (normalised to Person Equivalent, PE) of the current garden waste management in Aarhus is in the order of -6 to 8 mPE Mg{sup -1} ww for the non-toxic categories and up to 100 mPE Mg{sup -1} ww for the toxic categories. The potential impacts on non-toxic categories are much smaller than what is found for other fractions of municipal solid waste. Incineration (up to 35% of the garden waste) and home composting (up to 18% of the garden waste) seem from an environmental point of view suitable for diverting waste away from the composting facility in order to increase its capacity. In particular the incineration of woody parts of the garden waste improved the environmental profile of the garden waste management significantly.

Boldrin, Alessio, E-mail: aleb@env.dtu.dk [Department of Environmental Engineering, Technical University of Denmark, Kongens Lyngby (Denmark); Andersen, Jacob K.; Christensen, Thomas H. [Department of Environmental Engineering, Technical University of Denmark, Kongens Lyngby (Denmark)

2011-07-15T23:59:59.000Z

360

An assessment of management practices of wood and wood-related wastes in the urban environment  

DOE Green Energy (OSTI)

The US Environmental Protection Agency estimates that yard waste{sup 1} accounts for approximately 16% of the municipal solid waste (MSW) stream (US EPA, 1994). Until recently, specific data and related information on this component of the (MSW) stream has been limited. The purposes of this study, phase two of the three-phase assessment of urban wood waste issues, are to assess and describe current alternatives to landfills for urban wood waste management; provide guidance on the management of urban wood waste to organizations that produce or manage wood waste; and clarify state regulatory and policy positions affecting these organizations. For this study, urban wood waste is defined as solid waste generated by tree and landscape maintenance services (public and private). Urban wood waste includes the following materials: unchipped mixed wood, unchipped logs, and unchipped tops and brush; clearing and grubbing waste; fall leaves and grass clippings; and chips and whole stumps. Construction and demolition debris and consumer-generated yard waste are not included in this study. Generators of urban wood waste include various organizations; municipal, county, and commercial tree care divisions; nurseries, orchards, and golf courses; municipal park and recreation departments; and electric and telephone utility power line maintenance, excavator and land clearance, and landscape organizations. (1) US EPA defines yard waste as ''yard trimmings'' which includes ''grass, leaves and tree brush trimmings from residential, institutional, and commercial sources.''

NONE

1996-02-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

ROLE OF TOXICITY ASSESSMENT AND MONITORING IN MANAGING THE RECOVERY OF A WASTEWATER RECEIVING STREAM  

Science Conference Proceedings (OSTI)

We evaluate the roles of a long-term comprehensive toxicity assessment and monitoring program in management and for ecological recovery of a freshwater receiving stream impacted by industrial discharges and legacy contamination. National Pollution Discharge Elimination Permit (NPDES)-driven whole effluent toxicity (WET) tests using Ceriodaphnia and fathead minnows were conducted for more than twenty years to characterize wastewaters at the US National Nuclear Security Agency s Y-12 National Security Complex in Oak Ridge, Tennessee. Ambient toxicity tests also were conducted to assess water samples from EFPC, the stream receiving the wastewater discharges. The ambient tests were conducted as part of an extensive biological monitoring program that included routine surveys of fish, invertebrate and periphyton communities. WET testing, associated toxicant identification evaluations (TIEs), and ambient toxicity monitoring were instrumental in identifying toxicants and their sources at the Y-12 Complex, guiding modifications to wastewater treatment procedures, and assessing the success of various pollution-abatement actions. Through time, as requirements changed and water quality improved, the toxicity monitoring program became more focused. Ambient testing with Ceriodaphnia and fathead minnow larvae also was supplemented with less-standardized but more-sensitive alternative laboratory and in situ bioassays. The Y-12 Complex biological monitoring experience demonstrates the significant roles effluent and ambient toxicity testing can have in controlling and managing toxic discharges to receiving waters. It also emphasizes the value of supplementing WET and standardized ambient toxicity tests with alternative laboratory and in situ toxicity tests tailored to address specific problems.

Greeley Jr, Mark Stephen [ORNL; Kszos, Lynn A [ORNL; Stewart, Arthur J [ORNL; Smith, John G [ORNL

2011-01-01T23:59:59.000Z

362

RCRA Assessment Plan for Single-Shell Tank Waste Management Area TX-TY  

SciTech Connect

WMA TX-TY contains underground, single-shell tanks that were used to store liquid waste that contained chemicals and radionuclides. Most of the liquid has been removed, and the remaining waste is regulated under the RCRA as modified in 40 CFR Part 265, Subpart F and Washington States Hazardous Waste Management Act . WMA TX-TY was placed in assessment monitoring in 1993 because of elevated specific conductance. A groundwater quality assessment plan was written in 1993 describing the monitoring activities to be used in deciding whether WMA TX-TY had affected groundwater. That plan was updated in 2001 for continued RCRA groundwater quality assessment as required by 40 CFR 265.93 (d)(7). This document further updates the assessment plan for WMA TX-TY by including (1) information obtained from ten new wells installed at the WMA after 1999 and (2) information from routine quarterly groundwater monitoring during the last five years. Also, this plan describes activities for continuing the groundwater assessment at WMA TX TY.

Horton, Duane G.

2007-03-26T23:59:59.000Z

363

Ecological and Wildlife Risk Assessment of Chemicals Encountered in Vegetation Management on Electric Utility Rights-of-Way  

Science Conference Proceedings (OSTI)

The management of vegetation on electric utility rights-of-way (ROWs) is an essential part of managing electrical transmission and distribution systems. A variety of manual, mechanical, and chemical methods, singly or in combination, are used for this purpose. The method or methods selected must be safe for humans and the environment and cost-effective in accomplishing the goals of ROW management. This report reviews environmental and wildlife safety through an assessment of risk to the environment, incl...

2004-12-27T23:59:59.000Z

364

Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities, August 2011  

NLE Websites -- All DOE Office Websites (Extended Search)

Review Report Review Report Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities May 2011 August 2011 Office of Health, Safety and Security Office of Enforcement and Oversight Office of Safety and Emergency Management Evaluations Table of Contents Background ................................................................................................................................................... 1 Results ........................................................................................................................................................... 2 Conduct of the FCA ......................................................................................................................... 2

365

Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities, August 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Review Report Review Report Facility Centered Assessment of the Los Alamos National Laboratory Science and Technology Operations - Facility Operations Director Managed Facilities May 2011 August 2011 Office of Health, Safety and Security Office of Enforcement and Oversight Office of Safety and Emergency Management Evaluations Table of Contents Background ................................................................................................................................................... 1 Results ........................................................................................................................................................... 2 Conduct of the FCA ......................................................................................................................... 2

366

Management of spent nuclear fuel on the Oak Ridge Reservation, Oak Ridge, Tennessee: Environmental assessment  

SciTech Connect

On June 1, 1995, DOE issued a Record of Decision [60 Federal Register 28680] for the Department-wide management of spent nuclear fuel (SNF); regionalized storage of SNF by fuel type was selected as the preferred alternative. The proposed action evaluated in this environmental assessment is the management of SNF on the Oak Ridge Reservation (ORR) to implement this preferred alternative of regional storage. SNF would be retrieved from storage, transferred to a hot cell if segregation by fuel type and/or repackaging is required, loaded into casks, and shipped to off-site storage. The proposed action would also include construction and operation of a dry cask SNF storage facility on ORR, in case of inadequate SNF storage. Action is needed to enable DOE to continue operation of the High Flux Isotope Reactor, which generates SNF. This report addresses environmental impacts.

