Powered by Deep Web Technologies
Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

T-625: Opera Frameset Handling Memory Corruption Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Opera Frameset Handling Memory Corruption Vulnerability 5: Opera Frameset Handling Memory Corruption Vulnerability T-625: Opera Frameset Handling Memory Corruption Vulnerability May 18, 2011 - 3:05pm Addthis PROBLEM: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. PLATFORM: Opera versions prior to 11.11 ABSTRACT: The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page. reference LINKS: Secunia Advisory: SA44611 Opera Knowledge Base Opera 11.11 for Windows Opera Download Opera Mobile IMPACT ASSESSMENT: High Discussion: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a

2

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

3

T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

22: Adobe Acrobat and Reader Unspecified Memory Corruption 22: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability May 13, 2011 - 3:25am Addthis PROBLEM: Adobe Acrobat and Reader contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. PLATFORM: Adobe Reader versions 9.4.1 and prior, versions 8.2.5 and prior, and version 10.0 Acrobat Standard and Professional versions 9.4.1 and prior and version 10.0 Acrobat Standard and Professional versions 8.2.5 and prior Acrobat Professional Extended versions 9.4.1 and prior Acrobat 3D versions 8.2.5 and prior Adobe Flash Player versions 10.2.159.1 and prior for Windows, Macintosh, Linux, and Solaris ABSTRACT: The vulnerability is due to an unspecified error in the affected software

4

T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google SketchUp v8.x - '.DAE' File Memory Corruption 6: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability September 14, 2011 - 9:28am Addthis PROBLEM: Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. PLATFORM: Google SketchUp 8 is vulnerable; other versions may also be affected. ABSTRACT: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability reference LINKS: Vulnerability-Lab SketchUp Downloads IMPACT ASSESSMENT: Medium Discussion: A Memory Corruption vulnerability is detected on the Google s SketchUp v8.x. The vulnerability is caused by an memory corruption when processing corrupt DAE files through the filter, which could be exploited by attackers

5

U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Microsoft Windows win32k.sys Memory Corruption Vulnerability 5: Microsoft Windows win32k.sys Memory Corruption Vulnerability U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability December 20, 2011 - 9:45am Addthis PROBLEM: Microsoft Windows win32k.sys Memory Corruption Vulnerability. PLATFORM: Operating System Microsoft Windows 7 ABSTRACT: Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. reference LINKS: Secunia Advisory SA47237 MS11-087:Article ID: 2639417 IMPACT ASSESSMENT: High Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page

6

T-627: Adobe Flash Player Memory Corruption | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Memory Corruption 7: Adobe Flash Player Memory Corruption T-627: Adobe Flash Player Memory Corruption May 20, 2011 - 2:50pm Addthis PROBLEM: Adobe Flash Player Memory Corruption, Denial Of Service, Execute Code PLATFORM: Windows, Mac OS X, Linux, and Solaris ABSTRACT: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. reference LINKS: CVE Details - CVE-2011-0627 CVE Details - Adobe Flash Player Vulnerability Statistics CVE Details - Adobe Security Vulnerabilities IMPACT ASSESSMENT: High Discussion:

7

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

8

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

9

V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Adobe Flash Player Buffer Overflows and Memory Corruption 8: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code November 7, 2012 - 6:00am Addthis PROBLEM: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.4.402.287 and prior for Windows and OS X; 11.2.202.243 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-24 SecurityTracker Alert ID: 1027730 CVE-2012-5274 CVE-2012-5275 CVE-2012-5276 CVE-2012-5277 CVE-2012-5278 CVE-2012-5279 CVE-2012-5280 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Adobe Flash Player. A remote user

10

U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Adobe Shockwave Player Memory Corruption Flaws Let Remote 6: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code May 10, 2012 - 7:00am Addthis PROBLEM: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code PLATFORM: 11.6.4.634 and prior ABSTRACT: Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1027037 CVE-2012-2029 CVE-2012-2030 CVE-2012-2031 CVE-2012-2032 CVE-2012-2033 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Shockwave content that, when loaded by the target user, will trigger a memory corruption error and

11

T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Adobe Flash SWF File Processing Memory Corruption Remote 9: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability March 3, 2011 - 3:05pm Addthis PROBLEM: Adobe Flash Player contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. PLATFORM: Adobe Flash Player versions 10.1.102.64 and prior ABSTRACT: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. reference LINKS: Cisco IntelliShield ID:22576 Adobe Security Update: APSB11-02

12

T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Adobe Flash SWF File Processing Memory Corruption Remote 9: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability March 3, 2011 - 3:05pm Addthis PROBLEM: Adobe Flash Player contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. PLATFORM: Adobe Flash Player versions 10.1.102.64 and prior ABSTRACT: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. reference LINKS: Cisco IntelliShield ID:22576 Adobe Security Update: APSB11-02

13

T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code April 25, 2011 - 7:00am Addthis PROBLEM: A vulnerability was reported in Adobe Acrobat and Adobe Reader. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems ABSTRACT: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run

14

V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote  

NLE Websites -- All DOE Office Websites (Extended Search)

8: RealPlayer Buffer Overflow and Memory Corruption Error Let 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS: Security Tracker Alert ID 1028953 RealNetworks Security Bulletin CVE-2013-4973 CVE-2013-4974 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create a specially crafted RMP file that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target system. A remote user can create a specially crafted RealMedia file that, when

15

V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users 6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June 12, 2013 - 12:15am Addthis PROBLEM: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.7.700.202 and earlier versions for Windows Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh Adobe Flash Player 11.2.202.285 and earlier versions for Linux Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh Adobe AIR 3.7.0.1860 and earlier versions for Android

16

Evaluating operating system vulnerability to memory errors  

Science Conference Proceedings (OSTI)

Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While ... Keywords: DRAM failures, fault-tolerance, operating systems

Kurt B. Ferreira; Kevin Pedretti; Ron Brightwell; Patrick G. Bridges; David Fiala; Frank Mueller

2012-06-01T23:59:59.000Z

17

U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

SMB share and repairing the installation. 4) An unspecified error within the JavaScript API can be exploited to corrupt memory. NOTE: This vulnerability affects the Macintosh and...

18

Research on memory access vulnerability analysis technique in SCADA protocol implementation  

Science Conference Proceedings (OSTI)

SCADA systems play key roles in monitor and control of the critical infrastructures, the vulnerabilities existed in them may destroy the controlled critical infrastructures. This paper proposes an analysis method of memory access vulnerability in SCADA ... Keywords: SCADA protocol implementation, dynamic analysis, memory access vulnerability

Fang Lan; Wang Chunlei; He Ronghui

2010-07-01T23:59:59.000Z

19

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

in Adobe AcrobatReader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30...

20

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Shockwave Player Multiple Vulnerabilities 1: Adobe Shockwave Player Multiple Vulnerabilities V-131: Adobe Shockwave Player Multiple Vulnerabilities April 11, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Shockwave Player PLATFORM: The vulnerabilities are reported in versions 12.0.0.112 and prior ABSTRACT: This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system REFERENCE LINKS: Secunia Advisory: SA52981 Adobe Security Bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385 CVE-2013-1386 IMPACT ASSESSMENT: High DISCUSSION: This update resolves : 1) A buffer overflow vulnerability that could lead to code execution 2) Memory corruption vulnerabilities that could lead to code execution 3) Memory leakage vulnerability that could be exploited to reduce the

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities 6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities December 22, 2011 - 6:30am Addthis PROBLEM: Mozilla Firefox / Thunderbird Multiple Vulnerabilities . PLATFORM: Mozilla Firefox 8.x and Mozilla Thunderbird 8.x ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. reference LINKS: Advisory 2011-53 Advisory 2011-54 Advisory 2011-55 Advisory 2011-56 Advisory 2011-57 Advisory 2011-58 Secunia Advisory: SA47302 IMPACT ASSESSMENT: High Discussion: Vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further

22

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Mozilla Firefox Multiple Vulnerabilities 4: Mozilla Firefox Multiple Vulnerabilities V-214: Mozilla Firefox Multiple Vulnerabilities August 8, 2013 - 2:16am Addthis PROBLEM: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. PLATFORM: Mozilla Firefox 22.x ABSTRACT: The vulnerabilities are reported in versions prior to 23.0. REFERENCE LINKS: Secunia Advisory SA54418 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can

23

Corruption in Developing Countries  

E-Print Network (OSTI)

Recent years have seen a remarkable expansion in economists' ability to measure corruption. This in turn has led to a new generation of well-identified, microeconomic studies. We review the evidence on corruption in ...

Olken, Benjamin A.

24

V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: RealPlayer MP4 Processing Buffer Overflow Vulnerability 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when processing MP4 files and can be exploited to cause a heap-based buffer overflow via a specially crafted MP4 file. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 16.0.1.18. Addthis Related Articles U-042: Mac RealPlayer Multiple Vulnerabilities V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

25

Corruption: A Psychosocial Issue  

E-Print Network (OSTI)

". in Kathmandu Post antlpur Publications, PVI. Lid., Kantipur Complex' Subhldhanagar, Kathmandu, Nepal. ' James, G.S. (19:'9). "The eglect of GrOWing Povel1y Poses a Global Threal. III The Imernational Herald, P.6. Mansukhanl, H.L. (1979). "Corruption and Public...

Upadhyay, Niranjan Prasad

2003-01-01T23:59:59.000Z

26

Corruption and Sustainable Development  

E-Print Network (OSTI)

investments. He reports that an increase in the (perceived) corruption level from that of Singapore to that of Mexico would have the same negative effect on inward foreign direct investment as raising the tax rate on foreign investment by fifty percentage... . It is used to account for energy depletion, mineral depletion, and net forest depletion by subtracting an estimate of the relevant resource rents from net national savings. These rents are calculated as the market price of the resource minus average...

Aidt, Toke S.

27

T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users  

NLE Websites -- All DOE Office Websites (Extended Search)

45: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets 45: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code January 28, 2011 - 7:21am Addthis PROBLEM: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code. PLATFORM: RealPlayer 14.0.1 and prior versions ABSTRACT: A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Security Tracker Alert CVE-2010-4393 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted AVI file that, when loaded by the target user, will trigger a heap corruption error in 'vidplin.dll' and execute arbitrary code on the target system. The code will run with the

28

Corruption, Institutions and Economic Development  

E-Print Network (OSTI)

in your line of business to have to pay some irregular, addition payments to get things done" would waste less time on such dealing than other managers. Kaufmann and Wei (1999) report that the opposite is, in fact, true! Along similar lines, Fisman... ))] 6 Conclusion Does corruption, then, sand or grease the wheels? While corruption in a very narrow sense can be seen as a lubricator that may speed things up and help entrepreneurs getting on with wealth creation in speci?c instances, in a broader...

Aidt, Toke S

29

National Vulnerability Database Full Vulnerability Listing  

Science Conference Proceedings (OSTI)

NVD Complete Vulnerability Listing. This web page contains direct links to every National Vulnerability Database vulnerability entry. ...

30

Detection and Correction of Silent Data Corruption for Large-Scale High-Performance Computing  

SciTech Connect

Faults have become the norm rather than the exception for high-end computing on clusters with 10s/100s of thousands of cores. Exacerbating this situation, some of these faults remain undetected, manifesting themselves as silent errors that corrupt memory while applications continue to operate and report incorrect results. This paper studies the potential for redundancy to both detect and correct soft errors in MPI message-passing applications. Our study investigates the challenges inherent to detecting soft errors within MPI application while providing transparent MPI redundancy. By assuming a model wherein corruption in application data manifests itself by producing differing MPI message data between replicas, we study the best suited protocols for detecting and correcting MPI data that is the result of corruption. To experimentally validate our proposed detection and correction protocols, we introduce RedMPI, an MPI library which resides in the MPI profiling layer. RedMPI is capable of both online detection and correction of soft errors that occur in MPI applications without requiring any modifications to the application source by utilizing either double or triple redundancy. Our results indicate that our most efficient consistency protocol can successfully protect applications experiencing even high rates of silent data corruption with runtime overheads between 0% and 30% as compared to unprotected applications without redundancy. Using our fault injector within RedMPI, we observe that even a single soft error can have profound effects on running applications, causing a cascading pattern of corruption in most cases causes that spreads to all other processes. RedMPI's protection has been shown to successfully mitigate the effects of soft errors while allowing applications to complete with correct results even in the face of errors.

Fiala, David J [ORNL; Mueller, Frank [North Carolina State University; Engelmann, Christian [ORNL; Ferreira, Kurt Brian [Sandia National Laboratories (SNL); Brightwell, Ron [Sandia National Laboratories (SNL); Riesen, Rolf [IBM Research, Ireland

2012-07-01T23:59:59.000Z

31

Detection and Correction of Silent Data Corruption for Large-Scale High-Performance Computing  

SciTech Connect

Faults have become the norm rather than the exception for high-end computing on clusters with 10s/100s of thousands of cores. Exacerbating this situation, some of these faults remain undetected, manifesting themselves as silent errors that corrupt memory while applications continue to operate and report incorrect results. This paper studies the potential for redundancy to both detect and correct soft errors in MPI message-passing applications. Our study investigates the challenges inherent to detecting soft errors within MPI application while providing transparent MPI redundancy. By assuming a model wherein corruption in application data manifests itself by producing differing MPI message data between replicas, we study the best suited protocols for detecting and correcting MPI data that is the result of corruption. To experimentally validate our proposed detection and correction protocols, we introduce RedMPI, an MPI library which resides in the MPI profiling layer. RedMPI is capable of both online detection and correction of soft errors that occur in MPI applications without requiring any modifications to the application source by utilizing either double or triple redundancy. Our results indicate that our most efficient consistency protocol can successfully protect applications experiencing even high rates of silent data corruption with runtime overheads between 0% and 30% as compared to unprotected applications without redundancy. Using our fault injector within RedMPI, we observe that even a single soft error can have profound effects on running applications, causing a cascading pattern of corruption in most cases causes that spreads to all other processes. RedMPI's protection has been shown to successfully mitigate the effects of soft errors while allowing applications to complete with correct results even in the face of errors.

Fiala, David J [ORNL; Mueller, Frank [North Carolina State University; Engelmann, Christian [ORNL; Ferreira, Kurt Brian [Sandia National Laboratories (SNL); Brightwell, Ron [Sandia National Laboratories (SNL); Riesen, Rolf [IBM Research, Ireland

2013-01-01T23:59:59.000Z

32

Detection and Correction of Silent Data Corruption for Large-Scale High-Performance Computing  

SciTech Connect

Faults have become the norm rather than the exception for high-end computing on clusters with 10s/100s of thousands of cores. Exacerbating this situation, some of these faults remain undetected, manifesting themselves as silent errors that corrupt memory while applications continue to operate and report incorrect results. This paper studies the potential for redundancy to both detect and correct soft errors in MPI message-passing applications. Our study investigates the challenges inherent to detecting soft errors within MPI application while providing transparent MPI redundancy. By assuming a model wherein corruption in application data manifests itself by producing differing MPI message data between replicas, we study the best suited protocols for detecting and correcting MPI data that is the result of corruption. To experimentally validate our proposed detection and correction protocols, we introduce RedMPI, an MPI library which resides in the MPI profiling layer. RedMPI is capable of both online detection and correction of soft errors that occur in MPI applications without requiring any modifications to the application source by utilizing either double or triple redundancy. Our results indicate that our most efficient consistency protocol can successfully protect applications experiencing even high rates of silent data corruption with runtime overheads between 0% and 30% as compared to unprotected applications without redundancy. Using our fault injector within RedMPI, we observe that even a single soft error can have profound effects on running applications, causing a cascading pattern of corruption in most cases causes that spreads to all other processes. RedMPI's protection has been shown to successfully mitigate the effects of soft errors while allowing applications to complete with correct results even in the face of errors.

Fiala, David J [ORNL; Mueller, Frank [North Carolina State University; Engelmann, Christian [ORNL; Ferreira, Kurt Brian [Sandia National Laboratories (SNL); Brightwell, Ron [Sandia National Laboratories (SNL); Riesen, Rolf [IBM Research, Ireland

2012-07-01T23:59:59.000Z

33

Argonne's Vulnerability  

NLE Websites -- All DOE Office Websites (Extended Search)

finding finding and fixing security flaws Argonne's Vulnerability assessment Team VAT researchers spend their workdays devising and demonstrating ways to defeat a wide variety of security devices, systems, and programs, ranging from electronic voting machines and global positioning systems (GPS) to nuclear safeguards programs and biometrics-based access control. This involves analyzing the security features, reverse-engineering the technology or

34

When Crime Pays: Measuring Judicial Efficacy against Corruption in Brazil  

E-Print Network (OSTI)

for now - crime pays in Brazil. Paginal5de27 ReferencesEfficacy against Corruption in Brazil Carlos Higino Ribeiroa widespread perception in Brazil that civil servants caught

Ribeiro de Alencar, Carlos Higino; Gico, Ivo Jr.

2010-01-01T23:59:59.000Z

35

T-550: Apache Denial of Service Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

550: Apache Denial of Service Vulnerability 550: Apache Denial of Service Vulnerability T-550: Apache Denial of Service Vulnerability February 4, 2011 - 3:03am Addthis PROBLEM: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. PLATFORM: Versions prior to 'APR-util' 1.3.10 are vulnerable. ABSTRACT: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption). reference LINKS: Securityfocus

36

Reconstruction of ECG signals in presence of corruption  

E-Print Network (OSTI)

We present an approach to identifying and reconstructing corrupted regions in a multi-parameter physiological signal. The method, which uses information in correlated signals, is specifically designed to preserve clinically ...

Ganeshapillai, Gartheeban

37

Software Vulnerability Taxonomy Consolidation  

SciTech Connect

In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to system administrators, software developers and vulnerability researchers is not yet achieved, this work has resulted in the most exhaustive collection of vulnerability data to date.

Polepeddi, S

2004-12-08T23:59:59.000Z

38

Quantifying software vulnerability  

Science Conference Proceedings (OSTI)

The technique known as ACE Analysis allows researchers to quantify a hardware structure's Architectural Vulnerability Factor (AVF) using simulation. This allows researchers to understand a hardware structure's vulnerability to soft errors and consider ... Keywords: fault tolerance, modeling, soft errors

Vilas Sridharan; David R. Kaeli

2008-05-01T23:59:59.000Z

39

Tornado Vulnerability in Texas  

Science Conference Proceedings (OSTI)

Tornado vulnerability depends on the incidence of and societal exposure to tornadoes for a particular location. This study assesses the vulnerability of Texas counties to tornadoes using tornado incidence and societal exposure composite scores. ...

Richard W. Dixon; Todd W. Moore

2012-01-01T23:59:59.000Z

40

Effect of Corruption on Tax Revenues in the Middle East  

E-Print Network (OSTI)

This Working Paper should not be reported as representing the views of the IMF. The views expressed in this Working Paper are those of the authors and do not necessarily represent those of the IMF or IMF policy. Working Papers describe research in progress by the authors and are published to elicit comments and to further debate. This study estimates the impact of corruption on the revenue-generating capacity of different tax categories in the Middle East. We find that the low revenue collection as a share of GDP there compared to other middle-income regions is due in part to corruption, and certain taxes are more affected than others. Taxes that require frequent interaction between the tax authority and individuals, such as taxes on international trade, seem to be more affected by corruption than most other types of taxation. This suggests that if governments need to raise more tax revenues in a way that minimizes distortions and maximizes social welfare, they should implement reforms that either reduce corruption or raise revenues from tax categories that are less susceptible to corruption. Possible reforms of the revenue system and

Patrick A. Imam; Davina F. Jacobs; International Monetary; Fund Wp; Prepared Patrick; A. Imam; Davina F. Jacobs; Thanos Catsambas

2007-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

NSTB Summarizes Vulnerable Areas  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Commonly Found in Energy Control Systems Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. The paper "Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems" describes the vulnerabilities and recommended strategies for mitigating them. It should be of use to asset owners and operators, control system vendors, system integrators, and third-party vendors interested in enhancing the security characteristics of current and future products.

42

Corruption and energy efficiency in OECD countries: Theory and evidence  

E-Print Network (OSTI)

We investigate the effect of corruption and industry sector size on energy policy outcomes. The main predictions of our theory are that: (i) greater corruptibility of policy makers reduces energy policy stringency; (ii) greater lobby group coordination costs (increased industry sector size) results in more stringent energy policy; and (iii) workers ’ and capital owners ’ lobbying efforts on energy policy are negatively related. These predictions are tested using a unique panel data set on the energy intensity of 11 sectors in 14 OECD countries for years 1982-1996. The evidence generally supports the predictions.

Per G. Fredriksson; Herman R. J. Vollebergh; Elbert Dijkgraaf

2004-01-01T23:59:59.000Z

43

Soft Error Vulnerability of Iterative Linear Algebra Methods  

Science Conference Proceedings (OSTI)

Devices become increasingly vulnerable to soft errors as their feature sizes shrink. Previously, soft errors primarily caused problems for space and high-atmospheric computing applications. Modern architectures now use features so small at sufficiently low voltages that soft errors are becoming significant even at terrestrial altitudes. The soft error vulnerability of iterative linear algebra methods, which many scientific applications use, is a critical aspect of the overall application vulnerability. These methods are often considered invulnerable to many soft errors because they converge from an imprecise solution to a precise one. However, we show that iterative methods can be vulnerable to soft errors, with a high rate of silent data corruptions. We quantify this vulnerability, with algorithms generating up to 8.5% erroneous results when subjected to a single bit-flip. Further, we show that detecting soft errors in an iterative method depends on its detailed convergence properties and requires more complex mechanisms than simply checking the residual. Finally, we explore inexpensive techniques to tolerate soft errors in these methods.

Bronevetsky, G; de Supinski, B

2007-12-15T23:59:59.000Z

44

Philosophy on Vulnerability Assessments  

NLE Websites -- All DOE Office Websites (Extended Search)

capabilities/vat/assess/ capabilities/vat/assess/ ARGONNE NATIONAL LABORATORY, Nuclear Engineering Division, 9700 South Cass Ave., Argonne, IL Philosophy on Vulnerability Assessments Argonne Vulnerability Assessment Team Roger G. Johnston, Ph.D., CPP , 630-252-6168 1. There are a number of conventional tools for finding security vulnerabilities. These include security surveys, risk management, design basis threat, CARVER Method, Delphi Method, software vulnerability assessment tools, infrastructure modeling, etc. 2. These tools have some value, and indeed we have used them all. 3. Experience has shown, however, that these methods do not usually result in dramatic improvements to security, nor do they reliably predict catastrophic security incidents that

45

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Lotus Domino Multiple Vulnerabilities 8: IBM Lotus Domino Multiple Vulnerabilities V-118: IBM Lotus Domino Multiple Vulnerabilities March 25, 2013 - 12:40am Addthis PROBLEM: IBM Lotus Domino Multiple Vulnerabilities PLATFORM: IBM Domino 8.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Lotus Domino REFERENCE LINKS: IBM Reference #:1627597 Secunia Advisory SA52753 CVE-2012-6277 CVE-2013-0486 CVE-2013-0487 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access. Successful exploitation may require certain knowledge of Domino server configuration. 2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

46

Research on the Parallelism of Security Vulnerability Detection of Logic-Unknown PLD  

Science Conference Proceedings (OSTI)

As the development of integrated circuit, the algorithms of security vulnerability detection available are not suitable for encrypted PLD in large scale, which would bring inacceptable comsumption of memory and time. By analyzing the relation of input ...

Li Zhou; Qing-bao Li; Min Fan; Guang-en Zhou

2009-12-01T23:59:59.000Z

47

Energy vulnerability relationships  

Science Conference Proceedings (OSTI)

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

48

Plutonium Vulnerability Management Plan  

Science Conference Proceedings (OSTI)

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

49

Cultural attitudes to corruption : a perspective on the interplay between cultural and legal norms for Western businesses operating in China  

E-Print Network (OSTI)

Corruption is an important challenge facing those who wish to do business in China. Beyond the commercial context, corruption and attitudes towards it are also more broadly relevant to politics, political economics and ...

Winters, Timothy (Timothy Mark)

2013-01-01T23:59:59.000Z

50

The pros and cons of corruption of firm performance : a micro-level study of businesses in Indonesia  

E-Print Network (OSTI)

Over the past 10 years, different international organization and NGO's have given birth to a whole host of different anti corruption programs in response to the recent "endemic" of corruption which is seen to plague ...

Murdaya, Karuna

2005-01-01T23:59:59.000Z

51

Does Competition for Capital Discipline Governments? Decentralization, Globalization and Corruption  

E-Print Network (OSTI)

Many political economists believe that competition among countries—or regions within them—to attract mobile capital should discipline their governments, rendering them less corrupt and more friendly toward business. This argument surfaces repeatedly in debates over both political decentralization and globalization. We argue that it is based on an assumption— countries or regions start out identical—that is quite unrealistic. We reexamine the standard model that predicts a disciplining effect of capital mobility, and show that if units are sufficiently heterogeneous exactly the opposite prediction often follows. If some units are exogenously much more attractive to investors than others (and competition for capital is intense), the only equilibrium under capital mobility will involve polarization. Initially disadvantaged units will actually be more corrupt, more starved of capital, and slower to grow if capital is mobile than if it is not. By contrast, exogenously attractive units will do more to woo investors, suck capital out of their lower productivity counterparts, and grow faster. We suggest this may help explain the disappointing results of liberalizing capital flows within the Russian federation and in sub-Saharan Africa.

Hongbin Cai A; Daniel Treisman B

2002-01-01T23:59:59.000Z

52

Vulnerability due to Nocturnal Tornadoes  

Science Conference Proceedings (OSTI)

This study investigates the human vulnerability caused by tornadoes that occurred between sunset and sunrise from 1880 to 2007. Nocturnal tornadoes are theorized to enhance vulnerability because they are difficult to spot and occur when the ...

Walker S. Ashley; Andrew J. Krmenec; Rick Schwantes

2008-10-01T23:59:59.000Z

53

U-172: OpenOffice.org Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: OpenOffice.org Two Vulnerabilities 72: OpenOffice.org Two Vulnerabilities U-172: OpenOffice.org Two Vulnerabilities May 18, 2012 - 7:00am Addthis PROBLEM: OpenOffice.org Two Vulnerabilities PLATFORM: OpenOffice.org 3.3, Other versions may also be affected. ABSTRACT: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system. Reference LINKS: Secunia Advisory SA46992 CVE-2012-1149 CVE-2012-2149 IMPACT ASSESSMENT: High Discussion: 1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file. 2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect

54

Guide to Critical Infrastructure Protection Cyber Vulnerability...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized...

55

Security Automation and the National Vulnerability Database  

Science Conference Proceedings (OSTI)

... 6 Page 7. National Vulnerability Database Role Receive CVE ... Environmental Integrity ... Use Case: Vulnerability Management CVE 2012-3544 30 ...

2013-06-05T23:59:59.000Z

56

HEPA Filter Vulnerability Assessment  

SciTech Connect

This assessment of High Efficiency Particulate Air (HEPA) filter vulnerability was requested by the USDOE Office of River Protection (ORP) to satisfy a DOE-HQ directive to evaluate the effect of filter degradation on the facility authorization basis assumptions. Within the scope of this assessment are ventilation system HEPA filters that are classified as Safety-Class (SC) or Safety-Significant (SS) components that perform an accident mitigation function. The objective of the assessment is to verify whether HEPA filters that perform a safety function during an accident are likely to perform as intended to limit release of hazardous or radioactive materials, considering factors that could degrade the filters. Filter degradation factors considered include aging, wetting of filters, exposure to high temperature, exposure to corrosive or reactive chemicals, and exposure to radiation. Screening and evaluation criteria were developed by a site-wide group of HVAC engineers and HEPA filter experts from published empirical data. For River Protection Project (RPP) filters, the only degradation factor that exceeded the screening threshold was for filter aging. Subsequent evaluation of the effect of filter aging on the filter strength was conducted, and the results were compared with required performance to meet the conditions assumed in the RPP Authorization Basis (AB). It was found that the reduction in filter strength due to aging does not affect the filter performance requirements as specified in the AB. A portion of the HEPA filter vulnerability assessment is being conducted by the ORP and is not part of the scope of this study. The ORP is conducting an assessment of the existing policies and programs relating to maintenance, testing, and change-out of HEPA filters used for SC/SS service. This document presents the results of a HEPA filter vulnerability assessment conducted for the River protection project as requested by the DOE Office of River Protection.

GUSTAVSON, R.D.

2000-05-11T23:59:59.000Z

57

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability January 23, 2012 - 9:00am Addthis PROBLEM: Linux Kernel "/proc//mem" Privilege Escalation Vulnerability. PLATFORM: Linux Kernel 2.6.x ABSTRACT: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges reference LINKS: Linux Kernel Update CVE-2012-0056 Red Hat Bugzilla Bug 782642 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to the kernel not properly restricting access to "/proc//mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.

58

A Small City's Big Scandal: Municipal Corruption, Progressive Reform, and the Grand Rapids, Michigan Water Scandal, 1900-1906.  

E-Print Network (OSTI)

??At the turn of century the city of Grand Rapids, Michigan began debating plans for expanding its water supply. These debates quickly spawned corrupt dealings,… (more)

Sarnacki, Brian F.

2011-01-01T23:59:59.000Z

59

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

60

NSTB Summarizes Vulnerable Areas | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. NSTB Summarizes Vulnerable Areas More Documents & Publications...

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE))

The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides...

62

Energy Spending and Vulnerable Households  

E-Print Network (OSTI)

 off than before. In particular large households with low  incomes seem to have been adversely affected by the new tariff structures since  they have comparably large energy expenditure (Bennet et al., 2002).    5. Vulnerable Households and Energy Spending  The...  tariffs can play an important part in the public debate  on  eradicating  fuel  poverty  and  helping  the  vulnerable  households.  Smart  metering  can  provide  consumers  with  information  on  the  actual  energy  consumption and might  lead  to...

Jamasb, Tooraj; Meier, Helena

2011-01-26T23:59:59.000Z

63

Examining the relationships among e-government maturity, corruption, economic prosperity and environmental degradation: A cross-country analysis  

Science Conference Proceedings (OSTI)

There is growing interest in the role and contribution of e-government to the levels of corruption, economic prosperity and environmental degradation of nation states. In this paper, we use publicly available archival data to explore the relationships ... Keywords: Archival data, Corruption, E-government maturity, Economic prosperity, Environmental degradation

Satish Krishnan, Thompson S. H. Teo, Vivien K. G. Lim

2013-12-01T23:59:59.000Z

64

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

65

The Dynamic Effects of Information on Political Corruption: Theory and Evidence from Puerto Rico *  

E-Print Network (OSTI)

Abstract: Does the disclosure of information about corrupt activities induce a sustained reduction in corruption? We use publicly released routine audits of municipal governments in Puerto Rico to answer this question. We first develop a political agency model where voters re-elect incumbents based on their performance while in office. We show that, because voters cannot directly observe incumbents ’ actions, an incumbent whose reputation improved in the previous term is likely to engage in more rent-seeking activities in a future term. Guided by this model, we use longitudinal data on audit results to examine the long-term consequences of providing information to voters on levels of political corruption. We find that municipal corruption levels in subsequent audits are on average the same in municipalities audited preceding the previous election and those not audited then. In spite of this, mayors in municipalities audited preceding the previous election have higher re-election rates, suggesting that audits enable voters to select more competent politicians. We conclude that short-term information dissemination policies do not necessarily align politicians ’ long-term actions with voter preferences as politicians exploit their reputational gains by extracting more rents from office.

Gustavo J. Bobonis; Luis R. Cámara Fuertes; Rainer Schwabe; Leo Feler; Fred Finan; Steven Haider; Anke Kessler; Monica Martínez-bravo; Ben Nyblade; Torsten Persson

2011-01-01T23:59:59.000Z

66

Understanding cyber threats and vulnerabilities  

Science Conference Proceedings (OSTI)

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ... Keywords: actor, critical infrastructure, cyber crime, cyber terrorism, cyber threat, cyber vulnerabilities

Eric Luiijf

2012-01-01T23:59:59.000Z

67

Coastal Impacts, Adaptation, and Vulnerabilities  

E-Print Network (OSTI)

· Robert R. Twilley, Louisiana State University · Jordan West, U.S. Environmental Protection Agency Chapter and Restoration Authority of Louisiana · Richard Raynie, Coastal Protection and Restoration Authority of Louisiana.3.7 Emergency Response, Recovery, and Vulnerability Reduction 4.3.8 Coastal and Nearshore Oil and Ga0 4.4 Human

Kossin, James P.

68

Page not found | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

-playbook-file-sharing-option-lets-local-users-gain-elevated-privileges Article T-716: Google SketchUp v8.x- '.DAE' File Memory Corruption Vulnerability Google SketchUp v8.x -...

69

V-207: Wireshark Multiple Denial of Service Vulnerabilities ...  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

70

V-019: Google Chrome Multiple Vulnerabilities | Department of...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Google Chrome Multiple Vulnerabilities V-019: Google Chrome Multiple Vulnerabilities November 8, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

71

NEHRP - Hazard Vulnerability and Disaster Resiliency ...  

Science Conference Proceedings (OSTI)

... Hazard Vulnerability and Disaster Resiliency. 2013. ... gaps for achieving resilience in the ... protection, emergency response, business continuity, and ...

72

Vulnerability Assessment Team (VAT) - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability Assessment Team Vulnerability Assessment Team VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

73

G20 Anti-Corruption Action Plan Action Point 7: Protection of Whistleblowers  

E-Print Network (OSTI)

whistleblowers as one of the high priority areas in their global anticorruption agenda. Recognizing the importance of effective whistleblower protection laws, Leaders, in point 7 of the G20 Anti-Corruption Action Plan, called on G20 countries to lead by: To protect from discriminatory and retaliatory actions whistleblowers who report in good faith suspected acts of corruption, G-20 countries will enact and implement whistleblower protection rules by the end of 2012. To that end, building upon the existing work of organisations such as the OECD and the World Bank, G-20 experts will study and summarise existing whistleblower protection legislation and enforcement mechanisms, and propose best practices on whistleblower protection legislation. The G20 Anti-Corruption Working Group (AWG), in charge of carrying out the Action Plan assigned the OECD the task of preparing a concept note with proposals to implement this point. Following a discussion of the concept note at their meeting on 25-26 February 2010 in Paris, the G20 Members reiterated the value of a study of the main features of whistleblower protection frameworks currently in place in G20 countries, together with guiding principles and best

unknown authors

2010-01-01T23:59:59.000Z

74

V-211: IBM iNotes Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

75

NV: Nessus Vulnerability Visualization for the Web  

SciTech Connect

Network vulnerability is a critical component of network se- curity. Yet vulnerability analysis has received relatively lit- tle attention from the security visualization community. In this paper we describe nv, a web-based Nessus vulnerability visualization. Nv utilizes treemaps and linked histograms to allow system administrators to discover, analyze, and man- age vulnerabilities on their networks. In addition to visual- izing single Nessus scans, nv supports the analysis of sequen- tial scans by showing which vulnerabilities have been fixed, remain open, or are newly discovered. Nv was also designed to operate completely in-browser, to avoid sending sensitive data to outside servers. We discuss the design of nv, as well as provide case studies demonstrating vulnerability analysis workflows which include a multiple-node testbed and data from the 2011 VAST Challenge.

Harrison, Lane [University of North Carolina, Charlotte; Spahn, Riley B [ORNL; Iannacone, Michael D [ORNL; Downing, Evan P [ORNL; Goodall, John R [ORNL

2012-01-01T23:59:59.000Z

76

Assessing Network Infrastructure Vulnerabilities to Physical ...  

Science Conference Proceedings (OSTI)

... networks, air traffic control systems, and water distribution systems ... is that we consider the vulnerability to this ... States is buried in the ground within a ...

1999-11-05T23:59:59.000Z

77

U-198: IBM Lotus Expeditor Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

78

Vulnerability analysis of three remote voting methods  

E-Print Network (OSTI)

This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities.

Enguehard, Chantal

2009-01-01T23:59:59.000Z

79

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

80

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This...

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Multics Security Evaluation (Volume II): Vulnerability Analysis  

Science Conference Proceedings (OSTI)

Page 1. ESD-TR-74-J93, Vor. II ' MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS Pau r A. Karger, 2Lt ...

2013-04-15T23:59:59.000Z

82

Mining Bug Databases for Unidentified Software Vulnerabilities  

SciTech Connect

Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

2012-06-01T23:59:59.000Z

83

Seals Applications - Vulnerability Assessment Team - Nuclear...  

NLE Websites -- All DOE Office Websites (Extended Search)

Physical Security Maxims Read the Security Maxims Devil's Dictionary of Security Terms For more information: Vulnerability Assessment Section Sect. Manager: Roger G....

84

Toward a Resiliency and Vulnerability Observatory Network ...  

Science Conference Proceedings (OSTI)

... is already undertaking extensive investment in its ... vulnerability or more generally, equity, should permeate all ... etc.), parcel and/or tax portfolio data ...

2009-02-05T23:59:59.000Z

85

Active memory operations  

Science Conference Proceedings (OSTI)

The performance of modern microprocessors is increasingly limited by their inability to hide main memory latency. The problem is worse in large-scale shared memory systems, where remote memory latencies are hundreds, and soon thousands, of processor ... Keywords: DRAM, cache coherence, distributed shared memory, memory performance, stream processing, thread synchronization

Zhen Fang; Lixin Zhang; John B. Carter; Ali Ibrahim; Michael A. Parker

2007-06-01T23:59:59.000Z

86

Shape Memory Alloys  

Science Conference Proceedings (OSTI)

Scope, Shape memory alloys (SMA) have received widespread attention from ... The symposium focuses on shape memory and superelastic materials and their ...

87

ARDrone corruption  

Science Conference Proceedings (OSTI)

A drone is a machine which functions either by the remote control of a navigator or pilot or autonomously, that is, as a self-directing entity. Their largest use is within military applications. This machines are smaller than piloted vehicle and so are ...

Eddy Deligne

2012-05-01T23:59:59.000Z

88

Memory Considerations for Carver  

NLE Websites -- All DOE Office Websites (Extended Search)

Memory Considerations Memory Considerations Memory Considerations Overview Carver login nodes each have 48GB of physical memory. Most compute nodes have 24GB; however, 80 compute nodes have 48GB. Not all of this memory is available to user processes. Some memory is reserved for the Linux kernel. Furthermore, since Carver nodes have no disk, the "root" file system (including /tmp) is kept in memory ("ramdisk"). The kernel and root file system combined occupy about 4GB of memory. Therefore users should try to use no more than 20GB on most compute nodes, or 44GB on the large-memory compute nodes. There are also two "extra-large" memory nodes; each node has four 8-core Intel X7550 ("Nehalem EX") 2.0 GHz processors (32 cores total) and 1TB memory. These nodes are available through the queue "reg_xlmem". Please

89

Optical memory  

DOE Patents (OSTI)

Optical memory comprising: a semiconductor wire, a first electrode, a second electrode, a light source, a means for producing a first voltage at the first electrode, a means for producing a second voltage at the second electrode, and a means for determining the presence of an electrical voltage across the first electrode and the second electrode exceeding a predefined voltage. The first voltage, preferably less than 0 volts, different from said second voltage. The semiconductor wire is optically transparent and has a bandgap less than the energy produced by the light source. The light source is optically connected to the semiconductor wire. The first electrode and the second electrode are electrically insulated from each other and said semiconductor wire.

Mao, Samuel S; Zhang, Yanfeng

2013-07-02T23:59:59.000Z

90

Definitions, Seals - Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Definitions Definitions VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

91

Safety - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety Safety VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

92

Useful Resources- Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Publications Selected Publications VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

93

T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

94

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple...

95

India-Vulnerability Assessment and Enhancing Adaptive Capacities...  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

96

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

97

Election Security - Vulnerability Assessment Team - Nuclear Engineerin...  

NLE Websites -- All DOE Office Websites (Extended Search)

on LinkedIn The Vulnerability Assessment Team has demonstrated easy to execute, non-cyber attacks on two different kinds of electronic voting machines. We believe that too...

98

New York City's Vulnerability to Coastal Flooding  

Science Conference Proceedings (OSTI)

New York City, New York (NYC), is extremely vulnerable to coastal flooding; thus, verification and improvements in storm surge models are needed in order to protect both life and property. This paper highlights the Stony Brook Storm Surge (SBSS) ...

Brian A. Colle; Frank Buonaiuto; Malcolm J. Bowman; Robert E. Wilson; Roger Flood; Robert Hunter; Alexander Mintz; Douglas Hill

2008-06-01T23:59:59.000Z

99

PDSF Memory Considerations  

NLE Websites -- All DOE Office Websites (Extended Search)

Memory Considerations Memory Considerations Memory Considerations Interactive Nodes The amount of memory available on the interactive nodes is described on the Interactive (login) Nodes page. The interactive nodes are shared among all users and running high memory jobs on the interactive nodes slows them down for everyone. If you think your work might be disruptive you should either run it in batch or run it interactively on a batch node as described here. Batch Nodes The batch system knows how much memory each node has and how much memory each job requires. By default each job is given 1.1GB, but you can request more or less memory by following the instructions in Submitting Jobs. However, it should be noted that the more memory you require, the harder it will be for the batch system to schedule your job, especially when the

100

CDKN-Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Cartagena Vulnerability Assessment Cartagena Vulnerability Assessment Jump to: navigation, search Name CDKN-Colombia-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] CDKN-Colombia-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=CDKN-Colombia-Cartagena_Vulnerability_Assessment&oldid=407543

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

U-183: ISC BIND DNS Resource Records Handling Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ISC BIND DNS Resource Records Handling Vulnerability 3: ISC BIND DNS Resource Records Handling Vulnerability U-183: ISC BIND DNS Resource Records Handling Vulnerability June 5, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). PLATFORM: Version(s): ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ISC BIND 9.9.x ABSTRACT: This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields. Reference List: Secunia Advisory 49338 CVE-2012-1667 Original Advisory IMPACT ASSESSMENT: High Discussion: Recursive servers may crash or disclose some portion of memory to the

102

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow  

NLE Websites -- All DOE Office Websites (Extended Search)

65: Vulnerability in Microsoft Malware Protection Engine Could 65: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability February 25, 2011 - 7:40am Addthis PROBLEM: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability. PLATFORM: Microsoft Malware Protection Engine Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0 This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0 If the version of the Microsoft Malware Protection Engine is equal to or

103

A framework for modeling rail transport vulnerability  

Science Conference Proceedings (OSTI)

Railroads represent one of the most efficient methods of long-haul transport for bulk commodities, from coal to agricultural products. Over the past fifty years, the rail network has contracted while tonnage has increased. Service, geographically, has been abandoned along short haul routes and increased along major long haul routes, resulting in a network that is more streamlined. The current rail network may be very vulnerable to disruptions, like the failure of a trestle. This paper proposes a framework to model rail network vulnerability and gives an application of this modeling framework in analyzing rail network vulnerability for the State of Washington. It concludes with a number of policy related issues that need to be addressed in order to identify, plan, and mitigate the risks associated with the sudden loss of a bridge or trestle.