1996-02-01T23:59:59.000Z

367

Assessment of national systems for obtaining local acceptance of waste management siting and routing activities  

SciTech Connect

There is a rich mixture of formal and informal approaches being used in our sister nuclear democracies in their attempts to deal with the difficulties of obtaining local acceptance for siting of waste management facilities and activities. Some of these are meeting with a degree of success not yet achieved in the US. Although this survey documents and assesses many of these approaches, time did not permit addressing in any detail their relevance to common problems in the US. It would appear the US could benefit from a periodic review of the successes and failures of these efforts, including analysis of their applicability to the US system. Of those countries (Germany, Sweden, Switzerland, Japan, Belgium, and the US) who are working to a time table for the preparation of a high-level waste (HLW) repository, Germany is the only country to have gained local siting acceptance for theirs. With this (the most difficult of siting problems) behind them they appear to be in the best overall condition relative to waste management progress and plans. This has been achieved without a particularly favorable political structure, made up for by determination on the part of the political leadership. Of the remaining three countries studied (France, UK and Canada) France, with its AVM production facility, is clearly the world leader in the HLW immobilization aspect of waste management. France, Belgium and the UK appear to have the least favorable political structures and environments for arriving at waste management decisions. US, Switzerland and Canada appear to have the least favorable political structures and environments for arriving at waste management decisions.

Paige, H.W.; Lipman, D.S.; Owens, J.E.

1980-07-01T23:59:59.000Z

368

Proceedings of the tenth annual DOE low-level waste management conference: Session 2: Site performance assessment  

Science Conference Proceedings (OSTI)

This document contains twelve papers on various aspects of low-level radioactive waste management. Topics of this volume include: performance assessment methodology; remedial action alternatives; site selection and site characterization procedures; intruder scenarios; sensitivity analysis procedures; mathematical models for mixed waste environmental transport; and risk assessment methodology. Individual papers were processed separately for the database. (TEM)

Not Available

1988-12-01T23:59:59.000Z

369

Joint Assessment of Renewable Energy and Water Desalination Research Center (REWDC) Program Capabilities and Facilities In Radioactive Waste Management  

SciTech Connect

The primary goal of this visit was to perform a joint assessment of the Renewable Energy and Water Desalination Center's (REWDC) program in radioactive waste management. The visit represented the fourth technical and scientific interaction with Libya under the DOE/NNSA Sister Laboratory Arrangement. Specific topics addressed during the visit focused on Action Sheet P-05-5, ''Radioactive Waste Management''. The Team, comprised of Mo Bissani (Team Lead), Robert Fischer, Scott Kidd, and Jim Merrigan, consulted with REWDC management and staff. The team collected information, discussed particulars of the technical collaboration and toured the Tajura facility. The tour included the waste treatment facility, waste storage/disposal facility, research reactor facility, hot cells and analytical labs. The assessment team conducted the first phase of Task A for Action Sheet 5, which involved a joint assessment of the Radioactive Waste Management Program. The assessment included review of the facilities dedicated to the management of radioactive waste at the Tourja site, the waste management practices, proposed projects for the facility and potential impacts on waste generation and management.

Bissani, M; Fischer, R; Kidd, S; Merrigan, J

2006-04-03T23:59:59.000Z

370

Evaluation of the Los Alamos National Security Emergency Operations Divison Emergency Management Self-assessment Practices, June 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

06-08 06-08 Site: Los Alamos National Laboratory Subject: Office of Enforcement and Oversight's Office of Safety and Emergency Management Evaluations Activity Report for the Evaluation of the Los Alamos National Security Emergency Operations Division Emergency Management Self-assessment Practices Dates of Activity : 06/06/2011-06/08/2011 Report Preparer: John Bolling/Randy Griffin Activity Description/Purpose: Los Alamos National Security, LLC (LANS) and the Los Alamos Site Office (LASO) requested that the U.S. Department of Energy (DOE), Office of Health, Safety and Security (HSS), Office of Safety and Emergency Management Evaluations evaluate LANS's Emergency Operations Division emergency management self- assessment practices. Utilizing the self-assessment of the Los Alamos National Laboratory (LANL) emergency

371

T-596: 0-Day Windows Network Interception Configuration Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: 0-Day Windows Network Interception Configuration 6: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can be used to stage potential man-in-the-middle (MITM) attacks on IPv4 traffic. Please see the "Other Links" section below, as it provides an external URL reference. reference LINKS: InfoSec Institute - SLAAC Attack Cisco Threat Comparison and Best-Practice White Paper IMPACT ASSESSMENT: High

372

Diversity Strategies to Mitigate Postulated Common Cause Failure Vulnerabilities  

Science Conference Proceedings (OSTI)

This paper describes an approach to establish effective mitigating strategies that can resolve potential common-cause failure (CCF) vulnerabilities in instrumentation and control (I&C) systems at nuclear power plants. A particular objective in the development of these strategies, which consist of combinations of diversity attributes and their associated criteria, is to address the unique characteristics of digital technology that can contribute to CCF concerns. The research approach employed to establish diversity strategies involves investigation of available documentation on diversity usage and experience from nuclear power and non-nuclear industries, capture of expert knowledge and lessons learned, determination of common practices, and assessment of the nature of CCFs and compensating diversity attributes. The resulting diversity strategies address considerations such as the effect of technology choices, the nature of CCF vulnerabilities, and the prospective impact of each diversity type. In particular, the impact of each attribute and criterion on the purpose, process, product, and performance aspects of diverse systems are considered.

Wood, Richard Thomas [ORNL

2010-01-01T23:59:59.000Z

373

Assessment of the Emergency Management Program Training and Drills Functional Area at the Los Alamos National Laboratory, August 2011  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

LANL-2011-08-04 LANL-2011-08-04 Site: Los Alamos National Laboratory Subject: Office of Enforcement and Oversight's Office of Safety and Emergency Management Evaluations Activity Report of the Assessment of the Emergency Management Program Training and Drills Functional Area Dates of Activity : 08/01/2011 - 08/04/2011 Report Preparer: David Odland/Randy Griffin Activity Description/Purpose: Since the 2007 Office of Health, Safety and Security (HSS) inspection of the Los Alamos National Laboratory (LANL) emergency management program, HSS personnel have conducted periodic visits to follow-up on the corrective actions taken to address the findings in the review. This 2011 assessment was conducted to continue the corrective action follow-up activities and to support the Los Alamos Site Office (LASO) Emergency Management Program Manager in accomplishing

374

V-177: VMware vCenter Chargeback Manager File Upload Handling...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: VMware vCenter Chargeback Manager File Upload Handling Vulnerability V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability June 13, 2013 - 6:00am Addthis...