Peterson, Steven K [ORNL; Church, Richard L. [University of California, Santa Barbara

2008-01-01T23:59:59.000Z

104

Silicon nanocrystal memories  

Science Conference Proceedings (OSTI)

In this paper, we present an overview of memory structures fabricated by our group by using silicon nanocrystals as storage nodes. These devices show promising characteristics as candidates for future deep-submicron non-volatile memories.

S. Lombardo; B. De Salvo; C. Gerardi; T. Baron

2004-05-01T23:59:59.000Z

105

Drifting absence :: drafting memory  

E-Print Network (OSTI)

The emotive power of a memorial derives from its ability to engage the viewer in active remembrance. The project considers the limitations of a monumentality which embraces a distinct division between viewer and memorial. ...

Kuhn, Marlene Eva

2006-01-01T23:59:59.000Z

106

Samuel Rosen Memorial Award  

Science Conference Proceedings (OSTI)

Recognizing accomplishments in surfactant chemistry. The Samuel Rosen Memorial Award is sponsored by Milton J. Rosen. Samuel Rosen Memorial Award Membership Information achievement application award Awards distinguished division Divisions fats job

107

Tolerating memory leaks  

Science Conference Proceedings (OSTI)

Type safety and garbage collection in managed languages eliminate memory errors such as dangling pointers, double frees, and leaks of unreachable objects. Unfortunately, a program still leaks memory if it maintains references to objects it will never ... Keywords: bug tolerance, managed languages, memory leaks

Michael D. Bond; Kathryn S. McKinley

2008-10-01T23:59:59.000Z

108

External Memory Algorithms  

Science Conference Proceedings (OSTI)

Data sets in large applications are often too massive to fit completely inside the computer's internal memory. The resulting input/ output communication (or I/O) between fast internal memory and slower external memory (such as disks) can be a major performance ...

Jeffrey Scott Vitter

1998-08-01T23:59:59.000Z

109

Critical infrastructure protection: The vulnerability conundrum  

Science Conference Proceedings (OSTI)

Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats ... Keywords: Critical infrastructure, Fortification, Interdiction, Policy, Protection, Strategies, Vulnerability

Alan T. Murray; Tony H. Grubesic

2012-02-01T23:59:59.000Z

110

Chemical Safety Vulnerability Working Group Report  

SciTech Connect

This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

1994-09-01T23:59:59.000Z

111

SoftBound: highly compatible and complete spatial memory safety for c  

Science Conference Proceedings (OSTI)

The serious bugs and security vulnerabilities facilitated by C/C++'s lack of bounds checking are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary pointer arithmetic, conflation of pointers and arrays, and programmer-visible ... Keywords: buffer overflows, c, spatial memory safety

Santosh Nagarakatte; Jianzhou Zhao; Milo M.K. Martin; Steve Zdancewic

2009-06-01T23:59:59.000Z

112

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Secure Gateway Unspecified Vulnerability 6: Citrix Secure Gateway Unspecified Vulnerability T-566: Citrix Secure Gateway Unspecified Vulnerability February 28, 2011 - 11:22pm Addthis PROBLEM: Citrix Secure Gateway Unspecified Vulnerability. PLATFORM: Citrix Secure Gateway version 3.1.4 ABSTRACT: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia Advisory SA43497 Citrix Support IMPACT ASSESSMENT: High Discussion: This vulnerability only affects Secure Gateway version 3.1.4. Secure Gateway version 3.2.0 is not affected by this vulnerability, but Citrix recommends that customers currently using this version upgrade their deployments to version 3.2.1 in line with the guidance provided in

113

V-038: Google Chrome Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Two Vulnerabilities 8: Google Chrome Two Vulnerabilities V-038: Google Chrome Two Vulnerabilities December 3, 2012 - 1:00am Addthis PROBLEM: Google Chrome Two Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 23.0.1271.95. ABSTRACT: Two vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA51447 CVE-2012-5137 CVE-2012-5138 IMPACT ASSESSMENT: High DISCUSSION: Two vulnerabilities have been reported in Google Chrome, where one has an unknown impact and the other can be exploited by malicious people to compromise a user's system. 1) An error exists when handling file paths. 2) A use-after-free error exists when handling media sources. The vulnerabilities are reported in versions prior to 23.0.1271.95. IMPACT:

114

Empirical Estimates and Observations of 0Day Vulnerabilities  

Science Conference Proceedings (OSTI)

We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day.

Miles A. McQueen; Trevor A. McQueen; Wayne F. Boyer; May R. Chaffin

2009-01-01T23:59:59.000Z

115

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE  

E-Print Network (OSTI)

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE A Quantitative Approach R. H. Moss A. L. Brenkert E@ntis.fedworld.gov Online ordering: http://www.ntis.gov/ordering.htm #12;iii EXECUTIVE SUMMARY The PNNL Vulnerability

Hultman, Nathan E.

116

Exposing Memory Access Regularities Using Object-Relative Memory Profiling  

Science Conference Proceedings (OSTI)

Memory profiling is the process of characterizing a program's memorybehavior by observing and recording its response to specific inputsets. Relevant aspects of the program's memory behavior maythen be used to guide memory optimizations in an aggressively ...

Qiang Wu; Artem Pyatakov; Alexey Spiridonov; Easwaran Raman; Douglas W. Clark; David I. August

2004-03-01T23:59:59.000Z

117

Using Cyclic Memory Allocation to Eliminate Memory Leaks  

E-Print Network (OSTI)

We present and evaluate a new memory management technique for eliminating memory leaks in programs with dynamic memory allocation. This technique observes the execution of the program on a sequence of training inputs to ...

Nguyen, Huu Hai

118

U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: libvirt virTypedParameterArrayClear() Memory Access Error 3: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service August 24, 2012 - 7:00am Addthis PROBLEM: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service PLATFORM: Version(s): 0.9.13 and prior ABSTRACT: A vulnerability was reported in libvirt. reference LINKS: libvirt SecurityTracker Alert ID: 1027437 Secunia Advisory SA50118 Bugtraq ID: 54748 CVE-2012-3445 IMPACT ASSESSMENT: Medium Discussion A remote user can send a specially crafted RPC call with the number of parameters set to zero to libvirtd to trigger a memory access error in virTypedParameterArrayClear() and cause the target service to crash. Impact:

119

V-194: Citrix XenServer Memory Management Error Lets Local Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Citrix XenServer Memory Management Error Lets Local 4: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host V-194: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host July 8, 2013 - 12:24am Addthis PROBLEM: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host PLATFORM: Citrix XenServer 5.0 - 6.2 ABSTRACT: A vulnerability was reported in Citrix XenServer. REFERENCE LINKS: CTX138134 SecurityTracker Alert ID: 1028740 CVE-2013-1432 IMPACT ASSESSMENT: Medium DISCUSSION: A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. IMPACT: A local user on the guest operating system can obtain access on the target

120

V-194: Citrix XenServer Memory Management Error Lets Local Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Citrix XenServer Memory Management Error Lets Local 4: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host V-194: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host July 8, 2013 - 12:24am Addthis PROBLEM: Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host PLATFORM: Citrix XenServer 5.0 - 6.2 ABSTRACT: A vulnerability was reported in Citrix XenServer. REFERENCE LINKS: CTX138134 SecurityTracker Alert ID: 1028740 CVE-2013-1432 IMPACT ASSESSMENT: Medium DISCUSSION: A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. IMPACT: A local user on the guest operating system can obtain access on the target

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

T-624: Novell eDirectory LDAP-SSL Memory Allocation Error Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Novell eDirectory LDAP-SSL Memory Allocation Error Lets 4: Novell eDirectory LDAP-SSL Memory Allocation Error Lets Remote Users Deny Service T-624: Novell eDirectory LDAP-SSL Memory Allocation Error Lets Remote Users Deny Service May 17, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in Novell eDirectory. A remote user can cause denial of service conditions. A remote user can send specially crafted data to cause the target service to crash. On Netware-based systems, the system may crash. PLATFORM: Red Hat Enterprise, SuSE,AIX, HP/UX, Solaris, Windows 2000, 2003 ABSTRACT: A remote user can cause denial of service conditions. reference LINKS: Novell eDirectory - LDAP-SSL SECURELIST.ORG SecurityFocus BugTrackID: 47858 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Novell eDirectory. A remote user can cause

122

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

123

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

124

Memory Usage Considerations on Hopper  

NLE Websites -- All DOE Office Websites (Extended Search)

Memory Considerations Memory Considerations Memory Considerations Memory Usage Considerations on Hopper Most Hopper compute nodes have 32 GB of physical memory, but, not all that memory is available to user programs. Compute Node Linux (the kernel), the Lustre file system software, and message passing library buffers all consume memory, as does loading the executable into memory. Thus the precise memory available to an application varies. Approximately 31 GB of memory can be allocated from within an MPI program using all 24 cores per node, i.e., 1.29 GB per MPI task on average. If an application uses 12 MPI tasks per node, then each MPI task could use about 2.58 GB of memory. You may see an error message such as "OOM killer terminated this process." "OOM" means Out of Memory and it means that your code has exhausted the

125

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

126

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

162: Drupal Multiple Vulnerabilities 162: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

127

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

128

T-540: Sybase EAServer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: Sybase EAServer Multiple Vulnerabilities 40: Sybase EAServer Multiple Vulnerabilities T-540: Sybase EAServer Multiple Vulnerabilities January 24, 2011 - 6:16am Addthis PROBLEM: Sybase EAServer Multiple Vulnerabilities PLATFORM: Sybase EAServer versions 6.3 and prior ABSTRACT: Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information. Sybase EAServer versions 6.3 and prior are affected. reference LINKS: Bugtraq ID: 45809 SyBase Advisory IMPACT ASSESSMENT: Medium Discussion: Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over

129

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Colombia-Cartagena Vulnerability Assessment Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] Colombia-CDKN-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=Colombia-Cartagena_Vulnerability_Assessment&oldid=699760"

130

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

131

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

132

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

133

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

62: Drupal Multiple Vulnerabilities 62: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

134

T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities 6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities March 14, 2011 - 3:05pm Addthis PROBLEM: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. PLATFORM: Sun Solaris 10 ABSTRACT: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. reference LINKS: Secunia Advisory: SA43747 Oracle Sun Advisory: CVE Multiple Vulnerabilities in Adobe Flash Player Secure List: SA43747 Oracle Sun Support Adobe Flash Player for Linux and Solaris IMPACT ASSESSMENT: High Discussion: Oracle has acknowledged multiple vulnerabilities in Solaris, which can be exploited by malicious people to disclose sensitive information, bypass

135

Shape memory alloys  

SciTech Connect

A shape memory alloy is disclosed consisting essentially of, by weight ratio, 2 to 15% aluminium, 0.01 to 3% beryllium and the balance being substantially copper, with impurities being inevitably present in the process of preparation, and a shape memory alloy further including 0.05 to 15% zinc, both including composition ranges which allows cold work.

Suzuki, K.

1983-10-04T23:59:59.000Z

136

The Java memory model  

Science Conference Proceedings (OSTI)

This paper describes the new Java memory model, which has been revised as part of Java 5.0. The model specifies the legal behaviors for a multithreaded program; it defines the semantics of multithreaded Java programs and partially determines legal implementations ... Keywords: Java, concurrency, memory model, multithreading

Jeremy Manson; William Pugh; Sarita V. Adve

2005-01-01T23:59:59.000Z

137

Hysteresis, Reversibility, and Shape Memory  

Science Conference Proceedings (OSTI)

Basic Properties of Shape Memory Materials from First-Principles ... Control Loops of Shape Memory Actuators by Detection of the Electrical Resistance.

138

Computer memory management system  

DOE Patents (OSTI)

A computer memory management system utilizing a memory structure system of "intelligent" pointers in which information related to the use status of the memory structure is designed into the pointer. Through this pointer system, The present invention provides essentially automatic memory management (often referred to as garbage collection) by allowing relationships between objects to have definite memory management behavior by use of coding protocol which describes when relationships should be maintained and when the relationships should be broken. In one aspect, the present invention system allows automatic breaking of strong links to facilitate object garbage collection, coupled with relationship adjectives which define deletion of associated objects. In another aspect, The present invention includes simple-to-use infinite undo/redo functionality in that it has the capability, through a simple function call, to undo all of the changes made to a data model since the previous `valid state` was noted.

Kirk, III, Whitson John (Greenwood, MO)

2002-01-01T23:59:59.000Z

139

Technology strategy for the semiconductor memory market  

E-Print Network (OSTI)

Solid state memories are used in a variety of applications as data and code storages. A non-volatile memory is a memory that retains information when its power supply is off. Flash memory is a type of nonvolatile memory ...

Nakamura, Tomohiko

2012-01-01T23:59:59.000Z

140

V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Adobe Flash Player / AIR Multiple Vulnerabilities 0: Adobe Flash Player / AIR Multiple Vulnerabilities V-090: Adobe Flash Player / AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player / AIR Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.5.502.149 and prior for Windows and Macintosh Adobe Flash Player versions 11.2.202.262 and prior for Linux Adobe Flash Player versions 11.1.115.37 and prior for Android 4.x Adobe Flash Player versions 11.1.111.32 and prior for Android 3.x and 2.x Adobe AIR versions 3.5.0.1060 and prior Adobe AIR versions 3.5.0.1060 SDK and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR. REFERENCE LINKS: Vulnerability identifier: APSB13-05 Secunia Advisory SA52166 CVE-2013-0637 CVE-2013-0638 CVE-2013-0639

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

142

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

143

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

144

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

145

U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Bugzilla LDAP Injection and Information Disclosure 1: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities September 5, 2012 - 6:00am Addthis PROBLEM: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: Bugzilla is prone to an LDAP-injection vulnerability and an information-disclosure vulnerability reference LINKS: Bugzilla Homepage Bugzilla Security Advisory Bugtraq ID: 55349 Secunia Advisory SA50433 CVE-2012-3981 CVE-2012-4747 IMPACT ASSESSMENT: Medium Discussion: A vulnerability and a security issue have been reported, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used

146

V-062: Asterisk Two Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Asterisk Two Denial of Service Vulnerabilities 2: Asterisk Two Denial of Service Vulnerabilities V-062: Asterisk Two Denial of Service Vulnerabilities January 4, 2013 - 6:00am Addthis PROBLEM: Asterisk Two Denial of Service Vulnerabilities PLATFORM: The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x. ABSTRACT: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA51689 Asterisk Project Security Advisories CVE-2012-5976 CVE-2012-5977 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via

147

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

148

V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox Multiple Vulnerabilities 6: Mozilla Firefox Multiple Vulnerabilities V-126: Mozilla Firefox Multiple Vulnerabilities April 4, 2013 - 6:00am Addthis PROBLEM: Mozilla Firefox Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 20.0 ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52770 Secunia Advisory SA52293 Mozilla Security Announcement mfsa2013-30 Mozilla Security Announcement mfsa2013-31 Mozilla Security Announcement mfsa2013-32 Mozilla Security Announcement mfsa2013-34 Mozilla Security Announcement mfsa2013-35

149

U-104: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Flash Player Multiple Vulnerabilities 4: Adobe Flash Player Multiple Vulnerabilities U-104: Adobe Flash Player Multiple Vulnerabilities February 16, 2012 - 6:30am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. reference LINKS: Adobe Security Bulletin Secunia Advisory 48033 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Adobe Flash Player, which

150

T-730: Vulnerability in Citrix Provisioning Services could result in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

730: Vulnerability in Citrix Provisioning Services could result 730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution September 29, 2011 - 8:30am Addthis PROBLEM: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution. PLATFORM: This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6 Service Pack 1. ABSTRACT: Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. reference LINKS: Citrix Document ID: CTX130846 Security Focus: Bugtraq ID 49803 IMPACT ASSESSMENT:

151

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Multiple Vulnerabilities 8: Google Chrome Multiple Vulnerabilities V-208: Google Chrome Multiple Vulnerabilities August 1, 2013 - 2:32am Addthis PROBLEM: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. PLATFORM: Google Chrome 28.x ABSTRACT: Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54325 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to

152

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

153

U-249: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

49: Google Chrome Multiple Vulnerabilities 49: Google Chrome Multiple Vulnerabilities U-249: Google Chrome Multiple Vulnerabilities August 31, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome 21.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome. reference LINKS: Secunia Advisory SA50447 Stable Channel Update CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An out-of-bounds read error exists when handling line breaks. 2) A bad cast error exists within run-ins.

154

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

155

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Access Gateway Unspecified Security Bypass 6: Citrix Access Gateway Unspecified Security Bypass Vulnerability V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway PLATFORM: Standard Edition 5.0.x prior to 5.0.4.223524. Versions 4.5.x and 4.6.x are not affected by this vulnerability ABSTRACT: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA52479 Security Tracker Alert ID 1028255 com/id/1028255 CVE-2013-2263 Citrix Knowledge Center IMPACT ASSESSMENT: High DISCUSSION: The vulnerability could allow an unauthenticated user to gain access to network resources. IMPACT:

156

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

157

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

158

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

159

V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability 3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability April 1, 2013 - 1:26am Addthis PROBLEM: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability PLATFORM: VMware ESX Server 4.x VMware ESXi 4.x VMware ESXi 5.x ABSTRACT: A vulnerability has been reported in VMware ESX and ESXi REFERENCE LINKS: VMware ESXi security update Secunia Advisory SA52844 CVE-2012-5134 IMPACT ASSESSMENT: High DISCUSSION: The ESXi userworld libxml2 library has been updated to resolve a security issue IMPACT: VMware ESX and ESXi can be exploited by malicious people to compromise a vulnerable system SOLUTION: The vendor has issued a fix, VMware ESXi 5.0, Patch Release ESXi500-201303001 (2044373) Addthis Related Articles U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets

160

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Multiple Vulnerabilities 1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: versions prior to 26.0.1410.43. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Secunia Advisory SA52761 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. IMPACT: 1) A use-after-free error exists in Web Audio.

162

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Vulnerabilities 5: Google Chrome Multiple Vulnerabilities V-105: Google Chrome Multiple Vulnerabilities March 6, 2013 - 12:09am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome prior to 25.0.1364.152. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA52454 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities in Google Chrome may have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in frame loader. 2) A use-after-free error exists in browser navigation handling.

163

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

164

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Unified Customer Voice Portal (CVP) Multiple 2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT: Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. REFERENCE LINKS: Secunia Advisory SA53306 Cisco Advisory ID cisco-sa-20130508-cvp Cisco Applied Mitigation Bulletin CVE-2013-1220 CVE-2013-1221 CVE-2013-1222 CVE-2013-1223 CVE-2013-1224 CVE-2013-1225 IMPACT ASSESSMENT: Medium DISCUSSION:

165

V-097: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Google Chrome Multiple Vulnerabilities 7: Google Chrome Multiple Vulnerabilities V-097: Google Chrome Multiple Vulnerabilities February 22, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome PLATFORM: The vulnerabilities are reported in versions prior to Google Chrome 24.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52320 Chrome Stable Channel Update CVE-2013-0879 CVE-2013-0880 CVE-2013-0881 CVE-2013-0882 CVE-2013-0883 CVE-2013-0884 CVE-2013-0885 CVE-2013-0886 CVE-2013-0887 CVE-2013-0888 CVE-2013-0889 CVE-2013-0890 CVE-2013-0891 CVE-2013-0892 CVE-2013-0893

166

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

167

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

168

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Data Studio Web Console Java Multiple Vulnerabilities 8: IBM Data Studio Web Console Java Multiple Vulnerabilities V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities June 14, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE REFERENCE LINKS: Secunia Advisory SA53778 IBM Flash Alert 1640533 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: High DISCUSSION: An unspecified vulnerability within the JSSE component could allow: 1) A remote attacker to cause a denial of service 2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of

169

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Informix Genero libpng Integer Overflow Vulnerability 4: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT ASSESSMENT: Medium DISCUSSION: The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix

170

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

171

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

172

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google Picasa BMP and TIFF Images Processing Vulnerabilities 6: Google Picasa BMP and TIFF Images Processing Vulnerabilities V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities March 21, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been discovered in Google Picasa PLATFORM: Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac ABSTRACT: Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA51652 Picasa Release Notes IMPACT ASSESSMENT: High DISCUSSION: 1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field. 2) The application bundles a vulnerable version of LibTIFF.

173

U-246: Tigase XMPP Dialback Protection Bypass Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Tigase XMPP Dialback Protection Bypass Vulnerability 6: Tigase XMPP Dialback Protection Bypass Vulnerability U-246: Tigase XMPP Dialback Protection Bypass Vulnerability August 28, 2012 - 7:00am Addthis PROBLEM: Tigase XMPP Dialback Protection Bypass Vulnerability PLATFORM: Tigase 5.x ABSTRACT: A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. reference LINKS: XMPP Standards Foundation Secunia Advisory SA50362 tigase.org CVE-2012-4670 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.

174

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Multiple Vulnerabilities 4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system. PLATFORM: Google Chrome 28.x ABSTRACT: The vulnerabilities are reported in versions prior to 29.0.1547.57 REFERENCE LINKS: Secunia Advisory ID: 1028921 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose

175

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

176

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

National Nuclear Security Administration (NNSA)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

177

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

NLE Websites -- All DOE Office Websites (Extended Search)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

178

The (In)Security of Drug Testing - Vulnerability Assessment Team...  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Papers > The (In)Security of Drug Testing VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security...

179

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS Introduction SCADA Security for Managers and Operators Intermediate SCADA Security Training Course Slides...

180

Mapping Climate Change Vulnerability and Impact Scenarios - A...  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change...

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

Locating Climate Insecurity: Where Are the Most Vulnerable Places...  

Open Energy Info (EERE)

Twitter icon Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Name Locating Climate Insecurity: Where Are the Most...

182

Reconsidering custom memory allocation  

Science Conference Proceedings (OSTI)

Programmers hoping to achieve performance improvements often use custom memory allocators. This in-depth study examines eight applications that use custom allocators. Surprisingly, for six of these applications, a state-of-the-art general-purpose allocator ...

Emery D. Berger; Benjamin G. Zorn; Kathryn S. McKinley

2002-11-01T23:59:59.000Z

183

Warship : memorial in antithesis  

E-Print Network (OSTI)

This thesis is divided into three distinct yet related parts. The first consists of observations and reflections on some of New York City's many war memorials, ranging from one commemorating the Revolutionary War to one ...

Tchelistcheff, Andre Victor

1992-01-01T23:59:59.000Z

184

Mondriaan memory protection  

E-Print Network (OSTI)

Reliability and security are quickly becoming users' biggest concern due to the increasing reliance on computers in all areas of society. Hardware-enforced, fine-grained memory protection can increase the reliability and ...

Witchel, Emmett Jethro, 1970-

2004-01-01T23:59:59.000Z

185

Low-level software security : exploiting memory safety vulnerabilities and assumptions  

E-Print Network (OSTI)

subl movl movl leal movl call leave ret % ebp % esp , % ebp$56 , % esp 8(% ebp ) , %eax % eax , 4(% esp ) -40(% ebp ) , % eax % eax , (% esp )

Checkoway, Stephen

2012-01-01T23:59:59.000Z

186

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0-18381 0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the U.S. Government. Neither the U.S. Government nor any agency thereof, nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness, of any information, apparatus, product, or

187

Using hardware vulnerability factors to enhance AVF analysis  

Science Conference Proceedings (OSTI)

Fault tolerance is now a primary design constraint for all major microprocessors. One step in determining a processor's compliance to its failure rate target is measuring the Architectural Vulnerability Factor (AVF) of each on-chip structure. The AVF ... Keywords: architectural vulnerability factor, fault tolerance, reliability

Vilas Sridharan; David R. Kaeli

2010-06-01T23:59:59.000Z

188

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

December 22, 2011 December 22, 2011 U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. December 20, 2011 U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. December 19, 2011 U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. December 16, 2011 U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code A remote user can cause the target application to execute arbitrary code on

189

U-100: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Vulnerabilities 0: Google Chrome Multiple Vulnerabilities U-100: Google Chrome Multiple Vulnerabilities February 10, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. PLATFORM: Google Chrome 16.x ABSTRACT: A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Reference LINKS: Google Announcements and Release Channel Secunia Advisory SA47938 Security Tracker ID 1026654 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some

190

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Agency/Company /Organization: United Nations Development Programme (UNDP) Resource Type: Guide/manual Website: www.beta.undp.org/content/dam/aplaws/publication/en/publications/envir Language: English Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Screenshot This guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate policies and intervention can

191

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

192

V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox Multiple Vulnerabilities 7: Mozilla Firefox Multiple Vulnerabilities V-187: Mozilla Firefox Multiple Vulnerabilities June 27, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Mozilla Firefox PLATFORM: Mozilla Firefox 21.x ABSTRACT: These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53970 Secunia Advisory SA53953 Mozilla Advisory mfsa2013-49 Mozilla Advisory mfsa2013-50 Mozilla Advisory mfsa2013-51 Mozilla Advisory mfsa2013-53 Mozilla Advisory mfsa2013-55 Mozilla Advisory mfsa2013-56 Mozilla Advisory mfsa2013-59 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685

193

Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of  

Open Energy Info (EERE)

Impacts, Vulnerability and Adaptation: The Case of Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Agency/Company /Organization World Agroforestry Centre Sector Land Focus Area Forestry Topics Adaptation, Background analysis, Co-benefits assessment Resource Type Publications Website http://www.worldagroforestry.o Country Philippines UN Region South-Eastern Asia References Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed[1] Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Screenshot This article is a stub. You can help OpenEI by expanding it.

194

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

195

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Security AppScan Enterprise Multiple Vulnerabilities 9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security AppScan Enterprise Multiple Vulnerabilities PLATFORM: IBM Rational AppScan 5.x IBM Rational AppScan 8.x ABSTRACT: IBM has acknowledged multiple vulnerabilities REFERENCE LINKS: IBM Reference #:1626264 Secunia Advisory SA52764 CVE-2008-4033 CVE-2012-4431 CVE-2012-5081 CVE-2013-0473 CVE-2013-0474 CVE-2013-0510 CVE-2013-0511 CVE-2013-0512 CVE-2013-0513 CVE-2013-0532 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a

196

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Multiple vulnerabilities have been reported in Puppet 1: Multiple vulnerabilities have been reported in Puppet V-111: Multiple vulnerabilities have been reported in Puppet March 14, 2013 - 12:12am Addthis PROBLEM: Multiple vulnerabilities have been reported in Puppet PLATFORM: Puppet 2.x Puppet 3.x Puppet Enterprise 1.x Puppet Enterprise 2.x ABSTRACT: Puppet Multiple Vulnerabilities REFERENCE LINKS: Puppet Blog Secunia Advisory SA52596 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request. 2) An input validation error exists in the application and can be exploited

197

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

198

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

94: IBM Multiple Products Multiple Vulnerabilities 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1 IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2 ABSTRACT: A weakness and multiple vulnerabilities have been reported in multiple IBM products. REFERENCE LINKS: IBM Reference #:1625624 IBM Product Security Incident Response Blog Secunia Advisory SA52132

199

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Attachmate Reflection Products Java Multiple Vulnerabilities 2: Attachmate Reflection Products Java Multiple Vulnerabilities V-022: Attachmate Reflection Products Java Multiple Vulnerabilities November 13, 2012 - 1:00am Addthis PROBLEM: Attachmate Reflection Products Java Multiple Vulnerabilities PLATFORM: Reflection X 2011 Reflection Suite for X 2011 Reflection for Secure IT Server for Windows Reflection for Secure IT Client and Server for UNIX ABSTRACT: Security issues related to Reflection PKI Services Manager REFERENCE LINKS: PKI Services Manager Technical Note 2560 Secunia Advisory SA51256 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 IMPACT ASSESSMENT: High DISCUSSION: Attachmate has acknowledged multiple vulnerabilities in some Reflection

200

India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Agency/Company /Organization Swiss Agency for Development and Cooperation Sector Energy, Land, Water Focus Area Agriculture Topics Co-benefits assessment, Background analysis Resource Type Lessons learned/best practices Website http://www.intercooperation.or Country India Southern Asia References India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change[1] India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Screenshot Contents 1 Introduction [1] 2 Community-based Institutions [2] 3 Pasture Land Development [3]

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

202

Analyses Of Two End-User Software Vulnerability Exposure Metrics  

SciTech Connect

The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

Jason L. Wright; Miles McQueen; Lawrence Wellman

2012-08-01T23:59:59.000Z

203

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

204

T-731:Symantec IM Manager Code Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code Injection Vulnerability. PLATFORM: IM Manager versions prior to 8.4.18 are affected. ABSTRACT: Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. referecnce LINKS: Symantec Security Advisory SYM11-012 Symantec Security Updates Bugtraq ID: 49742 IMPACT ASSESSMENT: High Discussion: Symantec was notified of Cross-Site Scripting and Code injection/execution issues present in the Symantec IM Manager management console. The management console fails to properly filter/validate external inputs. Successful exploitation of SQL Injection or Remote Code execution might

205

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Drupal Secure Password Hashes Module Security Bypass 74: Drupal Secure Password Hashes Module Security Bypass Vulnerability T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability July 22, 2011 - 3:00pm Addthis PROBLEM: Drupal Secure Password Hashes Module Security Bypass Vulnerability PLATFORM: Drupal Secure Password Hashes 6.X-1.0 Drupal Secure Password Hashes 5.X-1.4 ABSTRACT: The Secure Password Hashes module for Drupal is prone to a security-bypass vulnerability. reference LINKS: Drupal Homepage SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities IMPACT ASSESSMENT: Medium Discussion: This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the {users} database column but does not replace the pass attribute of the account

206

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

207

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

208

An OVAL-based active vulnerability assessment system for enterprise computer networks  

Science Conference Proceedings (OSTI)

Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter ... Keywords: Attack path, Network security, Open vulnerability assessment language, Predicate logic, Relational database management system, Security vulnerability

Xiuzhen Chen; Qinghua Zheng; Xiaohong Guan

2008-11-01T23:59:59.000Z

209

Using Cyclic Memory Allocation to Eliminate Memory Leaks  

E-Print Network (OSTI)

We present and evaluate a new memory management technique foreliminating memory leaks in programs with dynamic memoryallocation. This technique observes the execution of the program on asequence of training inputsto find ...

Nguyen, Huu Hai

2005-10-26T23:59:59.000Z

210

The rope memory: a permanent storage device  

Science Conference Proceedings (OSTI)

A powerful way of increasing the capability and flexibility of digital computing systems is through the use of permanent storage memories. Such memories are also known as readonly memories or NDRO electrically unalterable memories. As an example of the ...

P. Kuttner

1963-11-01T23:59:59.000Z

211

Dynamically replicated memory: building reliable systems from nanoscale resistive memories  

Science Conference Proceedings (OSTI)

DRAM is facing severe scalability challenges in sub-45nm tech- nology nodes due to precise charge placement and sensing hur- dles in deep-submicron geometries. Resistive memories, such as phase-change memory (PCM), already scale well beyond DRAM and ... Keywords: phase-change memory, write endurance

Engin Ipek; Jeremy Condit; Edmund B. Nightingale; Doug Burger; Thomas Moscibroda

2010-03-01T23:59:59.000Z

212

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). The coordinating lead author and a principal author was Craig Zamuda of DOE-PI; other principal authors included Bryan Mignone of DOE-PI, and Dan Bilello, KC Hallett, Courtney Lee, Jordan Macknick, Robin Newmark, and Daniel Steinberg of NREL. Vince Tidwell of Sandia National Laboratories, Tom Wilbanks of

213

Reducing US vulnerability to oil supply shocks  

Science Conference Proceedings (OSTI)

The 1990 crisis in the Middle East has raised concern about the United States`s vulnerability to oil supply disruptions. In addition, a number of trends point to increased US dependence on imported oil. Oil imports have increased and production has declined in the United States for the last eight years. Imports now comprise 42 percent of total oil consumption and US dependence on oil imports is projected to increase over the next 20 years. The Energy Modeling Forum forecasts imports to be more than twice domestic production by the year 2010. There are many studies examining the effects of various policies to protect US energy security. Not many consider the Strategic Petroleum Reserve (SPR), which can be a powerful tool in combating energy supply shocks. The SPR can dramatically increase the domestic short run supply elasticity, which has been found to be a key element in the welfare cost of protectionist policies. Upon examining 5 policies the author finds that the SPR together with a protectionist policy works best against a supply disruption. 27 refs., 3 tabs.

Yuecel, M.K. [Federal Reserve Bank of Dallas, TX (United States)

1994-10-01T23:59:59.000Z

214

High Temperature Shape Memory Alloys  

Science Conference Proceedings (OSTI)

Mar 5, 2013 ... Shape Memory Response of NiTiHfPd High Strength and High Hysteresis Shape Memory Alloys: Emre Acar1; Haluk Karaca1; Hirobumi Tobe1; ...

215

Thomas H. Smouse Memorial Fellowship  

Science Conference Proceedings (OSTI)

Awarded to a graduate student doing research in areas of interest to AOCS. Thomas H. Smouse Memorial Fellowship Thomas H. Smouse Memorial Fellowship graduate research scholastically outstanding Smouse Award Student Award Student Awards achievemen

216

Unifluxor: a permanent memory element  

Science Conference Proceedings (OSTI)

The Unifluxor is a new binary permanent memory element which appears to have the advantages of high-speed operation, easy fabrication, and low cost. Unlike cores, twistors, capacitors, and other commonly used memory devices, the Unifluxor does not depend ...

A. M. Renard; W. J. Neumann

1960-05-01T23:59:59.000Z

217

Memory Usage Considerations on Franklin  

NLE Websites -- All DOE Office Websites (Extended Search)

the memory requirement vvia internal checking in their codes or by some tools. Craypat could track heap usage. And IPM also tracks memory usage. Last edited: 2013-06-30 08:33:51...

218

V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Oracle Solaris Java Multiple Vulnerabilities 1: Oracle Solaris Java Multiple Vulnerabilities V-051: Oracle Solaris Java Multiple Vulnerabilities December 20, 2012 - 12:15am Addthis PROBLEM: Oracle Solaris Java Multiple Vulnerabilities PLATFORM: Oracle Solaris 11.x ABSTRACT: Oracle has acknowledged multiple vulnerabilities in Java included in Solaris REFERENCE LINKS: Secunia Advisory: SA51618 Secunia Advisory: SA50949 Third Party Vulnerability Resolution Blog in Java 7U9 Third Party Vulnerability Resolution Blog in Java 6U37 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5067 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084

219

Shape memory polymer medical device  

SciTech Connect

A system for removing matter from a conduit. The system includes the steps of passing a transport vehicle and a shape memory polymer material through the conduit, transmitting energy to the shape memory polymer material for moving the shape memory polymer material from a first shape to a second and different shape, and withdrawing the transport vehicle and the shape memory polymer material through the conduit carrying the matter.

Maitland, Duncan (Pleasant Hill, CA); Benett, William J. (Livermore, CA); Bearinger, Jane P. (Livermore, CA); Wilson, Thomas S. (San Leandro, CA); Small, IV, Ward (Livermore, CA); Schumann, Daniel L. (Concord, CA); Jensen, Wayne A. (Livermore, CA); Ortega, Jason M. (Pacifica, CA); Marion, III, John E. (Livermore, CA); Loge, Jeffrey M. (Stockton, CA)

2010-06-29T23:59:59.000Z

220

Transparently consistent asynchronous shared memory  

Science Conference Proceedings (OSTI)

The advent of many-core processors is imposing many changes on the operating system. The resources that are under contention have changed; previously, CPU cycles were the resource in demand and required fair and precise sharing. Now compute cycles are ... Keywords: copy on write, memory management, memory sharing, virtual memory

Hakan Akkan, Latchesar Ionkov, Michael Lang

2013-06-01T23:59:59.000Z

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

New Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

More Information More Information VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

222

About Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Seals Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

223

Findings and Lessons, Seals - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Findings and Lessons Learned Findings and Lessons Learned VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

224

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

225

Rapid Sampling from Sealed Containers - Vulnerability Assessment Team -  

NLE Websites -- All DOE Office Websites (Extended Search)

Nonproliferation and Nonproliferation and National Security > VAT > Current Projects > Rapid Sampling Tools > ... from Sealed Containers VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Tamper & Intrusion Detection Rapid Sampling from Sealed Containers Demo video Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned

226

Common Myths about Tamper Indicating Seals - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Common Myths about Tamper Common Myths about Tamper Indicating Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

227

Insanely Fast Microprocessor Shop - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Insanely Fast Microprocessor Shop Insanely Fast Microprocessor Shop VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

228

Automated Vulnerability Detection for Compiled Smart Grid Software  

Science Conference Proceedings (OSTI)

While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

Prowell, Stacy J [ORNL; Pleszkoch, Mark G [ORNL; Sayre, Kirk D [ORNL; Linger, Richard C [ORNL

2012-01-01T23:59:59.000Z

229

The memory book  

Science Conference Proceedings (OSTI)

In this paper we present an Augmented Reality book for remembering past events and to plan future ones. We have developed this system using Brainstorm eStudio. We have incorporated Augmented Reality options into Brainstorm eStudio using a plugin of ARToolKit. ... Keywords: augmented reality, memory book, storytelling

M. C. Juan; B. Rey; D. Perez; D. Tomas; M. Alcańiz

2005-06-01T23:59:59.000Z

230

Library Book Memorial and  

E-Print Network (OSTI)

Library Book Memorial and Honorary Gift Program A university library provides the information or event. We will inform the individual or family of your gift and the book(s) we add to the library Enclosed is my $___________ contribution for gift books. K $20 or more -- Bookplate(s) K Under $20

VanDieren, Monica

231

NIST SP 800-24, PBX Vulnerability Analysis : Finding Holes In ...  

Science Conference Proceedings (OSTI)

... 35 Silent Monitoring 35 Conferencing 36 ... Dial-back modem vulnerabilities. Unattended remote access to a switch clearly represents a vulnerability. ...

2012-05-09T23:59:59.000Z

232

G-Free: defeating return-oriented programming through gadget-less binaries  

Science Conference Proceedings (OSTI)

Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. ... Keywords: ROP, return-oriented programming, return-to-libc

Kaan Onarlioglu; Leyla Bilge; Andrea Lanzi; Davide Balzarotti; Engin Kirda

2010-12-01T23:59:59.000Z

233

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

97: Cisco Adaptive Security Appliances Denial of Service 97: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device. reference LINKS: Vendor Advisory Secunia ID 49647 CVE-2012-3058 IMPACT ASSESSMENT: High Discussion: Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco

234

T-547: Microsoft Windows Human Interface Device (HID) Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

547: Microsoft Windows Human Interface Device (HID) Vulnerability 547: Microsoft Windows Human Interface Device (HID) Vulnerability T-547: Microsoft Windows Human Interface Device (HID) Vulnerability February 1, 2011 - 3:20am Addthis PROBLEM Microsoft Windows Human Interface Device (HID) Vulnerability. PLATFORM: Microsoft 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a Smartphone that the user connected to the computer. reference LINKS: Security Lab: Reference CVE-2011-0638 CVE Details: Reference CVE-2011-0638 Mitre Reference: CVE-2011-0638

235

U-191: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

91: Oracle Java Multiple Vulnerabilities 91: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes.

236

OLADE-Central America Climate Change Vulnerability Program | Open Energy  

Open Energy Info (EERE)

OLADE-Central America Climate Change Vulnerability Program OLADE-Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program Agency/Company /Organization Latin America Energy Organization Partner Ministries of Energy and Energy Enterprises Sector Energy, Land Topics Background analysis Website http://www.olade.org/proyecto_ Program Start 2010 Program End 2011 Country Belize, Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, Panama Central America, Central America, Central America, Central America, Central America, Central America, Central America References OLADE Energy and Climate Change Projects[1] OLADE is a Latin American organization working with Central American countries on climate change vulnerability for hydroelectric systems and

237

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

238

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-180: IBM Application Manager For Smart Business Multiple V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin 1640752 Secunia Advisory SA53844 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

239

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple 1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

240

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

613: Microsoft Excel Axis Properties Remote Code Execution 613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability May 2, 2011 - 7:42am Addthis PROBLEM: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fail to sufficiently validate user-supplied input. PLATFORM: Microsoft Excel (2002-2010) ABSTRACT: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

U-187: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Multiple Vulnerabilities 7: Adobe Flash Player Multiple Vulnerabilities U-187: Adobe Flash Player Multiple Vulnerabilities June 11, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Flash Player PLATFORM: Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux Adobe Flash Player 11.1.115.8 and earlier for Android 4.x Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android ABSTRACT: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates

242

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

243

U.S. Energy Sector Vulnerability Report | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process -- and to advance the Energy Department's goal of promoting energy security -- the Department released the U.S. Energy Sector Vulnerability to Climate Change and Extreme Weather report. The report examines current and potential future impacts of climate change trends on the U.S. energy sector, including: Coastal energy infrastructure is at risk from sea level rise, increasing storm intensity and higher storm surge and flooding. Oil and gas production -- including refining, hydraulic fracturing

244

T-614: Cisco Unified Communications Manager Database Security Vulnerability  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerability is due to unspecified errors in the affected software that may allow the attacker to perform SQL injections. An authenticated, remote attacker could inject arbitrary SQL code on the system, allowing the attacker to take unauthorized actions.