375

Self-perceptions of volunteer management:: a texas 4-h volunteer needs assessment  

E-Print Network (OSTI)

The purpose of this study was to assess the management of volunteers through self-perceptions of Texas 4-H volunteers. This research was an on-line questionnaire designed to assess volunteers attitudes toward recruitment, orientation, training, resources, utilization, motivations for continuation of service, and recognition. The population was volunteers enrolled in the Texas 4-H Program during the 2007-2008 program year. The census included 711 Texas 4-H volunteer respondents. This study used a questionnaire designed by the researcher and a team of faculty and staff at a major land grant university and a demographics questionnaire. SPSS 16.0 for Windows was used to analyze the data. The study revealed that most Texas 4-H volunteers are oriented and trained in their roles and responsibilities as a volunteer, have additional opportunities for training in their role as club managers or project leaders, have the resources necessary to fulfill their role, and are recognized for their contributions to the Texas 4-H Program. However, as with any program, there is room for improvement. Respondents indicated a need for curriculum development in volunteer and club management. Additionally, 83% of volunteers began volunteering because they had children or family enrolled in the 4-H program; however, volunteers are motivated to continue to serve as volunteers because they want to help youth and support youth development, the 4-H program, agriculture, and family and community development. Respondents indicated they chose to discontinue serving as a 4-H volunteer due to lack of county Extension staff support, lack of time, children aging out of the program, and burnout. The following recommendations for action were based on the findings and conclusions of this study. Volunteer orientation and training programs should become an integral part of all county 4-H volunteer management programs. Curriculum should be developed in the areas of volunteer and club management. In addition, all volunteers should be recognized for their contributions to the program. Orientation, training, and recognition of 4-H volunteers will provide opportunities for volunteers to build an affiliation for the Texas 4-H program, and in turn, motivate volunteers to continue to serve the 4-H youth development program.

Torock, Jodi Lynn

2008-12-01T23:59:59.000Z

376

V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Video Surveillance Manager Bugs Let Remote Users 2: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information July 25, 2013 - 2:52am Addthis PROBLEM: A remote user can obtain potentially sensitive information and modify some configuration settings. A remote user can exploit this to create, modify, and remove camera feeds, archives, logs, and users. PLATFORM: Cisco Video Surveillance Manager 7.1, 7.5 ABSTRACT: Two vulnerabilities were reported in Cisco Video Surveillance Manager REFERENCE LINKS: Security Tracker Alert ID: 1028827 CVE-2013-3429 CVE-2013-3430 CVE-2013-3431 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is due to an access control error that occurred. The

377

U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: HP Performance Manager Unspecified Bug Lets Remote Users 7: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes March 30, 2012 - 9:15am Addthis PROBLEM: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes PLATFORM: HP-UX B.11.31 HP-UX B.11.23 ABSTRACT: A remote user can execute arbitrary code on the target system. REFERENCE LINKS: HP Support Document ID: c03255321 SecurityTracker Alert ID: 1026869 CVE-2012-0127 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS).

378

Hawaii demand-side management resource assessment. Final report: DSM opportunity report  

SciTech Connect

The Hawaii Demand-Side Management Resource Assessment was the fourth of seven projects in the Hawaii Energy Strategy (HES) program. HES was designed by the Department of Business, Economic Development, and Tourism (DBEDT) to produce an integrated energy strategy for the State of Hawaii. The purpose of Project 4 was to develop a comprehensive assessment of Hawaii`s demand-side management (DSM) resources. To meet this objective, the project was divided into two phases. The first phase included development of a DSM technology database and the identification of Hawaii commercial building characteristics through on-site audits. These Phase 1 products were then used in Phase 2 to identify expected energy impacts from DSM measures in typical residential and commercial buildings in Hawaii. The building energy simulation model DOE-2.1E was utilized to identify the DSM energy impacts. More detailed information on the typical buildings and the DOE-2.1E modeling effort is available in Reference Volume 1, ``Building Prototype Analysis``. In addition to the DOE-2.1E analysis, estimates of residential and commercial sector gas and electric DSM potential for the four counties of Honolulu, Hawaii, Maui, and Kauai through 2014 were forecasted by the new DBEDT DSM Assessment Model. Results from DBEDTs energy forecasting model, ENERGY 2020, were linked with results from DOE-2.1E building energy simulation runs and estimates of DSM measure impacts, costs, lifetime, and anticipated market penetration rates in the DBEDT DSM Model. Through its algorithms, estimates of DSM potential for each forecast year were developed. Using the load shape information from the DOE-2.1E simulation runs, estimates of electric peak demand impacts were developed. 10 figs., 55 tabs.

NONE

1995-08-01T23:59:59.000Z

379

T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

380

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple...

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

Material and energy recovery in integrated waste management systems. An evaluation based on life cycle assessment  

Science Conference Proceedings (OSTI)

This paper reports the environmental results, integrated with those arising from mass and energy balances, of a research project on the comparative analysis of strategies for material and energy recovery from waste, funded by the Italian Ministry of Education, University and Research. The project, involving the cooperation of five University research groups, was devoted to the optimisation of material and energy recovery activities within integrated municipal solid waste (MSW) management systems. Four scenarios of separate collection (overall value of 35%, 50% without the collection of food waste, 50% including the collection of food waste, 65%) were defined for the implementation of energetic, environmental and economic balances. Two sizes of integrated MSW management system (IWMS) were considered: a metropolitan area, with a gross MSW production of 750,000 t/year and an average province, with a gross MSW production of 150,000 t/year. The environmental analysis was conducted using Life Cycle Assessment methodology (LCA), for both material and energy recovery activities. In order to avoid allocation we have used the technique of the expansion of the system boundaries. This means taking into consideration the impact on the environment related to the waste management activities in comparison with the avoided impacts related to the saving of raw materials and primary energy. Under the hypotheses of the study, both for the large and for the small IWMS, the energetic and environmental benefits are higher than the energetic and environmental impacts for all the scenarios analysed in terms of all the indicators considered: the scenario with 50% separate collection in a drop-off scheme excluding food waste shows the most promising perspectives, mainly arising from the highest collection (and recycling) of all the packaging materials, which is the activity giving the biggest energetic and environmental benefits. Main conclusions of the study in the general field of the assessment of the environmental performance of any integrated waste management scheme address the importance of properly defining, beyond the design value assumed for the separate collection as a whole, also the yields of each material recovered; particular significance is finally related to the amount of residues deriving from material recovery activities, resulting on average in the order of 20% of the collected materials.

Giugliano, Michele; Cernuschi, Stefano [Politecnico di Milano - DIIAR, Environmental Section, P.zza Leonardo da Vinci, 32, 20133 Milano (Italy); Grosso, Mario, E-mail: mario.grosso@polimi.it [Politecnico di Milano - DIIAR, Environmental Section, P.zza Leonardo da Vinci, 32, 20133 Milano (Italy); Rigamonti, Lucia [Politecnico di Milano - DIIAR, Environmental Section, P.zza Leonardo da Vinci, 32, 20133 Milano (Italy)

2011-09-15T23:59:59.000Z

382

New York City's Vulnerability to Coastal Flooding  

Science Conference Proceedings (OSTI)

New York City, New York (NYC), is extremely vulnerable to coastal flooding; thus, verification and improvements in storm surge models are needed in order to protect both life and property. This paper highlights the Stony Brook Storm Surge (SBSS) ...

Brian A. Colle; Frank Buonaiuto; Malcolm J. Bowman; Robert E. Wilson; Roger Flood; Robert Hunter; Alexander Mintz; Douglas Hill

2008-06-01T23:59:59.000Z

383

V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ownCloud Cross-Site Scripting and File Upload 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

384

U-151: Bugzilla Cross-Site Request Forgery Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Bugzilla Cross-Site Request Forgery Vulnerability 51: Bugzilla Cross-Site Request Forgery Vulnerability U-151: Bugzilla Cross-Site Request Forgery Vulnerability April 19, 2012 - 8:15am Addthis PROBLEM: A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. reference LINKS: Vendor Advisory Secunia Advisory 48835 CVE-2012-0465 CVE-2012-0466 IMPACT ASSESSMENT: Medium Discussion: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery of a valid user password. An attacker can get access to some bug information using the victim's

385

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: MySQL User Login Security Bypass and Unspecified 8: MySQL User Login Security Bypass and Unspecified Vulnerability U-188: MySQL User Login Security Bypass and Unspecified Vulnerability June 12, 2012 - 7:00am Addthis PROBLEM: A security issue and vulnerability have been reported in MySQL PLATFORM: MySQL 5.x ABSTRACT: An error when verifying authentication attempts can be exploited to bypass the authentication mechanism. Reference LINKS: Original Advisory CVE-2012-2122 Secunia Advisory 49409 IMPACT ASSESSMENT: High Discussion: Successful exploitation of this vulnerability requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc). NOTE: Vendor binaries are reportedly not affected. The security issue is reported in versions prior to 5.1.63 and 5.5.25.

386

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

387

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

388

U-117: Potential security vulnerability has been identified with certain HP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Potential security vulnerability has been identified with 7: Potential security vulnerability has been identified with certain HP printers and HP digital senders U-117: Potential security vulnerability has been identified with certain HP printers and HP digital senders March 5, 2012 - 7:00am Addthis PROBLEM: The vulnerability could be exploited remotely to install unauthorized printer firmware. PLATFORM: Select HP printers and Digital Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. reference LINKS: Vendor Advisory CVE-2011-4161 Previous JC3 Advisory Bulletin IMPACT ASSESSMENT: High Discussion: The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx;

389

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

390

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

202: Apple QuickTime Multiple Stack Overflow Vulnerabilities 202: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

391

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Stack Overflow Vulnerabilities 2: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

392

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

393

Pollution prevention opportunity assessment: Foundation of pollution prevention for waste management  

SciTech Connect

The objective of this paper is to promote the Pollution Prevention Opportunity Assessment (PPOA) technique as a fundamental of pollution prevention for waste management. All key elements of an effective PPOA program are presented. These key elements include impacts of environmental laws on pollution prevention, PPOA concepts and overview, waste minimization opportunities assessment, reporting and monitoring waste minimization progress, and PPOA program implementation. As environmental laws evolve the focus is shifting from end-of-pipe pollution control to front-end source reduction. Waste minimization was mistakenly interpreted to mean the reduction of hazardous waste after generation in the past. The Pollution Prevention Act of 1990 has clearly defined its requirement on resource reduction. Waste reduction can be viewed as a criterion to assess all industrial processes and operations. The fundamental approach of PPOA focuses on a mass balance concept. This concept deals with tracking of chemicals from the point of purchase, through storage, utilization in the process, and waste generation at the end of process. In other words, PPOA is a technique to analyze this input/output process. By applying PPOA techniques, the framework of applicable compliance requirements to the current operation process is established. Furthermore, documentation of PPOA itself can meet as documentation requirements for environmental compliance. In general, the PPOA process consists of two phases. The first phase involves input and output process description and waste characterization. The second phase is an opportunities assessment for waste minimization from input/output waste characterization. These two phases are explained in detail in the paper.

Damewood, R.W.

1994-03-24T23:59:59.000Z

394

Assessment of medical waste management at a primary health-care center in Sao Paulo, Brazil  

SciTech Connect

Highlights: Black-Right-Pointing-Pointer Assessment of medical waste management at health-care center before/after intervention. Black-Right-Pointing-Pointer Qualitative and quantitative results of medical waste management plan are presented. Black-Right-Pointing-Pointer Adjustments to comply with regulation were adopted and reduction of waste was observed. Black-Right-Pointing-Pointer The method applied could be useful for similar establishments. - Abstract: According to the Brazilian law, implementation of a Medical Waste Management Plan (MWMP) in health-care units is mandatory, but as far as we know evaluation of such implementation has not taken place yet. The purpose of the present study is to evaluate the improvements deriving from the implementation of a MWMP in a Primary Health-care Center (PHC) located in the city of Sao Paulo, Brazil. The method proposed for evaluation compares the first situation prevailing at this PHC with the situation 1 year after implementation of the MWMP, thus allowing verification of the evolution of the PHC performance. For prior and post-diagnosis, the method was based on: (1) application of a tool (check list) which considered all legal requirements in force; (2) quantification of solid waste subdivided into three categories: infectious waste and sharp devices, recyclable materials and non-recyclable waste; and (3) identification of non-conformity practices. Lack of knowledge on the pertinent legislation by health workers has contributed to non-conformity instances. The legal requirements in force in Brazil today gave origin to a tool (check list) which was utilized in the management of medical waste at the health-care unit studied. This tool resulted into an adequate and simple instrument, required a low investment, allowed collecting data to feed indicators and also conquered the participation of the unit whole staff. Several non-conformities identified in the first diagnosis could be corrected by the instrument utilized. Total waste generation increased 9.8%, but it was possible to reduce the volume of non-recyclable materials (11%) and increase the volume of recyclable materials (4%). It was also possible to segregate organic waste (7%), which was forwarded for production of compost. The rate of infectious waste generation in critical areas decreased from 0.021 to 0.018 kg/procedure. Many improvements have been observed, and now the PHC complies with most of legal requirements, offers periodic training and better biosafety conditions to workers, has reduced the volume of waste sent to sanitary landfills, and has introduced indicators for monitoring its own performance. This evaluation method might subsidize the creation and evaluation of medical waste management plans in similar heath institutions.

Moreira, A.M.M., E-mail: anamariainforme@hotmail.com [Department of Environmental Health, School of Public Health, University of Sao Paulo, Avenida Doutor Arnaldo 715, Sao Paulo 01246-904 (Brazil); Guenther, W.M.R. [Department of Environmental Health, School of Public Health, University of Sao Paulo, Avenida Doutor Arnaldo 715, Sao Paulo 01246-904 (Brazil)

2013-01-15T23:59:59.000Z

395

DOE/EA-Ill7 ENVIRONMENTAL ASSESSMENT Management of Spent Nuclear Fuel  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Ill7 Ill7 ENVIRONMENTAL ASSESSMENT Management of Spent Nuclear Fuel on the Oak Ridge Reservation Oak Ridge, Tennessee February 1996 US. Department of Energy Oak Ridge Operations Oak Ridge, Tennessee DISCLAIMER Portions of this document may be illegible in electronic image products. Images are produced from the best available original document. . DISCLAIMER i This report was prepared as an a m u n t of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsi- bility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Refer-

396

Radioactive Waste Management Complex low-level waste radiological performance assessment  

Science Conference Proceedings (OSTI)

This report documents the projected radiological dose impacts associated with the disposal of radioactive low-level waste at the Radioactive Waste Management Complex at the Idaho National Engineering Laboratory. This radiological performance assessment was conducted to evaluate compliance with applicable radiological criteria of the US Department of Energy and the US Environmental Protection Agency for protection of the public and the environment. The calculations involved modeling the transport of radionuclides from buried waste, to surface soil and subsurface media, and eventually to members of the public via air, groundwater, and food chain pathways. Projections of doses were made for both offsite receptors and individuals inadvertently intruding onto the site after closure. In addition, uncertainty and sensitivity analyses were performed. The results of the analyses indicate compliance with established radiological criteria and provide reasonable assurance that public health and safety will be protected.