245

Systematic Techniques for Finding and Preventing Script Injection Vulnerabilities  

E-Print Network (OSTI)

2010). http://code. google.com/p/browsersec/wiki/Part1. [101] SecuriTeam. “Google.com UTF-7 XSS Vulnerabilities”.sensitive data of the google.com domain. In the past, Barth

Saxena, Prateek

2012-01-01T23:59:59.000Z

246

Vulnerability beyond Stereotypes: Context and Agency in Hurricane Risk Communication  

Science Conference Proceedings (OSTI)

Risk communication may accentuate or alleviate the vulnerability of people who have particular difficulties responding to the threat of hazards such as hurricanes. The process of risk communication involves how hazard information is received, ...

Heather Lazrus; Betty H. Morrow; Rebecca E. Morss; Jeffrey K. Lazo

2012-04-01T23:59:59.000Z

247

U-183: ISC BIND DNS Resource Records Handling Vulnerability ...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability U-038: BIND 9 Resolver crashes after logging an error in query.c T-617: BIND RPZ Processing Flaw Lets Remote Users...

248

System Assurance: Beyond Detecting Vulnerabilities, 1st edition  

Science Conference Proceedings (OSTI)

In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable ...

Nikolai Mansourov; Djenana Campara

2010-12-01T23:59:59.000Z

249

V-061: IBM SPSS Modeler XML Document Parsing Vulnerability |...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

and cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain XML documents and can be exploited via a specially crafted document....

250

Equally Unprepared: Assessing the Hurricane Vulnerability of Undergraduate Students  

Science Conference Proceedings (OSTI)

Students have been described as being both particularly vulnerable to natural disasters and highly resilient in recovery. In addition, they often have been treated as a distinct, homogeneous group sharing similar characteristics. This research ...

Jason L. Simms; Margarethe Kusenbach; Graham A. Tobin

2013-07-01T23:59:59.000Z

251

U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

35: Adobe Flash Player Multiple Vulnerabilities 35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should

252

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM Maximo Asset Management Products Java Multiple 61: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

253

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot. 2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check

254

Vulnerability and social risk management in India and Mexico  

E-Print Network (OSTI)

The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

Flores Ballesteros, Luis

2008-01-01T23:59:59.000Z

255

Genepool Memory Heatmaps  

NLE Websites -- All DOE Office Websites (Extended Search)

Genepool Memory Heatmaps Genepool Memory Heatmaps Heatmap of Memory and Slots Requested vs Time Waited (in hours) | Queue: All | Last 7 Days Memory Requested Slots <5GB 5-10GB 10-20GB 20-30GB 30-40GB 40-50GB 50-100GB 100-150GB 150-200GB 200-256GB 256-512GB 512+GB Job Count Longest Wait 1 2.26 (2693) 10.5 (201167) 3.2 (11650) 0 1.75 (282) 1.49 (1627) 0.03 (1) 0 0 0 0 0 217420 538.96 2 0.26 (103) 1.02 (2817) 0 0 0 0 0 0 0 0 0 0 2920 9.1 4 1.55 (198) 1.48 (104) 0.34 (8) 0 0 0 1.86 (3) 0 0 0 0 0 313 20.48 6 0.01 (1) 0.09 (34) 0 0 0 0 0 0 0 0 0 0 35 1.22 8 0.34 (37) 6.15 (12376) 1.01 (17) 24.7 (1) 0.03 (3) 0 0.02 (6) 0 0 0 0 0 12440 46.16 10 0 8.56 (1) 0 0 0 0 0 0 0 0 0 0 1 8.56 16 0 0.03 (1) 0 0 0 0 0 0 0 0 0 0 1 0.03 24 0 0 0.01 (1) 0 0 0 0 0 0 0 0 0 1 0.01 32 0 0.01 (4) 0.05 (9) 0 0.01 (6) 0 0.0 (1) 0 0 0 0 0 20 0.26

256

Shape memory alloy actuator  

DOE Patents (OSTI)

An actuator for cycling between first and second positions includes a first shaped memory alloy (SMA) leg, a second SMA leg. At least one heating/cooling device is thermally connected to at least one of the legs, each heating/cooling device capable of simultaneously heating one leg while cooling the other leg. The heating/cooling devices can include thermoelectric and/or thermoionic elements.

Varma, Venugopal K. (Knoxville, TN)

2001-01-01T23:59:59.000Z

257

Page placement in hybrid memory systems  

Science Conference Proceedings (OSTI)

Phase-Change Memory (PCM) technology has received substantial attention recently. Because PCM is byte-addressable and exhibits access times in the nanosecond range, it can be used in main memory designs. In fact, PCM has higher density and lower idle ... Keywords: hybrid memory, memory controller, phase-change memory

Luiz E. Ramos; Eugene Gorbatov; Ricardo Bianchini

2011-05-01T23:59:59.000Z

258

APC: a performance metric of memory systems  

Science Conference Proceedings (OSTI)

Due to the infamous "memory wall" problem and a drastic increase in the number of data intensive applications, memory rather than processor has become the leading performance bottleneck of modern computing systems. Evaluating and understanding memory ... Keywords: measurement methodology, memory metric, memory performance measurement

Xian-He Sun; Dawei Wang

2012-10-01T23:59:59.000Z

259

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

260

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

262

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

263

Applications of Shape Memory Alloys  

Science Conference Proceedings (OSTI)

Mar 3, 2011 ... More than 50 years after the discovery of shape memory alloys, and after investments of millions of dollars, there are very few successful ...

264

Using Hardware Memory Protection to Build a High-Performance, Strongly-Atomic Hybrid Transactional Memory  

Science Conference Proceedings (OSTI)

We demonstrate how fine-grained memory protection can be used in support of transactional memory systems: first showing how a software transactional memory system (STM) can be made strongly atomic by using memory protection on transactionally-held state, ... Keywords: Transactional Memory, Hybrid, Memory Protection, Primitives, Abort Handler, Strong Atomicity

Lee Baugh; Naveen Neelakantam; Craig Zilles

2008-06-01T23:59:59.000Z

265

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

vulnerability vulnerability identification, dEfense and Restoration (Smart Grid Project) (United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom Coordinates 55.378052°, -3.435973° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":55.378052,"lon":-3.435973,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

266

Locating Climate Insecurity: Where Are the Most Vulnerable Places in  

Open Energy Info (EERE)

Locating Climate Insecurity: Where Are the Most Vulnerable Places in Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Agency/Company /Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.org/system/research_items/pdfs/19/original.pdf?128 UN Region: "Sub-Saharan Africa" is not in the list of possible values (Eastern Africa, Middle Africa, Northern Africa, Southern Africa, Western Africa, Caribbean, Central America, South America, Northern America, Central Asia, Eastern Asia, Southern Asia, South-Eastern Asia, Western Asia, Eastern Europe, Northern Europe, Southern Europe, Western Europe, Australia and New Zealand, Melanesia, Micronesia, Polynesia, Latin America and the Caribbean) for this property.

267

The Journal of Physical Security - Vulnerability Assessment Team - Argonne  

NLE Websites -- All DOE Office Websites (Extended Search)

Current Projects > The Journal of Physical Current Projects > The Journal of Physical Security VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast ”Processor Shop Insanely Fast ”Processor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

268

T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Drupal Prepopulate - Multiple vulnerabilities 7: Drupal Prepopulate - Multiple vulnerabilities T-657: Drupal Prepopulate - Multiple vulnerabilities June 29, 2011 - 3:34pm Addthis PROBLEM: Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. PLATFORM: Prepopulate module for Drupal 6.x versions prior to 6.x-2.2 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2011-023 Prepopulate module Prepopulate 6.x-2.2 Update IMPACT ASSESSMENT: High Discussion: The Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. Users privileged to

269

Vulnerability Analysis of Energy Delivery Control Systems - 2011 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The goal of the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE) National Supervisory Control and Data Acquisition (SCADA) Test Bed (NSTB) program is to enhance the reliability and resiliency of the Nation's energy infrastructure by reducing the risk

270

Chemical Safety Vulnerability Working Group report. Volume 1  

Science Conference Proceedings (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

Not Available

1994-09-01T23:59:59.000Z

271

An analysis of MRAM based memory technologies  

E-Print Network (OSTI)

MRAM is a memory (RAM) technology that uses electron spin to store information. Often been called "the ideal memory", it can potentially combine the density of DRAM with the speed of SRAM and non-volatility of FLASH memory ...

Vijayaraghavan, Rangarajan, M. Eng. Massachusetts Institute of Technology

2006-01-01T23:59:59.000Z

272

Shape memory alloy thaw sensors  

DOE Patents (OSTI)

A sensor permanently indicates that it has been exposed to temperatures exceeding a critical temperature for a predetermined time period. An element of the sensor made from shape memory alloy changes shape when exposed, even temporarily, to temperatures above the Austenitic temperature of the shape memory alloy. The shape change of the SMA element causes the sensor to change between two readily distinguishable states.

Shahinpoor, Mohsen (Albuquerque, NM); Martinez, David R. (Albuquerque, NM)

1998-01-01T23:59:59.000Z

273

Memory exploration for low power, embedded systems  

Science Conference Proceedings (OSTI)

Keywords: cache simulator, design automation, low power design, low power embedded systems, memory exploration and optimization, memory hierarchy, off-chip data assignment

Wen-Tsong Shiue; Chaitali Chakrabarti

1999-06-01T23:59:59.000Z

274

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: Mac RealPlayer Multiple Vulnerabilities 42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

275

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mac RealPlayer Multiple Vulnerabilities 2: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

276

Steganographic information hiding that exploits a novel file system vulnerability  

Science Conference Proceedings (OSTI)

In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. ...

Avinash Srinivasan; Satish Kolli; Jie Wu

2013-08-01T23:59:59.000Z

277

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot- tleneck in mobile devices (the battery power

California at Davis, University of

278

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot­ tleneck in mobile devices (the battery power

Chen, Hao

279

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS  

E-Print Network (OSTI)

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS S A Bhattil environment of an Electricity transmission substation environment is modelled as a Symmetric Alpha Stable of an electricity transmission substation. I. INTRODUCTION In industrial environments, Supervisor Control and Data

Atkinson, Robert C

280

An adaptive architecture of applying vulnerability analysis to IDS alerts  

Science Conference Proceedings (OSTI)

With increasing intrusions and attacks on the Internet, there is an urgent need to develop techniques for network security. Current standalone network security products, such as the firewall systems, the Intrusion Detection System (IDS), the anti-virus ... Keywords: alert, intrusion detection, network security, predicate-based evaluation, vulnerability analysis

Xuejiao Liu; Xin Zhuang; Debao Xiao

2008-07-01T23:59:59.000Z

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

Vulnerabilities Analyzing Model for Alert Correlation in Distributed Environment  

Science Conference Proceedings (OSTI)

With the growing deployment of host and network intrusion detection systems, managing alerts from these systems becomes critically important. A promising approach is to develop a cooperation module between several IDS to achieve alerts correlation and ... Keywords: alert correlation, prerequisites and consequences, hyper-alert type, vulnerability tuple

Wen Long; Yang Xin; Yixian Yang

2009-07-01T23:59:59.000Z

282

An assessment of fire vulnerability for aged electrical relays  

SciTech Connect

There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

1995-03-01T23:59:59.000Z

283

ELECTROSTATIC MEMORY SYSTEM  

DOE Patents (OSTI)

An improved electrostatic memory system is de scribed fer a digital computer wherein a plarality of storage tubes are adapted to operate in either of two possible modes. According to the present irvention, duplicate storage tubes are provided fur each denominational order of the several binary digits. A single discriminator system is provided between corresponding duplicate tubes to determine the character of the infurmation stored in each. If either tube produces the selected type signal, corresponding to binazy "1" in the preferred embodiment, a "1" is regenerated in both tubes. In one mode of operation each bit of information is stored in two corresponding tubes, while in the other mode of operation each bit is stored in only one tube in the conventional manner.

Chu, J.C.

1958-09-23T23:59:59.000Z

284

Shape memory metals. Final report  

SciTech Connect

The ability to define a manufacturing process to form, heat-treat, and join parts made of nickel-titanium and/or copper-zinc-aluminum shape memory alloys was investigated. The specific emphasis was to define a process that would produce shape memory alloy parts in the configuration of helical coils emulating the appearance of compression springs. In addition, the mechanical strength of the finished parts along with the development of a electrical lead attachment method using shape memory alloy wire was investigated.

Dworak, T.D.

1993-09-01T23:59:59.000Z

285

A durable and energy efficient main memory using phase change memory technology  

Science Conference Proceedings (OSTI)

Using nonvolatile memories in memory hierarchy has been investigated to reduce its energy consumption because nonvolatile memories consume zero leakage power in memory cells. One of the difficulties is, however, that the endurance of most nonvolatile ... Keywords: endurance, low power, phase change memory

Ping Zhou; Bo Zhao; Jun Yang; Youtao Zhang

2009-06-01T23:59:59.000Z

286

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19, 2011 19, 2011 T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) May 18, 2011 T-625: Opera Frameset Handling Memory Corruption Vulnerability The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

287

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

May 16, 2011 May 16, 2011 T-623: HP Business Availability Center Input Validation Hole Permits Cross-Site Scripting Attacks The software does not properly filter HTML code from user-supplied input before displaying the input. May 13, 2011 T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user. May 10, 2011 T-620: Microsoft Security Bulletin Advance Notification for May 2011

288

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

289

U-234: Oracle MySQL User Login Security Bypass Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

234: Oracle MySQL User Login Security Bypass Vulnerability 234: Oracle MySQL User Login Security Bypass Vulnerability U-234: Oracle MySQL User Login Security Bypass Vulnerability August 14, 2012 - 7:00am Addthis PROBLEM: Oracle MySQL User Login Security Bypass Vulnerability PLATFORM: Version(s): prior to 5.1.63 and 5.5.25 are vulnerable. ABSTRACT: Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions. REFERENCE LINKS: http://www.securityfocus.com/bid/53911/discuss CVE-2012-2122 IMPACT ASSESSMENT: Medium Discussion: Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in

290

U-158: HP NonStop Server Java Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP NonStop Server Java Multiple Vulnerabilities 8: HP NonStop Server Java Multiple Vulnerabilities U-158: HP NonStop Server Java Multiple Vulnerabilities April 30, 2012 - 7:00am Addthis PROBLEM: HP NonStop Server Java Multiple Vulnerabilities PLATFORM: HP NonStop Server 6.x ABSTRACT: Multiple vulnerabilities have been reported in HP NonStop Server Reference links: Secunia Advisory SA48977 CVE-2011-3547 CVE-2011-3551 CVE-2011-3553 IMPACT ASSESSMENT: High Discussion: HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact: Successful exploitation of this vulnerability may allow remote manipulation

291

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

292

Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach  

Science Conference Proceedings (OSTI)

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and ... Keywords: Genetic algorithms, Information security

Mukul Gupta; Jackie Rees; Alok Chaturvedi; Jie Chi

2006-03-01T23:59:59.000Z

293

Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach  

Science Conference Proceedings (OSTI)

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and ... Keywords: genetic algorithms, information security

Mukul Gupta; Jackie Rees; Alok Chaturvedi; Jie Chi

2006-03-01T23:59:59.000Z

294

T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution  

Energy.gov (U.S. Department of Energy (DOE))

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

295

U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Cisco AnyConnect VPN Client Two Vulnerabilities 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader

296

OMC-INTEGRAL Memory Management  

Science Conference Proceedings (OSTI)

The management of the memory restrictions imposed by the processor (1750A) was one of the major difficulties found in designing the Software (SW) controlling the Optical Monitoring Camera (OMC) payload of the International Gamma Ray Laboratory (INTEGRAL) ...

Jose Manuel Pérez Lobato; Eva Martín Lobo

2002-06-01T23:59:59.000Z

297

Shape memory alloy thaw sensors  

SciTech Connect

A sensor permanently indicates that it has been exposed to temperatures exceeding a critical temperature for a predetermined time period. An element of the sensor made from shape memory alloy changes shape when exposed, even temporarily, to temperatures above the austenitic temperature of the shape memory alloy. The shape change of the SMA element causes the sensor to change between two readily distinguishable states. 16 figs.

Shahinpoor, M.; Martinez, D.R.

1998-04-07T23:59:59.000Z

298

Using semantic templates to study vulnerabilities recorded in large software repositories  

Science Conference Proceedings (OSTI)

Software repositories are rich sources of information about vulnerabilities that occur during a product's lifecycle. Although available, such information is scattered across numerous databases. Furthermore, in large software repositories, a single vulnerability ... Keywords: CVE, CWE, buffer overflow, fix patterns, ontology, semantic template, software repository, vulnerability

Yan Wu; Robin A. Gandhi; Harvey Siy

2010-05-01T23:59:59.000Z

299

Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities  

Science Conference Proceedings (OSTI)

Software security failures are common and the problem is growing. A vulnerability is a weakness in the software that, when exploited, causes a security failure. It is difficult to detect vulnerabilities until they manifest themselves as security failures ... Keywords: Cohesion, Complexity, Coupling, Software metrics, Vulnerability prediction

Istehad Chowdhury; Mohammad Zulkernine

2011-03-01T23:59:59.000Z

300

SIPC Advisory -Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code Execution -RISK: HIGH  

E-Print Network (OSTI)

SIPC Advisory - Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code/4/2011 SUBJECT: Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code Execution OVERVIEW: A new vulnerability has been discovered in Microsoft Windows Graphics Rendering Engine, which could

Holliday, Vance T.

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1  

E-Print Network (OSTI)

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack Acquisition (SCADA) systems that allows us to calculate device vulnerability and help power substation vulnerable to cyber attack. We use graph theory to model electric power control and protection devices

Krings, Axel W.

302

Diversity Strategies to Mitigate Postulated Common Cause Failure Vulnerabilities  

Science Conference Proceedings (OSTI)

This paper describes an approach to establish effective mitigating strategies that can resolve potential common-cause failure (CCF) vulnerabilities in instrumentation and control (I&C) systems at nuclear power plants. A particular objective in the development of these strategies, which consist of combinations of diversity attributes and their associated criteria, is to address the unique characteristics of digital technology that can contribute to CCF concerns. The research approach employed to establish diversity strategies involves investigation of available documentation on diversity usage and experience from nuclear power and non-nuclear industries, capture of expert knowledge and lessons learned, determination of common practices, and assessment of the nature of CCFs and compensating diversity attributes. The resulting diversity strategies address considerations such as the effect of technology choices, the nature of CCF vulnerabilities, and the prospective impact of each diversity type. In particular, the impact of each attribute and criterion on the purpose, process, product, and performance aspects of diverse systems are considered.

Wood, Richard Thomas [ORNL

2010-01-01T23:59:59.000Z

303

T-596: 0-Day Windows Network Interception Configuration Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: 0-Day Windows Network Interception Configuration 6: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can be used to stage potential man-in-the-middle (MITM) attacks on IPv4 traffic. Please see the "Other Links" section below, as it provides an external URL reference. reference LINKS: InfoSec Institute - SLAAC Attack Cisco Threat Comparison and Best-Practice White Paper IMPACT ASSESSMENT: High

304

T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Xen Multiple Buffer Overflow and Integer Overflow 6: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities May 19, 2011 - 3:05pm Addthis PROBLEM: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities PLATFORM: XenSource Xen 3.3.1, XenSource Xen 3.3, XenSource Xen 3.2, XenSource Xen 3.1.2, XenSource Xen 3.1.1, XenSource Xen 3.0.3, XenSource Xen 4.0, XenSource Xen 3.0, RedHat Enterprise Linux Virtualization 5 server, RedHat Enterprise Linux Desktop Multi OS 5 client ,RedHat Enterprise Linux 5 server, Red Hat Fedora 15 ,and Red Hat Enterprise Linux Desktop 5 client ABSTRACT: It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the

305

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

AFTER A Framework for electrical power sysTems vulnerability AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Norway) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Norway Coordinates 60.472023°, 8.468946° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":60.472023,"lon":8.468946,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

306

Energy efficient Phase Change Memory based main memory for future high performance systems  

Science Conference Proceedings (OSTI)

Phase Change Memory (PCM) has recently attracted a lot of attention as a scalable alternative to DRAM for main memory systems. As the need for high-density memory increases, DRAM has proven to be less attractive from the point of view of scaling and ... Keywords: DDR3 commodity DRAM memory system, energy efficient phase change memory, main memory, future high performance systems, energy consumption, latency issues, write energy, write endurance, cache, embedded DRAM

R. A. Bheda; Jason A. Poovey; J. G. Beu; T. M. Conte

2011-07-01T23:59:59.000Z

307

Effect of memory access and caching on high performance computing.  