Maheras, S.J.; Rood, A.S.; Magnuson, S.O.; Sussman, M.E.; Bhatt, R.N.

1994-04-01T23:59:59.000Z

397

Dose assessment for management alternatives for NORM-contaminated equipment within the petroleum industry  

Science Conference Proceedings (OSTI)

The contamination of drilling and production equipment by naturally occurring radioactive material (NORM) is a growing concern for the petroleum industry and regulators. Large volumes of NORM-contaminated scrap metal are generated by the industry each year. The contamination generally occurs as surface contamination on the interior of water-handling equipment. The source of this contamination is accumulation of by-product wastes, in the form of scale and sludge contaminated with NORM that are generated by extraction processes. The primary radionuclides of concern in petroleum industry NORM-wastes are radium-226 (Ra-226), and radium-228 (Ra-228). These isotopes are members of the uranium-238 and thorium-232 decay series, respectively. The uranium and thorium isotopes, which are naturally present in the subsurface formations from which hydrocarbons are extracted, are largely immobile and remain in the subsurface. The more soluble radium can become mobilized in the formation water and be transported to the surface in the produced water waste stream. The radium either remains in solution or precipitates in scale or sludge deposits, depending on water salinity and on temperature and pressure phase changes. NORM-containing scale consists of radium that has coprecipitated with barium, calcium, or strontium sulfates, and sludge typically consists of radium-containing silicates and carbonates. This assessment is limited to the evaluation of potential radiological doses from management options that specifically involve recycle and reuse of contaminated metal. Doses from disposal of contaminated equipment are not addressed. Radiological doses were estimated for workers and the general public for equipment decontamination and smelting. Results of this assessment can be used to examine policy issues concerning the regulation and management of NORM-contaminated wastes generated by the petroleum industry.

Blunt, D.L.; Smith, K.P.

1995-08-01T23:59:59.000Z

398

One size fits all? An assessment tool for solid waste management at local and national levels  

Science Conference Proceedings (OSTI)

Highlights: Black-Right-Pointing-Pointer Waste management schemes are generally implemented at national or regional level. Black-Right-Pointing-Pointer Local conditions characteristics and constraints are often neglected. Black-Right-Pointing-Pointer We developed an economic model able to compare multi-level waste management options. Black-Right-Pointing-Pointer A detailed test case with real economic data and a best-fit scenario is described. Black-Right-Pointing-Pointer Most efficient schemes combine clear National directives with local level flexibility. - Abstract: As environmental awareness rises, integrated solid waste management (WM) schemes are increasingly being implemented all over the world. The different WM schemes usually address issues such as landfilling restrictions (mainly due to methane emissions and competing land use), packaging directives and compulsory recycling goals. These schemes are, in general, designed at a national or regional level, whereas local conditions and constraints are sometimes neglected. When national WM top-down policies, in addition to setting goals, also dictate the methods by which they are to be achieved, local authorities lose their freedom to optimize their operational WM schemes according to their specific characteristics. There are a myriad of implementation options at the local level, and by carrying out a bottom-up approach the overall national WM system will be optimal on economic and environmental scales. This paper presents a model for optimizing waste strategies at a local level and evaluates this effect at a national level. This is achieved by using a waste assessment model which enables us to compare both the economic viability of several WM options at the local (single municipal authority) level, and aggregated results for regional or national levels. A test case based on various WM approaches in Israel (several implementations of mixed and separated waste) shows that local characteristics significantly influence WM costs, and therefore the optimal scheme is one under which each local authority is able to implement its best-fitting mechanism, given that national guidelines are kept. The main result is that strict national/regional WM policies may be less efficient, unless some type of local flexibility is implemented. Our model is designed both for top-down and bottom-up assessment, and can be easily adapted for a wide range of WM option comparisons at different levels.

Broitman, Dani, E-mail: danib@techunix.technion.ac.il [Department of Natural Resources and Environment Management, Graduate school of Management, University of Haifa, Haifa 31905 (Israel); Ayalon, Ofira [Department of Natural Resources and Environment Management, Graduate school of Management, University of Haifa, Haifa 31905 (Israel); Kan, Iddo [Department of Agricultural Economics and Management, Faculty of Agricultural, Food and Environmental Quality Sciences, Rehovot 76100 (Israel)

2012-10-15T23:59:59.000Z

399

Assessment of thermal analysis software for the DOE Office of Civilian Radioactive Waste Management  

SciTech Connect

This assessment uses several recent assessments and the more general code compilations that have been completed to produce a list of 116 codes that can be used for thermal analysis. This list is then compared with criteria prepared especially for the Department of Energy Office of Civilian Radioactive Waste Management (DOE/OCRWM). Based on these criteria, fifteen codes are narrowed to three primary codes and four secondary codes for use by the OCRWM thermal analyst. The analyst is cautioned that since no single code is sufficient for all applications, a code must be selected based upon the predominate heat transfer mode of the problem to be solved, but the codes suggested in this report have been used successfully for a range of OCRWM applications. The report concludes with a series of recommendations for additional work of which the major points include the following: The codes suggested by this report must be benchmarked with the existing US and international problems and validated when possible; An interactive code selection tool could be developed or, perhaps even more useful, a users group could be supported to ensure the proper selection of thermal codes and dissemination of information on the latest version; The status of the 116 codes identified by this report should be verified, and methods for maintaining the still active codes must be established; and special capabilities of each code in phase change, convection and radiation should be improved to better enable the thermal analyst to model OCRWM applications. 37 refs., 3 figs., 12 tabs.

Williams, P.T.; Graham, R.F.; Lagerberg, G.N.; Chung, T.C.

1989-07-01T23:59:59.000Z

400

Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

Not Available

1994-09-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

Chemical Safety Vulnerability Working Group report. Volume 3  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

Not Available

1994-09-01T23:59:59.000Z

402

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow  

NLE Websites -- All DOE Office Websites (Extended Search)

65: Vulnerability in Microsoft Malware Protection Engine Could 65: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability February 25, 2011 - 7:40am Addthis PROBLEM: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability. PLATFORM: Microsoft Malware Protection Engine Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0 This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0 If the version of the Microsoft Malware Protection Engine is equal to or

403

Security Issues in Cloud Computing: A Survey of Risks, Threats and Vulnerabilities  

Science Conference Proceedings (OSTI)

Cloud Computing CC is revolutionizing the methodology by which IT services are being utilized. It is being introduced and marketed with many attractive promises that are enticing to many companies and managers, such as reduced capital costs and relief ... Keywords: Cloud Computing, Risks, Security, Threats, Vulnerabilities