E-Print Network (OSTI)

??High-performance computing is often limited by memory access. As speeds increase, processors are often waiting on data transfers to and from memory. Classic memory controllers… (more)

Groening, James

2012-01-01T23:59:59.000Z

308

Putting vulnerability to climate change on the map: a review of approaches, benefits, and risks  

Science Conference Proceedings (OSTI)

There is growing demand among stakeholders across public and private institutions for spatially-explicit information regarding vulnerability to climate change at the local scale. However, the challenges associated with mapping the geography of climate change vulnerability are non-trivial, both conceptually and technically, suggesting the need for more critical evaluation of this practice. Here, we review climate change vulnerability mapping in the context of four key questions that are fundamental to assessment design. First, what are the goals of the assessment? A review of published assessments yields a range of objective statements that emphasize problem orientation or decision-making about adaptation actions. Second, how is the assessment of vulnerability framed? Assessments vary with respect to what values are assessed (vulnerability of what) and the underlying determinants of vulnerability that are considered (vulnerability to what). The selected frame ultimately influences perceptions of the primary driving forces of vulnerability as well as preferences regarding management alternatives. Third, what are the technical methods by which an assessment is conducted? The integration of vulnerability determinants into a common map remains an emergent and subjective practice associated with a number of methodological challenges. Fourth, who participates in the assessment and how will it be used to facilitate change? Assessments are often conducted under the auspices of benefiting stakeholders, yet many lack direct engagement with stakeholders. Each of these questions is reviewed in turn by drawing on an illustrative set of 45 vulnerability mapping studies appearing in the literature. A number of pathways for placing vulnerability

Preston, Benjamin L [ORNL

2011-01-01T23:59:59.000Z

309

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability 7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability July 11, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Adobe ColdFusion PLATFORM: The vulnerability is reported in version 10 for Windows, Macintosh, and Linux ABSTRACT: The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets REFERENCE LINKS: Secunia Advisory SA54024 Adobe Security Bulletin APSB13-19 Stackoverflow.com CVE-2013-3350 IMPACT ASSESSMENT: High DISCUSSION: The hotfix resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets IMPACT: Security Bypass

310

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities 3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities January 26, 2011 - 7:35am Addthis PROBLEM: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. PLATFORM: Wireshark 0.8.20 through 1.2.8. ABSTRACT: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application. reference LINKS: Securityfocus IMPACT ASSESSMENT: Medium Discussion: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.Exploiting these issues may allow attackers to crash the

311

U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability 18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability July 23, 2012 - 6:49am Addthis PROBLEM: Cisco Linksys WMB54G TFTP Command Injection Vulnerability PLATFORM: Cisco Linksys WMB54G 1.x ABSTRACT: System access from local network reference LINKS: Bugtraq ID: 54615 Original Advisory Secunia Advisory SA49868 Cisco Advisory ID: cisco-sa-20111019-cs IMPACT ASSESSMENT: Medium Discussion: A vulnerability in Cisco Linksys WMB54G was reported, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to missing input validation in the TFTP service when running the firmware update functionality and can be exploited to inject and execute arbitrary shell commands. Additionally, it may be

312

U-099: MySQL Unspecified Code Execution Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

099: MySQL Unspecified Code Execution Vulnerability 099: MySQL Unspecified Code Execution Vulnerability U-099: MySQL Unspecified Code Execution Vulnerability February 9, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a vulnerable system. PLATFORM: MySQL 5.x ABSTRACT: Successful exploitation allows execution of arbitrary code. Reference LINKS: Secunia Advisory SA47894 No CVE references currently available. IMPACT ASSESSMENT: Medium Discussion: The vulnerability is reported in version 5.5.20. Other versions may also be affected. The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb on Debian 6.0. Impact: System access from local network Solution: An effective workaround cannot currently be provided due to limited vulnerability details.

313

V-070: Apache CouchDB Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache CouchDB Multiple Vulnerabilities 0: Apache CouchDB Multiple Vulnerabilities V-070: Apache CouchDB Multiple Vulnerabilities January 16, 2013 - 1:00am Addthis PROBLEM: Apache CouchDB Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.0.4, 1.1.2, and 1.2.1. ABSTRACT: Multiple vulnerabilities have been reported in Apache CouchDB REFERENCE LINKS: Secunia Advisory SA51765 Seclists.org/fulldisclosure/2013/Jan/80 Seclists.org/fulldisclosure/2013/Jan/81 Seclists.org/fulldisclosure/2013/Jan/82 CVE-2012-5641 CVE-2012-5649 CVE-2012-5650 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed via the query parameters to browser-based test suite is not

314

Ralph H. Potts Memorial Fellowship Award  

Science Conference Proceedings (OSTI)

Awarded to a graduate student doing research in fats and oils. Ralph H. Potts Memorial Fellowship Award Awards Program achievement aocs application award Awards baldwin distinguished division memorial nomination poster program recognizing research

315

Water vulnerabilities for existing coal-fired power plants.  

SciTech Connect

This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considere

Elcock, D.; Kuiper, J.; Environmental Science Division

2010-08-19T23:59:59.000Z

316

Chapter 5: Virtual Memory Management 1 Virtual Memory Management  

E-Print Network (OSTI)

kernel data structures. The zone package This package facilitates fast allocation of memory for kernel data structures, some of which may be in time critical pieces of code. The zone package provides, organization, data structures, interactions. The emphasis is laid on both ma- chine dependent portion

Melbourne, University of

317

Review: Interpretive review of conceptual frameworks and research models that inform Australia's agricultural vulnerability to climate change  

Science Conference Proceedings (OSTI)

Agriculture in Australia is highly vulnerable to climate change. Understanding the sector's vulnerability is critical to developing immediate policy for the future of the agricultural industries and their communities. This review aims to identify research ... Keywords: Biophysical models, Contextual vulnerability, Outcome vulnerability

Leonie J. Pearson; Rohan Nelsonc; Steve Crimp; Jenny Langridge

2011-02-01T23:59:59.000Z

318

V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

319

Available Technologies:Collective Memory Transfers for ...  

APPLICATIONS OF TECHNOLOGY: High Performance Computing (HPC) Big Data processing and analysis; Processor manufacturers; Memory module manufacturers

320

Battelle Memorial Institute Technology Marketing Summaries ...  

... applications and industries, and development stage. Battelle Memorial ... Typical existing armor for vehicles uses rigid plates of steel.

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

NIST Demonstrates Better Memory with Quantum Computer ...  

Science Conference Proceedings (OSTI)

... to demonstrate a quantum physics version of computer memory lasting ... prospects for making practical, reliable quantum computers (which make ...

2013-01-03T23:59:59.000Z

322

Shape memory polymer foams for endovascular therapies  

DOE Patents (OSTI)

A system for occluding a physical anomaly. One embodiment comprises a shape memory material body wherein the shape memory material body fits within the physical anomaly occluding the physical anomaly. The shape memory material body has a primary shape for occluding the physical anomaly and a secondary shape for being positioned in the physical anomaly.

Wilson, Thomas S. (Castro Valley, CA); Maitland, Duncan J. (Pleasant Hill, CA)

2012-03-13T23:59:59.000Z

323

Specifying memory consistency of write buffer multiprocessors  

Science Conference Proceedings (OSTI)

Write buffering is one of many successful mechanisms that improves the performance and scalability of multiprocessors. However, it leads to more complex memory system behavior, which cannot be described using intuitive consistency models, such as Sequential ... Keywords: Memory consistency framework, alpha, coherence, partial store order, relaxed memory order, sequential consistency, sparc multiprocessors, total store order, write-buffer architectures

Lisa Higham; Lillanne Jackson; Jalal Kawash

2007-02-01T23:59:59.000Z

324

Multistable Circuits for Analog Memories Implementation  

Science Conference Proceedings (OSTI)

In this work two multistable circuits suitable for analog memories implementation will be presented. These circuits have been used to implement completely asynchronous analog memories, one type based on a flash converter and thus having a linear complexity ... Keywords: analog memories, asynchronous converters, successive approximations

Giorgio Biagetti; Massimo Conti; Simone Orcioni

2004-04-01T23:59:59.000Z

325

The Tempest approach to distributed shared memory  

Science Conference Proceedings (OSTI)

This paper summarizes how distributed shared memory (DSM) can be both efficiently and portably supported by the Tempest interface. Tempest is a collection of mechanisms for communication and synchronization in parallel programs. These mechanisms provide ... Keywords: Tempest, Tempest interface, distributed shared memory, message passing, parallel programs, shared memory

David A. Wood; Mark D. Hill; James R. Larus

1996-10-01T23:59:59.000Z

326

Algorithms and data structures for external memory  

Science Conference Proceedings (OSTI)

Data sets in large applications are often too massive to fit completely inside the computer's internal memory. The resulting input/output communication (or I/O) between fast internal memory and slower external memory (such as disks) can be a major performance ...

Jeffrey Scott Vitter

2008-01-01T23:59:59.000Z

327

Reducing memory sharing overheads in distributed JVMs  

Science Conference Proceedings (OSTI)

Distributed JVM systems by supporting Java’s shared-memory model enable concurrent Java applications to run transparently on clusters of computers. Aiming to reduce the overheads associated to memory coherence enforcement mechanisms required in ... Keywords: JVM, Java, cluster computing, concurrent Java applications, distributed shared memory, high-performance computing

Marcelo Lobosco; Orlando Loques; Claudio L. de Amorim

2005-09-01T23:59:59.000Z

328

Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

Not Available

1994-09-01T23:59:59.000Z

329

Chemical Safety Vulnerability Working Group report. Volume 3  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

Not Available

1994-09-01T23:59:59.000Z

330

Seismic Vulnerability and Performance Level of confined brick walls  

Science Conference Proceedings (OSTI)

There has been an increase on the interest of Engineers and designers to use designing methods based on displacement and behavior (designing based on performance) Regarding to the importance of resisting structure design against dynamic loads such as earthquake, and inability to design according to prediction of nonlinear behavior element caused by nonlinear properties of constructional material.Economically speaking, easy carrying out and accessibility of masonry material have caused an enormous increase in masonry structures in villages, towns and cities. On the other hand, there is a necessity to study behavior and Seismic Vulnerability in these kinds of structures since Iran is located on the earthquake belt of Alpide.Different reasons such as environmental, economic, social, cultural and accessible constructional material have caused different kinds of constructional structures.In this study, some tied walls have been modeled with software and with relevant accelerator suitable with geology conditions under dynamic analysis to research on the Seismic Vulnerability and performance level of confined brick walls. Results from this analysis seem to be satisfactory after comparison of them with the values in Code ATC40, FEMA and standard 2800 of Iran.

Ghalehnovi, M.; Rahdar, H. A. [University of Sistan and Baluchestan, Zahedan (Iran, Islamic Republic of)

2008-07-08T23:59:59.000Z

331

Indiana Memorial Union Wells Library  

E-Print Network (OSTI)

Franklin Hall Bryan Hall Law Indiana Memorial Union Jordan Hall Morrison Hall Wells Library Loop (0.5 miles) IMU to Greenhouse (0.3 miles) Business to Law School (0.75 miles) Wells Library to Morrison Hall (0.5 miles) Wells Library to Muisc Library (0.4 miles) #12;

Indiana University

332

Bridging the memory access gap  

Science Conference Proceedings (OSTI)

The rapid growth of electronic data processing over the past two decades has been characterized by an almost insatiable appetite for larger and faster memories. In fact, over this period of time, on-line storage capacity has increased about three times ...

Dennis E. Speliotis

1975-05-01T23:59:59.000Z

333

Trapped-flux superconducting memory  

Science Conference Proceedings (OSTI)

A memory cell based on trapped flux in superconductors has been built and tested. The cell is constructed entirely by vacuum evaporation of thin films and can be selected by coincident current or by other techniques, with drive-current requirements less ...

J. W. Crowe

1957-10-01T23:59:59.000Z

334

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

94: IBM solidDB Password Hash Authentication Bypass 94: IBM solidDB Password Hash Authentication Bypass Vulnerability T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability April 4, 2011 - 6:08am Addthis PROBLEM: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: IBM solidDB 4.x - IBM solidDB 6.x ABSTRACT: This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. REFERENCE LINKS: IBM Security Alert Secunia Advisory: SA44030 ZDI Advisory: ZDI-11-115 IBM solidDB Support IMPACT ASSESSMENT: Medium Discussion: The specific flaw exists within the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol

335

V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IntegraXor ActiveX Control Buffer Overflow Vulnerability 6: IntegraXor ActiveX Control Buffer Overflow Vulnerability V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability February 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in IntegraXor PLATFORM: Integraxor Versions prior to 4.x ABSTRACT: The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow. REFERENCE LINKS: Secunia Advisory SA52073 CVE-2012-4700 US-CERT Advisory IMPACT ASSESSMENT: High DISCUSSION: Successfully exploiting this vulnerability could lead to a DoS for the application or could allow an attacker to execute arbitrary code. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 4.00 build 4280.0 Addthis Related Articles

336

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-214: HP Network Node Manager Java JDK / JRE Multiple U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

337

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager Java JDK / JRE Multiple 4: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

338

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

211: IBM iNotes Multiple Vulnerabilities 211: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

339

U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: McAfee Web Gateway Web Access Cross Site Scripting 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI. reference LINKS: McAfee Web Gateway Release Notes Bugtraq ID: 50341 Secunia Advisory: SA46570 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in McAfee Web Gateway, which can be

340

V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: PuTTY SSH Handshake Integer Overflow Vulnerabilities 3: PuTTY SSH Handshake Integer Overflow Vulnerabilities V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities August 7, 2013 - 6:00am Addthis PROBLEM: SEARCH-LAB has reported some vulnerabilities in PuTTY PLATFORM: PuTTY 0.x ABSTRACT: The vulnerabilities can be exploited by malicious people to potentially compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520 CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerabilities are caused due to some integer overflow errors when handling the SSH handshake and can be exploited to cause heap-based buffer overflows via a negative handshake message length. IMPACT: Successful exploitation of may allow execution of arbitrary code

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

098: ISC BIND Deleted Domain Name Resolving Vulnerability 098: ISC BIND Deleted Domain Name Resolving Vulnerability U-098: ISC BIND Deleted Domain Name Resolving Vulnerability February 8, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ABSTRACT: The vulnerability is caused due to an error within the cache update policy. reference LINKS: Original Advisory Secunia Advisory SA47884 CVE-2012-1033 IMPACT ASSESSMENT: High Discussion: Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The

342

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: ModSecurity Multipart Message Parsing Security Bypass 5: ModSecurity Multipart Message Parsing Security Bypass Vulnerability V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability October 18, 2012 - 6:00am Addthis PROBLEM: ModSecurity Multipart Message Parsing Security Bypass Vulnerability PLATFORM: Modsecurity Versions prior to 2.70 ABSTRACT: SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions REFERENCE LINKS: SEC Consult Secunia Advisory SA49853 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules. IMPACT: Remote Security Bypass SOLUTION: Update to version 2.70. Addthis Related Articles V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

343

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM WebSphere Commerce User Information Disclosure 2: IBM WebSphere Commerce User Information Disclosure Vulnerability U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability October 2, 2012 - 6:00am Addthis PROBLEM: IBM WebSphere Commerce User Information Disclosure Vulnerability PLATFORM: WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11 WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6 ABSTRACT: A vulnerability in WebSphere Commerce could allow disclosure of user personal data. reference LINKS: IBM Security Bulletin 1612484 X-Force Vulnerability Database (78867) Secunia Advisory SA50821 CVE-2012-4830 IMPACT ASSESSMENT: Medium Discussion: A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.

344

V-082: Novell GroupWise Client Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Novell GroupWise Client Two Vulnerabilities 2: Novell GroupWise Client Two Vulnerabilities V-082: Novell GroupWise Client Two Vulnerabilities February 1, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Novell GroupWise Client PLATFORM: Novell GroupWise 2012 Novell GroupWise Client 2012 Novell GroupWise Client 8.x Novell GroupWise Server 8.x ABSTRACT: Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52031 CVE-2012-0439 CVE-2013-0804 Novell KB 7011687 Novell KB 7011688 IMPACT ASSESSMENT: High DISCUSSION: The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on

345

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

76: VMware vCenter Operations Cross-Site Scripting Vulnerability 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory Secunia Advisory SA50795 CVE-2012-5050 IMPACT ASSESSMENT: Medium Discussion: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact: A vulnerability in VMware vCenter Operations, which can be exploited to

346

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability 5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability June 27, 2011 - 4:31pm Addthis PROBLEM: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability PLATFORM: Mozilla Firefox ABSTRACT: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. reference LINKS: Securityfocus Mozilla Firefox Homepage MFSA 2011-27: XSS encoding hazard with inline SVG IMPACT ASSESSMENT: High Discussion: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to

347

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities August 6, 2012 - 7:00am Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions 2.0.1.358 and earlier. ABSTRACT: Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software reference LINKS: BlackBerry Article ID: KB31675 Secunia Advisory SA50164 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0773 CVE-2012-0779 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

348

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java. IMPACT: Apache can be exploited by malicious people to conduct spoofing attacks. SOLUTION: The vendor has issued a fix. Addthis Related Articles

349

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: ISC DHCP Multiple Denial of Service Vulnerabilities 4: ISC DHCP Multiple Denial of Service Vulnerabilities U-224: ISC DHCP Multiple Denial of Service Vulnerabilities July 31, 2012 - 7:00am Addthis PROBLEM: ISC DHCP Multiple Denial of Service Vulnerabilities PLATFORM: ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1 ABSTRACT: ISC DHCP is prone to multiple denial-of-service vulnerabilities. reference LINKS: BIND and DHCP Security Updates Released Bugtraq ID: 54665 Secunia Advisory SA50018 CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests

350

Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)  

SciTech Connect

The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

2013-02-01T23:59:59.000Z

351

NIST SP 800-51 Revision 1, Guide to Using Vulnerability ...  

Science Conference Proceedings (OSTI)

... A vulnerability naming scheme is a systematic method for creating and maintaining a standardized dictionary of common names for a set of ...

2012-02-06T23:59:59.000Z

352

U-054: Security Advisory for Adobe Reader and Acrobat | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

54: Security Advisory for Adobe Reader and Acrobat 54: Security Advisory for Adobe Reader and Acrobat U-054: Security Advisory for Adobe Reader and Acrobat December 7, 2011 - 8:00am Addthis PROBLEM: Adobe Acrobat/Reader U3D Memory Corruption Error Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh ABSTRACT: This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively

353

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

April 26, 2011 April 26, 2011 T-610: Red Hat kdenetwork security update A directory traversal flaw was found in the way KGet, a download manager, handled the "file" element in Metalink files. April 25, 2011 T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user. April 22, 2011 T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to

354

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14, 2011 14, 2011 T-717: Microsoft Security Bulletin Summary for September 2011 Microsoft Security Bulletin Summary for September 2011. September 14, 2011 T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability September 13, 2011 T-715: Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks. September 12, 2011 T-714:Wireshark OpenSafety and CSN.1 Dissector Bugs Wireshark OpenSafety and CSN.1 Dissector Bugs Lets Remote Users Deny Service. September 9, 2011 T-713: Blue Coat Reporter Directory Traversal Flaw Blue Coat Reporter Directory Traversal Flaw Lets Remote Users Gain Full Control. September 8, 2011

355

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Czech Czech Republic) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Czech Republic Coordinates 49.817493°, 15.472962° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":49.817493,"lon":15.472962,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

356

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Ireland) Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates 53.41291°, -8.24389° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":53.41291,"lon":-8.24389,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

357

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Belgium) Belgium) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Belgium Coordinates 50.359482°, 4.63623° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":50.359482,"lon":4.63623,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

358

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure  

SciTech Connect

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

Suski, N; Wuest, C

2011-02-04T23:59:59.000Z

359

GIS-based method for the environmental vulnerability assessment to volcanic ashfall at Etna Volcano  

Science Conference Proceedings (OSTI)

The response of environment to ashfall was evaluated aiming at defining the vulnerability in the areas surrounding Mt. Etna volcano, Sicily. The two utilized scenarios assume different thickness of ashfall, over distances comparable with those covered ... Keywords: Corine land cover, Environmental vulnerability, GIS, Volcanic risk

Silvia Rapicetta; Vittorio Zanon

2009-09-01T23:59:59.000Z

360

Aquifer Vulnerability Assessment to Petroleum Contaminants Based on Fuzzy Variable Set Theory and Geographic Information System  

Science Conference Proceedings (OSTI)

It is a common environmental and hydro-geological problem that groundwater system is contaminated by petroleum hydrocarbons. An important step of pollution control and treatment is aquifer vulnerability assessment. In this paper, a karst fissure groundwater ... Keywords: fuzzy variable set, GIS, aquifer, petroleum contamination, vulnerability, assessment

Li Qingguo; Ma Zhenmin; Fang Yunzhi; Chen Shouyu

2009-07-01T23:59:59.000Z

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

ICMPV6 Vulnerability: The Importance of Threat Model and SF-ICMP6  

Science Conference Proceedings (OSTI)

Handling Internet Control Message Protocol version 6 ICMPv6 vulnerabilities is among the challenges in securing the IPv6 deployment. Since ICMPv6 messages are crucial in IPv6 communications, this paper discusses the discovery of ICMPv6 vulnerabilities ... Keywords: ICMPv6 Policy, ICMPv6 Related Attacks, ICMPv6 Security, ICMPv6 Threat Model, Selective Filtering

Abidah Hj Mat Taib, Wan Nor Ashiqin Wan Ali, Nurul Sharidah Shaari

2013-04-01T23:59:59.000Z

362

Security Evaluation for Software System with Vulnerability Life Cycle and User Profiles  

Science Conference Proceedings (OSTI)

This paper proposes the definition of a security criterion and security assessment based on the criterion. More precisely, we present a stochastic model with a vulnerability life-cycle model and a user profile using continuous-time Markov chains. The ... Keywords: vulnerability, security evaluation, user profile

Hiroyuki Okamura; Masataka Tokuzane; Tadashi Dohi

2012-11-01T23:59:59.000Z

363

Fuzzy integrated vulnerability assessment model for critical facilities in combating the terrorism  

Science Conference Proceedings (OSTI)

Critical facility vulnerability assessment is a highly complex strategic activity in combating the terrorism and necessitates a structured quantified methodology to support the decision-making process in defense planning. In the system perspective, the ... Keywords: Airport, Fuzzy Cognitive Maps (FCM), Fuzzy integrated vulnerability assessment model (FIVAM), Fuzzy set theory, Interdependency, Simple Multi-Attribute Rating Technique (SMART), Terrorism

Ilker Akgun; Ahmet Kandakoglu; Ahmet Fahri Ozok

2010-05-01T23:59:59.000Z

364

Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements  

Science Conference Proceedings (OSTI)

This paper proposes a new approach for assessing the organization's vulnerability to information-security breaches. Although much research has been done on qualitative approaches, the literature on numerical approaches to quantify information-security ... Keywords: Information security, Information-security measurement, Risk analysis, Security threats, Vulnerability measurement

Sandip C. Patel; James H. Graham; Patricia A. S. Ralston

2008-12-01T23:59:59.000Z

365

Nuclear Maintenance Applications Center: Emergency Diesel Generator Single Component Vulnerability Review Guidance.  