Kamal Dahbur; Bassil Mohammad; Ahmad Bisher Tarakji

2011-07-01T23:59:59.000Z

404

V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: GnuTLS TLS Record Decoding Denial of Service Vulnerability 7: GnuTLS TLS Record Decoding Denial of Service Vulnerability V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability May 30, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in GnuTLS PLATFORM: GnuTLS 2.x ABSTRACT: A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) REFERENCE LINKS: Secunia Advisory SA53600 GnuTLS Library GNUTLS-SA-2013-2 CVE-2013-2116 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an out-of-bounds read error within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c and can be exploited to cause a crash of the application using the library. IMPACT: Possible DoS SOLUTION: Vendor recommends applying Patch or upgrading to Version 3.x

405

V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP StoreOnce D2D Backup Systems Denial of Service 6: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability August 24, 2013 - 3:45am Addthis PROBLEM: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: HP StoreOnce D2D Backup Systems 1.x, HP StoreOnce D2D Backup Systems 2.x ABSTRACT: The vulnerability is reported in versions 2.2.18 and prior and 1.2.18 and prior. REFERENCE LINKS: Secunia Advisory SA54598 CVE-2013-2353 IMPACT ASSESSMENT: Moderate DISCUSSION: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further

406

U-171: DeltaV Products Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

71: DeltaV Products Multiple Vulnerabilities 71: DeltaV Products Multiple Vulnerabilities U-171: DeltaV Products Multiple Vulnerabilities May 17, 2012 - 7:00am Addthis PROBLEM: DeltaV Products Multiple Vulnerabilities PLATFORM: DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 DeltaV ProEssentials Scientific Graph version 5.0.0.6 ABSTRACT: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference LINKS: Secunia Advisory SA49210 CVE-2012-1814 CVE-2012-1815 CVE-2012-1816 CVE-2012-1817 CVE-2012-1818 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and

407

RCRA Assessment Plan for Single-Shell Tank Waste Management Area TX-TY at the Hanford Site  

SciTech Connect

A groundwater quality assessment plan was prepared to investigate the rate and extent of aquifer contamination beneath Waste Management Area TX-TY on the Hanford Site in Washington State. This plan is an update of a draft plan issued in February 1999, which guided work performed in fiscal year 2000.

Hodges, Floyd N.; Chou, Charissa J.

2001-02-23T23:59:59.000Z

408

Performance Assessment Transport Modeling of Uranium at the Area 5 Radioactive Waste Management Site at the Nevada National Security Site  

SciTech Connect

Following is a brief summary of the assumptions that are pertinent to the radioactive isotope transport in the GoldSim Performance Assessment model of the Area 5 Radioactive Waste Management Site, with special emphasis on the water-phase reactive transport of uranium, which includes depleted uranium products.

NSTec Radioactive Waste

2010-10-12T23:59:59.000Z

409

A framework for modeling rail transport vulnerability  

Science Conference Proceedings (OSTI)

Railroads represent one of the most efficient methods of long-haul transport for bulk commodities, from coal to agricultural products. Over the past fifty years, the rail network has contracted while tonnage has increased. Service, geographically, has been abandoned along short haul routes and increased along major long haul routes, resulting in a network that is more streamlined. The current rail network may be very vulnerable to disruptions, like the failure of a trestle. This paper proposes a framework to model rail network vulnerability and gives an application of this modeling framework in analyzing rail network vulnerability for the State of Washington. It concludes with a number of policy related issues that need to be addressed in order to identify, plan, and mitigate the risks associated with the sudden loss of a bridge or trestle.

Peterson, Steven K [ORNL; Church, Richard L. [University of California, Santa Barbara

2008-01-01T23:59:59.000Z

410

Burlington Bottoms Wildlife Mitigation Project. Final Environmental Assessment/Management Plan and Finding of No Significant Impact.  

DOE Green Energy (OSTI)

Bonneville Power Administration (BPA) proposes to fund wildlife management and enhancement activities for the Burlington bottoms wetlands mitigation site. Acquired by BPA in 1991, wildlife habitat at Burlington bottoms would contribute toward the goal of mitigation for wildlife losses and inundation of wildlife habitat due to the construction of Federal dams in the lower Columbia and Willamette River Basins. Target wildlife species identified for mitigation purposes are yellow warbler, great blue heron, black-capped chickadee, red-tailed hawk, valley quail, spotted sandpiper, wood duck, and beaver. The Draft Management Plan/Environmental Assessment (EA) describes alternatives for managing the Burlington Bottoms area, and evaluates the potential environmental impacts of the alternatives. Included in the Draft Management Plan/EA is an implementation schedule, and a monitoring and evaluation program, both of which are subject to further review pending determination of final ownership of the Burlington Bottoms property.

Not Available

1994-12-01T23:59:59.000Z

411

U-003:RPM Package Manager security update | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

03:RPM Package Manager security update 03:RPM Package Manager security update U-003:RPM Package Manager security update October 4, 2011 - 1:30pm Addthis PROBLEM: A vulnerability was reported in RPM Package Manager. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): 4.9.1.1 and prior versions. ABSTRACT: RPM Package Manager Header Validation Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: RPM Package Manager Advisory RHSA-2011:1349-1 SecurityTracker Alert ID: 1026134 CVE-2011-3378 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted RPM package that, when queried or installed by the target user, will trigger a buffer overflow or memory corruption error and execute arbitrary code on the target system. The code

412

V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: IBM Tivoli Federated Identity Manager Signature Verification 3: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes V-073: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes January 21, 2013 - 12:15am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Signature Verification Flaw Lets Remote Users Modify Attributes PLATFORM: Tivoli Federated Identity Manager versions 6.2.0, 6.2.1, 6.2.2 ABSTRACT: A vulnerability was reported in IBM Tivoli Federated Identity Manager. REFERENCE LINKS: IBM Security Bulletin: 1615744 SecurityTracker Alert ID: 1028011 CVE-2012-6359 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not check that all attributes have been signed. A remote user with the ability to conduct a man-in-the-middle attack can modify

413

U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Cisco Unified Communications Manager Directory Traversal 1: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files October 27, 2011 - 7:45am Addthis PROBLEM: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files. PLATFORM: Cisco Unified Communications Manager 6.x, 7.x and 8.x ABSTRACT: A vulnerability was reported in Cisco Unified Communications Manager. reference LINKS: Cisco Advisory ID: cisco-sa-20111026-cucm Cisco Security Advisories and Response SecurityTracker Alert ID: 1026243 CVE-2011-3315 IMPACT ASSESSMENT: Medium Discussion: A remote user can view files on the target system. The software does not properly validate user-supplied input. A remote user can supply a specially

414

V-192: Symantec Security Information Manager Input Validation Flaws Permit  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

92: Symantec Security Information Manager Input Validation Flaws 92: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks V-192: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks July 4, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in Symantec Security Information Manager PLATFORM: Symantec Security Information Manager Appliance Version 4.7.x and 4.8.0 ABSTRACT: Symantec was notified of multiple security issues impacting the SSIM management console REFERENCE LINKS: SecurityTracker Alert ID: 1028727 Symantec Security Advisory SYM13-006 CVE-2013-1613 CVE-2013-1614 CVE-2013-1615 IMPACT ASSESSMENT: Medium DISCUSSION: The console does not properly filter HTML code from user-supplied input

415

JC3 Low Impact Assessment Bulletins  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

low-impact-assessment-bulletins low-impact-assessment-bulletins Office of the Chief Information Officer 1000 Independence Ave., SW Washington, DC 202-586-0166 en V-207: Wireshark Multiple Denial of Service Vulnerabilities http://energy.gov/cio/articles/v-207-wireshark-multiple-denial-service-vulnerabilities vulnerabilities" class="title-link">V-207: Wireshark Multiple Denial of Service Vulnerabilities

416

Critical infrastructure protection: The vulnerability conundrum  

Science Conference Proceedings (OSTI)

Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats ... Keywords: Critical infrastructure, Fortification, Interdiction, Policy, Protection, Strategies, Vulnerability

Alan T. Murray; Tony H. Grubesic

2012-02-01T23:59:59.000Z

417

Chemical Safety Vulnerability Working Group Report  

SciTech Connect

This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

1994-09-01T23:59:59.000Z

418

V-195: RSA Authentication Manager Lets Local Users View the Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

95: RSA Authentication Manager Lets Local Users View the 95: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password July 9, 2013 - 12:51am Addthis PROBLEM: RSA Authentication Manager Lets Local Users View the Administrative Account Password PLATFORM: RSA Authentication Manager 7.1, 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028742 CVE-2013-3273 RSA IMPACT ASSESSMENT: Medium DISCUSSION: When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace

419

Assessment of Latent Heat Reservoirs for Thermal Management of QCW Laser Diodes  

SciTech Connect

There is great interest in improving the thermal management of laser diodes intended for use as pumps in inertial confinement fusion systems. Laser diode power is currently constrained by heat dissipation in the diodes. Diodes typically dissipate a quantity of heat that is comparable to their optical power output. This heating of the diode junction causes a thermal rollover that prevents the output power from scaling linearly with current drive, and also results in reliability limits due to catastrophic failure at diode mirror facets. For the pulsed, quasi-continuous wave (QCW) operating mode employed for LIFE and certain DOD applications, {approx}5 kW/cm{sup 2} of heat must be removed on timescales of {approx}100{micro}s, which is determined by thermal paths located within {approx}200 {micro}m of the laser junction. For these reasons, QCW thermal management is extremely challenging. Reducing the diode junction temperature enables more efficient operation, reduced thermal chirp, and operation at higher output power without compromised reliability - which improves the diode costs as measured in $/W. We have proposed the use of latent heat reservoirs to improve thermal management of diodes used in pulsed, quasi-continuous wave (QCW) operation. Our basic concept involves placement of a reservoir of low-melting-point metal within a few hundred microns of the laser junction, as in Fig. 1-1. This metal's latent heat of fusion maintains a nearly constant temperature (like a cold plate) in the very near vicinity of the diode junction. This cold reservoir creates large thermal gradients, which in turn are anticipated to drive a large heat flow from the diode. In contrast, conventional QCW devices rely on thermal diffusion into a large solid mass which cannot be held at a fixed temperature, which significantly limits the thermal extraction. Our operational concept involves phase changes within the reservoir during every QCW pulse. During the early portion of the pulse, heating of the diode and its surrounding material initiates melting within the latent heat reservoir. This phase change results in a near-constant reservoir temperature that facilitates heat transfer. During the long ({approx}100 ms) time between QCW pulses, the reservoir metal resolidifies. A simple back-of-the-envelope calculation based on Gallium metal shows that a 50 {micro}m thick Gallium reservoir is sufficient to absorb all heat generated by a 350 {micro}s pulse at 5 kW/cm{sup 2}. While this calculation shows that a latent heat reservoir can provide sufficient capacity to handle the magnitude of heat generated, it does not address the transient change in the diode junction temperature, which depends on details the heat flow into and through the reservoir. For this reason, we undertook a set of numerical experiments to quantitatively assess the impact of latent heat reservoirs on junction temperature. This report documents the results of these simulations.

Deri, B; Kotovsky, J; Spadaccini, C

2010-03-15T23:59:59.000Z

420

Hawaii demand-side management resource assessment. Final report, Reference Volume 1: Building prototype analysis  

Science Conference Proceedings (OSTI)

This report provides a detailed description of, and the baseline assumptions and simulation results for, the building prototype simulations conducted for the building types designated in the Work Plan for Demand-side Management Assessment of Hawaii`s Demand-Side Resources (HES-4, Phase 2). This report represents the second revision to the initial building prototype description report provided to DBEDT early in the project. Modifications and revisions to the prototypes, based on further calibration efforts and on comments received from DBEDT Staff have been incorporated into this final version. These baseline prototypes form the basis upon which the DSM measure impact estimates and the DSM measure data base were developed for this project. This report presents detailed information for each of the 17 different building prototypes developed for use with the DOE-21E program (23 buildings in total, including resorts and hotels defined separately for each island) to estimate the impact of the building technologies and measures included in this project. The remainder of this section presents some nomenclature and terminology utilized in the reports, tables, and data bases developed from this project to denote building type and vintage. Section 2 contains a more detailed discussion of the data sources, the definition of the residential sector building prototypes, and results of the DOE-2 analysis. Section 3 provides a similar discussion for the commercial sector. The prototype and baseline simulation results are presented in a separate section for each building type. Where possible, comparison of the baseline simulation results with benchmark data from the ENERGY 2020 model or other demand forecasting models specific to Hawaii is included for each building. Appendix A contains a detailed listing of the commercial sector baseline indoor lighting technologies included in the existing and new prototypes by building type.

NONE

1995-04-01T23:59:59.000Z

Note: This page contains sample records for the topic "management vulnerability assessment" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE  

E-Print Network (OSTI)

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE A Quantitative Approach R. H. Moss A. L. Brenkert E@ntis.fedworld.gov Online ordering: http://www.ntis.gov/ordering.htm #12;iii EXECUTIVE SUMMARY The PNNL Vulnerability

Hultman, Nathan E.

422

Algorithms and Methodologies for Integrated Substation Equipment Risk and Performance Assessment Tools for Asset Management and Smar t Grid  

Science Conference Proceedings (OSTI)

EPRI has developed a suite of algorithms and methodologies designed to assess substation equipment performance and risk. These tools and the supporting databases have been enhanced to provide projections of future performance and risk. Utilizing these algorithms and tools, asset and maintenance managers can make better-informed decisions about current and future investments. This report lays out the rationale underlying the development of these tools and sets the foundation for their effective use by uti...

2009-12-23T23:59:59.000Z

423

Assessment of Commercial Building Automation and Energy Management Systems for Demand Response Applications  

Science Conference Proceedings (OSTI)

This Technical Update is an overview of commercial building automation and energy management systems with a focus on their capabilities (current and future), especially in support of demand response (DR). The report includes background on commercial building automation and energy management systems; a discussion of demand response applications in commercial buildings, including building loads and control strategies; and a review of suppliers building automation and energy management systems to support d...

2009-12-14T23:59:59.000Z

424

T-560: Cisco Security Advisory: Management Center for Cisco Security...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Security Advisory: Cisco Content Services Gateway Vulnerabilities V-014: Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands...

425

V-073: IBM Tivoli Federated Identity Manager Signature Verification...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Web Server HTTP TRACETRACK Support Lets Remote Users Obtain Potentially Sensitive Information V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities...

426

V-073: IBM Tivoli Federated Identity Manager Signature Verification...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities...