Science Conference Proceedings (OSTI)

This report provides guidance to owners and operators of nuclear power plants on performing emergency diesel generator (EDG) system single component vulnerability reviews. This guidance was developed based on a recommendation from the nuclear industry’s EDG Technical Advisory Committee (TAC) that plants perform a single component vulnerability review as discussed in the Institute of Nuclear Power Operations’ Industry Experience Report ...

2013-11-01T23:59:59.000Z

366

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-057: eXtplorer "ext_find_user()" Authentication Bypass V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

367

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat Security Bypass and Denial of Service 7: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities November 6, 2012 - 6:00am Addthis PROBLEM: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities PLATFORM: Apache Tomcat 5.x Apache Tomcat 6.x Apache Tomcat 7.x ABSTRACT: Two vulnerabilities were reported in Apache Tomcat REFERENCE LINKS: Apache.org Apache Tomcat Denial of Service Apache Tomcat DIGEST authentication weaknesses Secunia Advisory SA51138 CVE-2012-2733 CVE-2012-3439 IMPACT ASSESSMENT: Medium DISCUSSION: A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error within the "parseHeaders()" function

368

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apache Struts "ParameterInterceptor" Security Bypass 2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Apache Struts PLATFORM: The vulnerability is reported in versions prior to 2.3.14.1 ABSTRACT: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA53495 Apache Struts Advisory S2-012 Apache Struts Advisory S2-013 CVE-2013-1965 CVE-2013-1966 IMPACT ASSESSMENT: High DISCUSSION: A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request

369

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

370

U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Apache OFBiz Cross-Site Scripting and Code Execution 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior versions may also be affected. references LINKS: Vendor Advisory Secunia Advisory 48800 CVE-2012-1621 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised within the "getServerError()" function in checkoutProcess.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code

371

T-572: VMware ESX/ESXi SLPD denial of service vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: VMware ESX/ESXi SLPD denial of service vulnerability 72: VMware ESX/ESXi SLPD denial of service vulnerability T-572: VMware ESX/ESXi SLPD denial of service vulnerability March 8, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions. PLATFORM: ESX/ESXi 4.0, 4.1 ABSTRACT: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. reference LINKS: VMware Security Advisory: VMSA-2011-0004 VMware vSphere 4 VMware ESXi 4.1 Update CVE-2010-3609 IMPACT ASSESSMENT: Moderate Discussion: A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.

372

U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Net4Switch ipswcom ActiveX Control Buffer Overflow 8: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability February 22, 2012 - 8:00am Addthis PROBLEM: A vulnerability was reported in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system. PLATFORM: Net4Switch ipswcom ActiveX Control 1.x ABSTRACT: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. reference LINKS: Vendor Advisory Secunia Advisroy 48125 No CVE references. IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

373

V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow 19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis PROBLEM: Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system. PLATFORM: Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x ABSTRACT: The vulnerability is confirmed in the following products and versions: * Kingsoft Writer 2012 version 8.1.0.3030. * Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 8.1.0.3385. REFERENCE LINKS: Secunia Advisory SA53266 CVE-2013-3934 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a

374

U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Oracle AutoVue ActiveX Control Insecure Method 18: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities October 25, 2011 - 8:45am Addthis PROBLEM: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities. PLATFORM: The vulnerabilities are confirmed in version 20.0.2 build 7910 (AutoVueX.ocx 20.1.1.7910). Other versions may also be affected. ABSTRACT: Successful exploitation of the vulnerabilities allows execution of arbitrary code. reference LINKS: Bugtraq ID: 50321 Secunia Advisory SA46473 Oracle AutoVue IMPACT ASSESSMENT: High Discussion: Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the

375

T-682:Double free vulnerability in MapServer | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2:Double free vulnerability in MapServer 2:Double free vulnerability in MapServer T-682:Double free vulnerability in MapServer August 2, 2011 - 4:08pm Addthis PROBLEM: Double free vulnerability in MapServer PLATFORM: All versions may be susceptible to SQL injection under certain circumstances ABSTRACT: MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases. reference LINKS: Double-free in msAddImageSymbol() when filename is a http resource

376

V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: MediaWiki CentralAuth Extension Authentication Bypass 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for MediaWik REFERENCE LINKS: Secunia Advisory SA54723 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie. IMPACT:

377

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

378

V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Novell iPrint Client Unspecified Buffer Overflow 8: Novell iPrint Client Unspecified Buffer Overflow Vulnerability V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability May 3, 2013 - 6:00am Addthis PROBLEM: Novell iPrint Client Unspecified Buffer Overflow Vulnerability PLATFORM: Novell iPrint Client 5.x ABSTRACT: A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system REFERENCE LINKS: Secunia Advisory SA53261 Novell KB 7012344 Novell KB 7008708 CVE-2013-1091 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an unspecified error and can be exploited to cause a stack-based buffer overflow. IMPACT: Successful exploitation may allow execution of arbitrary code SOLUTION: Vendor recommendation is to update to Version 5.90

379

Vulnerability assessment of medieval civic towers as a tool for retrofitting design  

Science Conference Proceedings (OSTI)

The seismic vulnerability of an ancient civic bell-tower is studied. Rather than seeing it as an intermediate stage toward a risk analysis, the assessment of vulnerability is here pursued for the purpose of optimizing the retrofit design. The vulnerability curves are drawn by carrying out a single time history analysis of a model calibrated on the basis of experimental data. From the results of this analysis, the medians of three selected performance parameters are estimated, and they are used to compute, for each of them, the probability of exceeding or attaining the three corresponding levels of light, moderate and severe damage. The same numerical model is then used to incorporate the effects of several retrofitting solutions and to re-estimate the associated vulnerability curves. The ultimate goal is to provide a numerical tool able to drive the optimization process of a retrofit design by the comparison of the vulnerability estimates associated with the different retrofitting solutions.

Casciati, Sara [ASTRA Department, University of Catania, Siracusa (Italy); Faravelli, Lucia [Department of Structural Mechanics, University of Pavia, Pavia, Pavia (Italy)

2008-07-08T23:59:59.000Z

380

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

Disaggregated memory for expansion and sharing in blade servers  

Science Conference Proceedings (OSTI)

Analysis of technology and application trends reveals a growing imbalance in the peak compute-to-memory-capacity ratio for future servers. At the same time, the fraction contributed by memory systems to total datacenter costs and power consumption during ... Keywords: disaggregated memory, memory blades, memory capacity expansion, power and cost efficiencies

Kevin Lim; Jichuan Chang; Trevor Mudge; Parthasarathy Ranganathan; Steven K. Reinhardt; Thomas F. Wenisch

2009-06-01T23:59:59.000Z

382

Architecture extensions for efficient management of scratch-pad memory  

Science Conference Proceedings (OSTI)

Nowadays, many embedded processors include in their architecture on-chip static memories, so called scratch-pad memories (SPM). Compared to cache, these memories do not require complex control logic, thus resulting in increased efficiency both in silicon ... Keywords: embedded processors, memory architecture, scratch-pad memory

José V. Busquets-Mataix; Carlos Catalá; Antonio Martí-Campoy

2011-09-01T23:59:59.000Z

383

Introspection-based memory de-duplication and migration  

Science Conference Proceedings (OSTI)

Memory virtualization abstracts a physical machine's memory resource and presents to the virtual machines running on it a piece of physical memory that could be shared, compressed and moved. To optimize the memory resource utilization by fully leveraging ... Keywords: introspection, memory de-duplication, vm migration

Jui-Hao Chiang; Han-Lin Li; Tzi-cker Chiueh

2013-03-01T23:59:59.000Z

384

Experiments with Memory-to-Memory Coupling for End-to-End Fusion Simulation Workflows  

Science Conference Proceedings (OSTI)

Scientific applications are striving to accurately simulate multiple interacting physical processes that comprise complex phenomena being modeled. Efficient and scalable parallel implementations of these coupled simulations present challenging interaction ... Keywords: coupling, memory-to-memory, rdma, workflows

Ciprian Docan; Fan Zhang; Manish Parashar; Julian Cummings; Norbert Podhorszki; Scott Klasky

2010-05-01T23:59:59.000Z

385

Rotary actuator utilizing a shape memory alloy  

SciTech Connect

An apparatus is described comprising; (a) rotary accumulator means for accumulating a length of a shape memory alloy wire; (b) the shape memory alloy wire attached at one end to a point fixed with respect to the rotary accumulator means and attached at a second end to the rotary accumulator means; (c) biasing means for biasing the rotary accumulator means to a first position; and (d) means for heating the shape memory alloy wire to cause the shape memory alloy wire to contract, thereby rotating the rotary accumulator means from the first position to a second position.

Bloch, J.T.

1988-08-09T23:59:59.000Z

386

Characterization of Shape Memory Alloys: Deformation Behavior  

Science Conference Proceedings (OSTI)

Feb 28, 2011... expected that NiTi shape memory alloys (SMA) actuators would provide simple and light weight replacements for controlling chevron-shaped ...

387

ON EFFICIENTLY COMBINING LIMITED MEMORY AND TRUST ...  

E-Print Network (OSTI)

... Euclidean norm with an insignificant computational overhead compared with the cost of computing the quasi-Newton direction in line-search limited memory ...

388

Determining Memory Use | Argonne Leadership Computing Facility  

NLE Websites -- All DOE Office Websites (Extended Search)

Allinea DDT Core File Settings Determining Memory Use Using VNC with a Debugger bgqstack gdb Coreprocessor TotalView on BGQ Systems Performance Tools & APIs Software & Libraries...

389

Exploiting Data Similarity to Reduce Memory Footprints  

SciTech Connect

Memory size has long limited large-scale applications on high-performance computing (HPC) systems. Since compute nodes frequently do not have swap space, physical memory often limits problem sizes. Increasing core counts per chip and power density constraints, which limit the number of DIMMs per node, have exacerbated this problem. Further, DRAM constitutes a significant portion of overall HPC system cost. Therefore, instead of adding more DRAM to the nodes, mechanisms to manage memory usage more efficiently - preferably transparently - could increase effective DRAM capacity and thus the benefit of multicore nodes for HPC systems. MPI application processes often exhibit significant data similarity. These data regions occupy multiple physical locations across the individual rank processes within a multicore node and thus offer a potential savings in memory capacity. These regions, primarily residing in heap, are dynamic, which makes them difficult to manage statically. Our novel memory allocation library, SBLLmalloc, automatically identifies identical memory blocks and merges them into a single copy. SBLLmalloc does not require application or OS changes since we implement it as a user-level library. Overall, we demonstrate that SBLLmalloc reduces the memory footprint of a range of MPI applications by 32.03% on average and up to 60.87%. Further, SBLLmalloc supports problem sizes for IRS over 21.36% larger than using standard memory management techniques, thus significantly increasing effective system size. Similarly, SBLLmalloc requires 43.75% fewer nodes than standard memory management techniques to solve an AMG problem.

Biswas, S; de Supinski, B R; Schulz, M; Franklin, D; Sherwood, T; Chong, F T

2011-01-28T23:59:59.000Z

390

Memory resource management in vmware esx server  

E-Print Network (OSTI)

VMware ESX Server is a thin software layer designed to multiplex hardware resources efficiently among virtual machines running unmodified commodity operating systems. This paper introduces several novel ESX Server mechanisms and policies for managing memory. A ballooning technique reclaims the pages considered least valuable by the operating system running in a virtual machine. An idle memory tax achieves efficient memory utilization while maintaining performance isolation guarantees. Content-based page sharing and hot I/O page remapping exploit transparent page remapping to eliminate redundancy and reduce copying overheads. These techniques are combined to efficiently support virtual machine workloads that overcommit memory. 1

Carl A. Waldspurger

2002-01-01T23:59:59.000Z

391

Memorandum Memorializing Ex Parte Communication - August 12,...  

NLE Websites -- All DOE Office Websites (Extended Search)

Memorandum Memorializing Ex Parte Communication - August 12, 2011 On August 9, 2011, the Air-Conditioning, Heating and Refrigeration Institute's (AHRI) Unitary Small Engineering...

392

Julian Szekely Memorial Symposium Rental Car Information  

Science Conference Proceedings (OSTI)

The Julian Szekely Memorial Symposium on Materials Processing will be held at the Royal Sonesta Hotel in Cambridge, Massachusetts, October 5-8, 1997.

393

Ultra Wideband (UWB) communication vulnerability for security applications.  

Science Conference Proceedings (OSTI)

RF toxicity and Information Warfare (IW) are becoming omnipresent posing threats to the protection of nuclear assets, and within theatres of hostility or combat where tactical operation of wireless communication without detection and interception is important and sometimes critical for survival. As a result, a requirement for deployment of many security systems is a highly secure wireless technology manifesting stealth or covert operation suitable for either permanent or tactical deployment where operation without detection or interruption is important The possible use of ultra wideband (UWB) spectrum technology as an alternative physical medium for wireless network communication offers many advantages over conventional narrowband and spread spectrum wireless communication. UWB also known as fast-frequency chirp is nonsinusoidal and sends information directly by transmitting sub-nanosecond pulses without the use of mixing baseband information upon a sinusoidal carrier. Thus UWB sends information using radar-like impulses by spreading its energy thinly over a vast spectrum and can operate at extremely low-power transmission within the noise floor where other forms of RF find it difficult or impossible to operate. As a result UWB offers low probability of detection (LPD), low probability of interception (LPI) as well as anti-jamming (AJ) properties in signal space. This paper analyzes and compares the vulnerability of UWB to narrowband and spread spectrum wireless network communication.

Cooley, H. Timothy

2010-07-01T23:59:59.000Z

394

Models on Distributed Memory Architectures  

NLE Websites -- All DOE Office Websites (Extended Search)

5/2004 Y.He 1 5/2004 Y.He 1 MPH: a Library for Coupling Multi-Component Models on Distributed Memory Architectures and its Applications Yun (Helen) He and Chris Ding CRD Division Lawrence Berkeley National Laboratory 10/15/2004 Y.He 2 10/15/2004 Y.He 3 Motivation nïź Application problems grow in scale & complexity nïź Effective organization of simulation software system that is maintainable, reusable, sharable, and efficient Ăšïƒš a major issue nïź Community Climate System Model (CCSM) development nïź Software lasts much longer than a computer! 10/15/2004 Y.He 4

395

A DSL approach for object memory management of small devices  

Science Conference Proceedings (OSTI)

Small devices have a specific hardware configuration. In particular, they usually include several types of memories (typically ROM, internal and external RAM, Flash memory) different in quantities and properties. We propose an object memory management ...

Kevin Marquet; Gilles Grimaud

2007-09-01T23:59:59.000Z

396

Distributed anemone: transparent low-latency access to remote memory  

Science Conference Proceedings (OSTI)

Performance of large memory applications degrades rapidly once the system hits the physical memory limit and starts paging to local disk. We present the design, implementation and evaluation of Distributed Anemone (Adaptive Network Memory Engine) ...

Michael R. Hines; Jian Wang; Kartik Gopalan

2006-12-01T23:59:59.000Z

397

Social Vulnerability to Coastal and Inland Flood Hazards: A Comparison of GIS-Based Spatial Interpolation Methods  

Science Conference Proceedings (OSTI)

Previous research on exposure to flood hazards suggests that individuals characterized by low social vulnerability are more likely to reside in coastal flood hazard zones than individuals of higher social vulnerability, but few studies have examined ... Keywords: Areal Interpolation, Coastal Hazards, Dasymetric Mapping, Environmental Justice, Flood, Geographic Information Systems GIS, Risk, Vulnerability

Marilyn C. Montgomery, Jayajit Chakraborty

2013-07-01T23:59:59.000Z

398

Shape memory polymer actuator and catheter  

SciTech Connect

An actuator system is provided for acting upon a material in a vessel. The system includes an optical fiber and a shape memory polymer material operatively connected to the optical fiber. The shape memory polymer material is adapted to move from a first shape for moving through said vessel to a second shape where it can act upon said material.

Maitland, Duncan J. (Pleasant Hill, CA); Lee, Abraham P. (Walnut Creek, CA); Schumann, Daniel L. (Concord, CA); Matthews, Dennis L. (Moss Beach, CA); Decker, Derek E. (Byron, CA); Jungreis, Charles A. (Pittsburgh, PA)

2007-11-06T23:59:59.000Z

399

Quantifying Dynamic Stability of Genetic Memory Circuits  

Science Conference Proceedings (OSTI)

Bistability/Multistability has been found in many biological systems including genetic memory circuits. Proper characterization of system stability helps to understand biological functions and has potential applications in fields such as synthetic biology. ... Keywords: Dynamic stability, genetic memory, gene circuit, dynamic noise margin.

Yong Zhang; Peng Li; Garng Huang

2012-05-01T23:59:59.000Z

400

Memory Fault Modeling Trends: A Case Study  

Science Conference Proceedings (OSTI)

In recent years, embedded memories are the fastest growing segment of system on chip. They therefore have a major impact on the overall Defect per Million (DPM). Further, the shrinking technologies and processes introduce new defects that cause previously ... Keywords: data backgrounds, dynamic faults, fault coverage, fault models, memory tests, static faults

Said Hamdioui; Rob Wadsworth; John Delos Reyes; Ad J. Van De Goor

2004-06-01T23:59:59.000Z

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

Optimizing memory accesses for spatial computation  

Science Conference Proceedings (OSTI)

In this paper we present the internal representation and optimizations used by the CASH compiler for improving the memory parallelism of pointer-based programs. CASH uses an SSA-based representation for memory, which compactly summarizes both control-flow-and ...

Mihai Budiu; Seth C. Goldstein

2003-03-01T23:59:59.000Z

402

Optimum LDPC decoder: a memory architecture problem  

Science Conference Proceedings (OSTI)

This paper addresses a frequently overlooked problem: designing a memory architecture for an LDPC decoder. We analyze the requirements to support the codes defined in the IEEE 802.11n and 802.16e standards. We show a design methodology for a flexible ... Keywords: LDPC codes, low power architectures, memory optimization

Erick Amador; Renaud Pacalet; Vincent Rezard

2009-07-01T23:59:59.000Z

403

DOE - Office of Legacy Management -- Memorial Hospital - NY 0...  

Office of Legacy Management (LM)

Memorial Hospital - NY 0-16 FUSRAP Considered Sites Site: MEMORIAL HOSPITAL (NY.0-16 ) Eliminated from consideration under FUSRAP Designated Name: Not Designated Alternate Name:...

404

Crystallographic Boundary in a Magnetic Shape Memory Material  

NLE Websites -- All DOE Office Websites (Extended Search)

Home Science Highlights Science Briefs Crystallographic Boundary in a Magnetic Shape Memory Material Crystallographic Boundary in a Magnetic Shape Memory Material Print...

405

Rebuilding it Better: Greensburg, Kansas, Kiowa County Memorial...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

it Better: Greensburg, Kansas, Kiowa County Memorial Hospital (Brochure) (Revised) Rebuilding it Better: Greensburg, Kansas, Kiowa County Memorial Hospital (Brochure) (Revised)...

406

Improving Organizational Memories Through User Feedback  

E-Print Network (OSTI)

The benefits of an organizational memory are ultimately determined by the usefulness of the organizational memory as perceived by its users. Therefore, an improvement of an organizational memory should be measured in the added perceived usefulness. Unfortunately, the perceived usefulness has many impact factors (e.g., the precision of the user query, the urgency with which the user needs information, the coverage of the underlying knowledge base, the quality of the schema used to store knowledge, and the quality of the implementation). Hence, it is difficult to identify good starting points for improvement. This paper presents the goal-oriented method OMI (Organizational Memory Improvement) for improving an organizational memory incrementally from the user's point of view. It has been developed through several case studies and consists of a general usage model, a set of indicators for improvement potential, and a cause-effect model. At each step of the general usage model of OMI, pro...