427

When the well runs dry : groundwater management in Texas.  

E-Print Network (OSTI)

??Managing and protecting our water resources is one of the most pressing long-term issues facing Texas. In addition to population growth, Texas' vulnerability to drought (more)

Reel, Jennifer Lynne

2010-01-01T23:59:59.000Z

428

Assessing community capacity for ecosystem management : Clayoquot Sound and Redberry Lake biosphere reserves .  

E-Print Network (OSTI)

??Biosphere reserves are regions that are internationally recognized for their ecological significance and work towards ecosystem management. The concept of community capacity, as developed in (more)

Mendis, Sharmalene Ruwanthi

2004-01-01T23:59:59.000Z

429

T-560: Cisco Security Advisory: Management Center for Cisco Security Agent  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Cisco Security Advisory: Management Center for Cisco 0: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability February 18, 2011 - 7:00am Addthis PROBLEM: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability. PLATFORM: Cisco Security Agent software releases 5.1, 5.2, and 6.0 are affected by this vulnerability. Note: Only the Management Center for Cisco Security Agent is affected by this vulnerability. Cisco Security Agent installations on end-point workstations or servers are not affected by this vulnerability. ABSTRACT: The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote

430

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: eXtplorer "ext_find_user()" Authentication Bypass 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug. IMPACT: An error within the "ext_find_user()" function in users.php can be

431

RCRA Assessment Plan for Single-Shell Tank Waste Management Area T  

Science Conference Proceedings (OSTI)

This plan describes the data quality objectives process used to guide information gathering to further the assessment at WMA T.

Horton, Duane G.

2006-01-15T23:59:59.000Z

432

V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP Service Manager Bugs Permit Cross-Site Scripting and 6: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks May 1, 2013 - 12:43am Addthis PROBLEM: HP Service Manager Bugs Permit Cross-Site Scripting and Information Disclosure Attacks PLATFORM: Service Manager v9.31 Web Tier ABSTRACT: Two vulnerabilities were reported in HP Service Manager REFERENCE LINKS: HP Document ID: c03748875 SecurityTracker Alert ID: 1028496 CVE-2012-5222 CVE-2013-2321 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can obtain potentially sensitive information [CVE-2012-5222]. Service Manager Web Tier does not properly filter HTML code from user-supplied input before displaying the input [CVE-2013-2321]. A remote

433

RCRA Assessment Plan for Single-Shell Tank Waste Management Area S-SX at the Hanford Site  

SciTech Connect

A groundwater quality assessment plan was prepared for waste management area S-SX at the Hanford Site. Groundwater monitoring is conducted at this facility in accordance with Title 40, Code of Federal Regulation (CFR) Part 265, Subpart F [and by reference of Washington Administrative Code (WAC) 173-303-400(3)]. The facility was placed in assessment groundwater monitoring program status after elevated waste constituents and indicator parameter measurements (i.e., chromium, technetium-99 and specific conductance) in downgradient monitoring wells were observed and confirmed. A first determination, as allowed under 40 CFR 265.93(d), provides the owner/operator of a facility an opportunity to demonstrate that the regulated unit is not the source of groundwater contamination. Based on results of the first determination it was concluded that multiple source locations in the waste management area could account for observed spatial and temporal groundwater contamination patterns. Consequently, a continued investigation is required. This plan, developed using the data quality objectives process, is intended to comply with the continued investigation requirement. Accordingly, the primary purpose of the present plan is to determine the rate and extent of dangerous waste (hexavalent chromium and nitrate) and radioactive constituents (e.g., technetium-99) in groundwater and to determine their concentrations in groundwater beneath waste management area S-SX. Comments and concerns expressed by the Washington State Department of Ecology on the initial waste management area S-SX assessment report were addressed in the descriptive narrative of this plan as well as in the planned activities. Comment disposition is documented in a separate addendum to this plan.

Chou, C.J.; Johnson, V.G.

1999-10-06T23:59:59.000Z

434

Cesium-137 in the Environment: Radioecology and Approaches to Assessment and Management (NCRP Report No. 154)  

SciTech Connect

The overall goals of this Report are to summarize the current state of knowledge on radiocesium in the environment and to iden- tify future management issues concerning 137Cs-contaminated eco- systems. Current knowledge and concepts are described concerning sources, levels in the general environment and at selected U.S. Department of Energy sites, environmental transport processes, parameters and models, and the management or mitigation of contaminated environments.

Whicker, F. W. [Colorado State University, Fort Collins; Garten Jr, Charles T [ORNL; Hamby, D. M. [Oregon State University; Higley, K. A. [Oregon State University; Hinton, T. G. [Savannah River Ecology Lab; Kaplan, D. I. [Savannah River Ecology Lab; Rowan, D. J. [ENTRIX, Inc.; Schreckhise, R. G. [Washington State University

2007-03-01T23:59:59.000Z

435

Assessing the Environmental Costs and Benefits of Households Electricity Consumption Management.  

E-Print Network (OSTI)

?? In this study the environmental costs and benefits of smart metering technology systems installed in households in Norway have been assessed. Smart metering technology (more)

Segtnan, Ida Lund

2011-01-01T23:59:59.000Z

436

A Selection of Invited Talks from the Vulnerability Assessment...  

NLE Websites -- All DOE Office Websites (Extended Search)

the VAT: IAEA Regional Training Course on Physical Protection Against Sabotage, Beijing, China, 2012 ; DHSCPB Workshop on Product Counterfeiting, Washington, D.C., 2012; IAEA...

437

A Selection of Papers from the Vulnerability Assessment Team...  

NLE Websites -- All DOE Office Websites (Extended Search)

Nuclear Safety Materials Disposition Decontamination & Decommissioning Nuclear Criticality Safety Nuclear Data Program Nuclear Waste Form Modeling Departments Engineering...

438

Vulnerability Assessment Team (VAT) in the News - Nuclear Engineering...  

NLE Websites -- All DOE Office Websites (Extended Search)

Nuclear Safety Materials Disposition Decontamination & Decommissioning Nuclear Criticality Safety Nuclear Data Program Nuclear Waste Form Modeling Departments Engineering...

439

Types of Seals - Vulnerability Assessment Team - Nuclear Engineering...  

NLE Websites -- All DOE Office Websites (Extended Search)

of Seals: Most Seals fit within one of the following: wire loop seals metal cable seals plastic strap (ribbon) seals metal ribbon (car-box or car-ball) seals bolt seals "padlock"...

440

Supplemnental Volume - Independent Oversight Assessment of the Nuclear Safety Culture and Management of Nuclear Safety Concerns at the Hanford Site Waste Treatment and Immobilization Plant, January 2012  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Volume Volume Independent Oversight Assessment of Nuclear Safety Culture and Management of Nuclear Safety Concerns at the Hanford Site Waste Treatment and Immobilization Plant January 2012 Office of Enforcement and Oversight Office of Health, Safety and Security U.S. Department of Energy Office of Health, Safety and Security HSS i Independent Oversight Assessment of Safety Culture and Management of Nuclear Safety Concerns at the Hanford Site Waste Treatment and Immobilization Plant Supplemental Volume Table of Contents Foreword ...................................................................................................................................................... iii Acronyms ...................................................................................................................................................... v