Klaus-Dieter Althoff; Markus Nick; Carsten Tautz

1999-01-01T23:59:59.000Z

407

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather This report-part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process established under Executive Order 13514 and to advance the U.S. Department of Energy's goal of promoting energy security-examines current and potential future impacts of these climate trends on the U.S. energy sector. Report updated July 16, 2013. Explore an interactive map that shows where climate change has already impacted the energy sector. US Energy Sector Vulnerabilities to Climate Change More Documents & Publications

408

A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

A Busy Year Securing Vulnerable Nuclear Material and Making the A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer January 7, 2011 - 6:22pm Addthis John Schueler John Schueler Former New Media Specialist, Office of Public Affairs This holiday season was certainly a busy one for the National Nuclear Security Administration (NNSA). While many Americans were off completing last minute Christmas shopping and spending time with loved ones, the team at NNSA was working around the clock to secure over 50 kilograms of highly enriched uranium from three sites in the Ukraine. As part of President Obama's ambitious plan to secure all vulnerable nuclear material around the world in four years, NNSA assisted in repatriating the dangerous

409

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: MySQL User Login Security Bypass and Unspecified 8: MySQL User Login Security Bypass and Unspecified Vulnerability U-188: MySQL User Login Security Bypass and Unspecified Vulnerability June 12, 2012 - 7:00am Addthis PROBLEM: A security issue and vulnerability have been reported in MySQL PLATFORM: MySQL 5.x ABSTRACT: An error when verifying authentication attempts can be exploited to bypass the authentication mechanism. Reference LINKS: Original Advisory CVE-2012-2122 Secunia Advisory 49409 IMPACT ASSESSMENT: High Discussion: Successful exploitation of this vulnerability requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc). NOTE: Vendor binaries are reportedly not affected. The security issue is reported in versions prior to 5.1.63 and 5.5.25.

410

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

411

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

412

U-117: Potential security vulnerability has been identified with certain HP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Potential security vulnerability has been identified with 7: Potential security vulnerability has been identified with certain HP printers and HP digital senders U-117: Potential security vulnerability has been identified with certain HP printers and HP digital senders March 5, 2012 - 7:00am Addthis PROBLEM: The vulnerability could be exploited remotely to install unauthorized printer firmware. PLATFORM: Select HP printers and Digital Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. reference LINKS: Vendor Advisory CVE-2011-4161 Previous JC3 Advisory Bulletin IMPACT ASSESSMENT: High Discussion: The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx;

413

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

414

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Stack Overflow Vulnerabilities 2: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

415

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

416

T-668: Vulnerability in a BlackBerry Enterprise Server component could  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in a BlackBerry Enterprise Server component 8: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service July 14, 2011 - 7:20am Addthis PROBLEM: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service PLATFORM: Affected Software >> BlackBerry Enterprise Server (BES) version(s) 5.0.0 for API/MS Exchange (Admin API Option Only), BES/Express version 5.0.2 & 5.0.3 IBM Lotus Domino , BES 5.0.1, 5.0.2 & 5.0.3 for MS Exchange, IBM Lotus Domino, BlackBerry Enterprise Server versions 5.0.1 for GroupWise ABSTRACT: This advisory describes a security issue in the BlackBerry Administration

417

V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ownCloud Cross-Site Scripting and File Upload 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

418

U-151: Bugzilla Cross-Site Request Forgery Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Bugzilla Cross-Site Request Forgery Vulnerability 51: Bugzilla Cross-Site Request Forgery Vulnerability U-151: Bugzilla Cross-Site Request Forgery Vulnerability April 19, 2012 - 8:15am Addthis PROBLEM: A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. reference LINKS: Vendor Advisory Secunia Advisory 48835 CVE-2012-0465 CVE-2012-0466 IMPACT ASSESSMENT: Medium Discussion: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery of a valid user password. An attacker can get access to some bug information using the victim's

419

U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

28: Microsoft Windows win32k.sys TrueType Font Parsing 28: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability November 7, 2011 - 8:15am Addthis PROBLEM: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability. PLATFORM: Microsoft Windows 7 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows Storage Server 2003 Microsoft Windows Vista Microsoft Windows XP Home Edition Microsoft Windows XP Professional ABSTRACT: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. reference LINKS:

420

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather This report-part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process established under Executive Order 13514 and to advance the U.S. Department of Energy's goal of promoting energy security-examines current and potential future impacts of these climate trends on the U.S. energy sector. Report updated July 16, 2013. Explore an interactive map that shows where climate change has already impacted the energy sector. US Energy Sector Vulnerabilities to Climate Change More Documents & Publications

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

Title draft: Complexity and vulnerability of Smartgrid systems Elizaveta Kuznetsova1  

E-Print Network (OSTI)

1 Title draft: Complexity and vulnerability of Smartgrid systems Elizaveta Kuznetsova1 , Keith of Smartgrids. Typical characteristics of complex systems, such as self-organization, emergence, chaotic behavior and evolution, are considered with respect to Smartgrids as future energy infrastructures

422

Minutes of the 7th Meeting of the Livermore Vulnerability Committee  

SciTech Connect

This memorandum provides the minutes of the 7th meeting of the Livermore Vulnerability Committee. The Laboratory commitments in the Tapestry experiment, with particular reference to those experiments proposed in the Polaris MK 2 and the Minuteman MK 2 programs.

Germain, L.

1965-05-26T23:59:59.000Z

423

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

202: Apple QuickTime Multiple Stack Overflow Vulnerabilities 202: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

424

Assessment of chemical vulnerabilities in the Hanford high-level waste tanks  

SciTech Connect

The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

Meacham, J.E. [and others

1996-02-15T23:59:59.000Z

425

V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: GnuTLS TLS Record Decoding Denial of Service Vulnerability 7: GnuTLS TLS Record Decoding Denial of Service Vulnerability V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability May 30, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in GnuTLS PLATFORM: GnuTLS 2.x ABSTRACT: A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) REFERENCE LINKS: Secunia Advisory SA53600 GnuTLS Library GNUTLS-SA-2013-2 CVE-2013-2116 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an out-of-bounds read error within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c and can be exploited to cause a crash of the application using the library. IMPACT: Possible DoS SOLUTION: Vendor recommends applying Patch or upgrading to Version 3.x

426

V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP StoreOnce D2D Backup Systems Denial of Service 6: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability August 24, 2013 - 3:45am Addthis PROBLEM: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: HP StoreOnce D2D Backup Systems 1.x, HP StoreOnce D2D Backup Systems 2.x ABSTRACT: The vulnerability is reported in versions 2.2.18 and prior and 1.2.18 and prior. REFERENCE LINKS: Secunia Advisory SA54598 CVE-2013-2353 IMPACT ASSESSMENT: Moderate DISCUSSION: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further

427

U-171: DeltaV Products Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

71: DeltaV Products Multiple Vulnerabilities 71: DeltaV Products Multiple Vulnerabilities U-171: DeltaV Products Multiple Vulnerabilities May 17, 2012 - 7:00am Addthis PROBLEM: DeltaV Products Multiple Vulnerabilities PLATFORM: DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 DeltaV ProEssentials Scientific Graph version 5.0.0.6 ABSTRACT: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference LINKS: Secunia Advisory SA49210 CVE-2012-1814 CVE-2012-1815 CVE-2012-1816 CVE-2012-1817 CVE-2012-1818 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and

428

U-115: Novell GroupWise Client Address Book Processing Buffer Overflow  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Novell GroupWise Client Address Book Processing Buffer 5: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability March 2, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in in Novell GroupWise Client. PLATFORM: versions 8.0 through 8.02 HP3. ABSTRACT: The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address. reference LINKS: Vendor Advisory Secunia Advisory 48199 CVE-2011-4189 IMPACT ASSESSMENT: High Discussion: The GroupWise 8 Client for Windows is vulnerable to an exploit where a malformed address book could cause heap memory corruption, which could lead to remote code execution under the privilege of the user that opened the

429

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

June 12, 2013 June 12, 2013 V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code A vulnerability was reported in Adobe Flash Player. June 10, 2013 V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files A vulnerability was reported in RSA Authentication Manager. June 5, 2013 V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks Several vulnerabilities were reported in Apple Safari. June 4, 2013 V-170: Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability A vulnerability has been reported in Apache Subversion. June 3, 2013 V-169: Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow

430

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4, 2011 4, 2011 U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. September 30, 2011 T-731:Symantec IM Manager Code Injection Vulnerability Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. September 29, 2011 T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. September 29, 2011 T-729: Mozilla Code Installation Through Holding Down Enter

431

A Quantum Information Retrieval Approach to Memory  

E-Print Network (OSTI)

As computers approach the physical limits of information storable in memory, new methods will be needed to further improve information storage and retrieval. We propose a quantum inspired vector based approach, which offers a contextually dependent mapping from the subsymbolic to the symbolic representations of information. If implemented computationally, this approach would provide exceptionally high density of information storage, without the traditionally required physical increase in storage capacity. The approach is inspired by the structure of human memory and incorporates elements of Gardenfors' Conceptual Space approach and Humphreys et al.'s matrix model of memory.

Kirsty Kitto; Peter Bruza; Liane Gabora

2013-10-11T23:59:59.000Z

432

Crystallographic attributes of a shape-memory alloy  

SciTech Connect

Shape-memory alloys are attractive for many potential applications. In an attempt to provide ideas and guidelines for the development of new shape-memory alloys, this paper reports on a series of investigations that examine the reasons in the crystallography that made (i) shape-memory alloys special amongst martensites and (ii) Nickel-Titanium special among shape-memory alloys.

Bhattacharya, K. [California Inst. of Tech., Pasadena, CA (United States). Div. of Engineering and Applied Science

1999-01-01T23:59:59.000Z

433

L6: Memory Hierarchy Optimization III, Bandwidth Optimization  

E-Print Network (OSTI)

wherever there are capacity limitations ­ Between grids if total data exceeds global memory capacity will "spill" data to local memory · Local memory ­ Deals with capacity limitations of registers and shared ­ Across thread blocks if shared data exceeds shared memory capacity (also to partition computation across

Hall, Mary W.

434

Journal of Experimental Psychology: Learning, Memory, and Cognition  

E-Print Network (OSTI)

explicit and implicit tests of memory (for reviews, see Graf & Masson, 1993; Lewandosky, Dunn, & Kirsner

Shimamura, Arthur P.

435

Persistent systems techniques in forensic acquisition of memory  

Science Conference Proceedings (OSTI)

In this paper we discuss how operating system design and implementation influence the methodology for computer forensics investigations, with the focus on forensic acquisition of memory. In theory the operating system could support such investigations ... Keywords: Computer forensics, Memory acquisition, Memory forensics, Memory persistence, Persistent operating systems

Ewa Huebner; Derek Bem; Frans Henskens; Mark Wallis

2007-09-01T23:59:59.000Z

436

Memory energy management for an enterprise decision support system  

Science Conference Proceedings (OSTI)

Energy efficiency is an important factor in designing and configuring enterprise servers. In these servers, memory may consume 40% of the total system power. Different memory configurations (sizes, numbers of ranks, speeds, etc.) can have significant ... Keywords: memory power management, power-aware memory

Karthik Kumar; Kshitij Doshi; Martin Dimitrov; Yung-Hsiang Lu

2011-08-01T23:59:59.000Z

437

Architecting phase change memory as a scalable dram alternative  

Science Conference Proceedings (OSTI)

Memory scaling is in jeopardy as charge storage and sensing mechanisms become less reliable for prevalent memory technologies, such as DRAM. In contrast, phase change memory (PCM) storage relies on scalable current and thermal mechanisms. To exploit ... Keywords: dram alternative, endurance, energy, pcm, performance, phase change memory, power, scalability

Benjamin C. Lee; Engin Ipek; Onur Mutlu; Doug Burger

2009-06-01T23:59:59.000Z

438

Cork: dynamic memory leak detection for garbage-collected languages  

Science Conference Proceedings (OSTI)

A memory leak in a garbage-collected program occurs when the program inadvertently maintains references to objects that it no longer needs. Memory leaks cause systematic heap growth, degrading performance and resulting in program crashes after ... Keywords: dynamic, garbage collection, memory leak detection, memory leaks, runtime analysis

Maria Jump; Kathryn S. McKinley

2007-01-01T23:59:59.000Z

439

Characterizing the Memory Behavior of Compiler-Parallelized Applications  

Science Conference Proceedings (OSTI)

AbstractżCompiler-parallelized applications are increasing in importance as moderate-scale multiprocessors become common. This paper evaluates how features of advanced memory systems (e.g., longer cache lines) impact memory system behavior for applications ... Keywords: Parallelizing compilers, memory hierarchies, shared-memory multiprocessors, cache performance, false and true sharing, parallelism granularity.

Evan Torrie; Margaret Martonosi; Chau-Wen Tseng; Mary W. Hall

1996-12-01T23:59:59.000Z

440

Dynamic tracking of page miss ratio curve for memory management  

Science Conference Proceedings (OSTI)

Memory can be efficiently utilized if the dynamic memory demands of applications can be determined and analyzed at run-time. The page miss ratio curve(MRC), i.e. page miss rate vs. memory size curve, is a good performance-directed metric to serve this ... Keywords: memory management, power management, resource allocation

Pin Zhou; Vivek Pandey; Jagadeesan Sundaresan; Anand Raghuraman; Yuanyuan Zhou; Sanjeev Kumar

2004-12-01T23:59:59.000Z

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

Shared Memory Programming in Metacomputing Environments: The Global Array Approach  

Science Conference Proceedings (OSTI)

The performance of the Global Array shared-memory nonuniform memory-access programming model is explored in a wide-area-network (WAN) distributed supercomputer environment. The Global Array model is extended by introducing a concept of mirrored arrays ... Keywords: Metacomputing, NUMA memory architecture, distributed arrays, global arrays, shared-memory programming

Jarek Nieplocha; Robert Harrison

1997-10-01T23:59:59.000Z

442

On Working Memory: Its organization and capacity limits  

E-Print Network (OSTI)

64 iii 6.2 Working memory capacity10 1.4 Capacity limits of workingcapacity . . . . . . . . . . . . . . . . . . . . . . . . . .

Lara, Antonio Homero

2010-01-01T23:59:59.000Z

443

Why Has the Land Memory Changed?  

Science Conference Proceedings (OSTI)

The “land memory” refers to an interseasonal predictability of the summer monsoon rainfall in the southwestern United States, describing a relationship of the summer monsoon rainfall anomaly with anomalies in the antecedent winter season snow and ...

Qi Hu; Song Feng

2004-08-01T23:59:59.000Z

444

The Neural Substrate of Orientation Working Memory  

Science Conference Proceedings (OSTI)

We have used positron emission tomography (PET) to identify the neural substrate of two major cognitive components of working memory (WM), maintenance and manipulation of a single elementary visual attribute, i.e., the orientation of a grating presented ...

L. Cornette; P. Dupont; E. Salmon; Guy A. Orban

2001-08-01T23:59:59.000Z

445

30 days to a more powerful memory  

Science Conference Proceedings (OSTI)

With phones ringing off the hook, constantly changing to-do lists, and increasingly complicated schedules, having a good memory has become more important than ever. Drawing on the latest research from cognitive experts and psychologists, 30 Days to a ...

Gini Scott

2007-04-01T23:59:59.000Z

446

Revisiting parallel rendering for shared memory machines  

Science Conference Proceedings (OSTI)

Increasing the core count of CPUs to increase computational performance has been a significant trend for the better part of a decade. This has led to an unprecedented availability of large shared memory machines. Programming paradigms and systems are ...

B. Nouanesengsy; J. Ahrens; J. Woodring; H. Shen

2011-04-01T23:59:59.000Z

447

Commercialization of germanium based nanocrystal memory  

E-Print Network (OSTI)

This thesis explores the commercialization of germanium-based nanocrystal memories. Demand for smaller and faster electronics and embedded systems supports the development of high-density, low-power non-volatile electronic ...

Seow, Kian Chiew

2007-01-01T23:59:59.000Z

448

A strategy of memory : Suzhou, China  

E-Print Network (OSTI)

The thesis is trying to establish a strategy of memory for the urban preservation of old cities, like Suzhou, within the context of the rapid growing economy in Southern China. The general attitude towards the problem ...

Chang, Ping Hung

1995-01-01T23:59:59.000Z

449

Cultural differences on the children's memory scale  

E-Print Network (OSTI)

Memory is an essential component for learning. Deficits in verbal short-term memory (STM) and working memory (WM) are thought to hinder language learning, reading acquisition, and academic achievement. The Children’s Memory Scale (CMS) is an assessment instrument used to identify memory and learning deficits and strengths in children ages five through 16. This study investigated the impact of culture and parent educational level (PEL) on student performance on the Children’s Memory Scale using the CMS standardization data. The major question addressed was: Will CMS subtest performance differ significantly between ethnic groups or as a function of PEL? The results of this study support a relationship between STM and WM performance and culture. Culture as defined by ethnicity minimally impacted student subtest performance on the CMS when PEL was taken into account. In contrast, PEL was significantly associated with student subtest performance within each ethnic group. Student subtest performance improved with each increase in PEL regardless of ethnicity. CMS subtest performance of Hispanic and African American students was most affected by PEL; however, no difference occurred in subtest performance by ethnicity or as a function of PEL for African American and Hispanic students on the Family Pictures subtest which examines visual and auditory memory processes through recall of everyday life tasks in meaningful context. Although statistical significance was found between CMS subtest performance and cultural factors, the effect sizes were mainly in the small range and variance was not specific to any one subtest. Larger effect sizes were found on verbal subtests which in previous studies have been found to be most impacted by quality of schooling and lower PELs. Mean score differences did not exceed one standard deviation with the exception of one subtest. The results of this study provide a better understanding of the effect of culture and PEL on memory and learning.

Cash, Deborah Dyer

2007-08-01T23:59:59.000Z

450

Distributed trace using central performance counter memory  

SciTech Connect

A plurality of processing cores, are central storage unit having at least memory connected in a daisy chain manner, forming a daisy chain ring layout on an integrated chip. At least one of the plurality of processing cores places trace data on the daisy chain connection for transmitting the trace data to the central storage unit, and the central storage unit detects the trace data and stores the trace data in the memory co-located in with the central storage unit.

Satterfield, David L.; Sexton, James C.

2013-01-22T23:59:59.000Z

451

Distributed trace using central performance counter memory  

Science Conference Proceedings (OSTI)

A plurality of processing cores, are central storage unit having at least memory connected in a daisy chain manner, forming a daisy chain ring layout on an integrated chip. At least one of the plurality of processing cores places trace data on the daisy chain connection for transmitting the trace data to the central storage unit, and the central storage unit detects the trace data and stores the trace data in the memory co-located in with the central storage unit.

Satterfield, David L; Sexton, James C

2013-10-22T23:59:59.000Z

452

Electoral Corruption in Developing Democracies  

E-Print Network (OSTI)

Results . . . . . 5.2 Venezuela . . . . . . . . .5.2.1Results for each Forensic Analysis in Mexico, Venezuela andelections in Venezuela. . . . . . . . . . . . . . . . . . .

Cantu, Francisco

453

V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities May 17, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in BlackBerry Tablet OS PLATFORM: BlackBerry Tablet OS 2.x ABSTRACT: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53453 Blackberry Security Advisory KB34161 CVE-2012-5248 CVE-2012-5249 CVE-2012-5250 CVE-2012-5251 CVE-2012-5252 CVE-2012-5253 CVE-2012-5254 CVE-2012-5255 CVE-2012-5256 CVE-2012-5257 CVE-2012-5258 CVE-2012-5259 CVE-2012-5260 CVE-2012-5261 CVE-2012-5262 CVE-2012-5263 CVE-2012-5264 CVE-2012-5265

454

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: eXtplorer "ext_find_user()" Authentication Bypass 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug. IMPACT: An error within the "ext_find_user()" function in users.php can be

455

V-080: Apple iOS Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apple iOS Multiple Vulnerabilities 0: Apple iOS Multiple Vulnerabilities V-080: Apple iOS Multiple Vulnerabilities January 30, 2013 - 12:56am Addthis PROBLEM: Apple iOS Multiple Vulnerabilities PLATFORM: Apple iOS 6.x for iPhone 3GS and later Apple iOS for iPad 6.x Apple iOS for iPod touch 6.x ABSTRACT: Two security issues and multiple vulnerabilities have been reported in Apple iOS REFERENCE LINKS: Article: HT5642 APPLE-SA-2013-01-28-1 iOS 6.1 Software Update Secunia Advisory SA52002 CVE-2011-3058 CVE-2012-2619 CVE-2012-2824 CVE-2012-2857 CVE-2012-2889 CVE-2012-3606 CVE-2012-3607 CVE-2012-3621 CVE-2012-3632 CVE-2012-3687 CVE-2012-3701 CVE-2013-0948 CVE-2013-0949 CVE-2013-0950 CVE-2013-0951 CVE-2013-0952 CVE-2013-0953 CVE-2013-0954 CVE-2013-0955 CVE-2013-0956 CVE-2013-0958 CVE-2013-0959 CVE-2013-0962 CVE-2013-0963 CVE-2013-0964

456

Memory access scheduling and binding considering energy minimization in multi-bank memory systems  

Science Conference Proceedings (OSTI)

Memory-related activity is one of the major sources of energy consumption in embedded systems. Many types of memories used in embedded systems allow multiple operating modes (e.g., active, standby, nap, power-down) to facilitate energy saving. Furthermore, ... Keywords: binding, low energy design, scheduling

Chun-Gi Lyuh; Taewhan Kim

2004-06-01T23:59:59.000Z

457

Shape memory system with integrated actuation using embedded particles  

SciTech Connect

A shape memory material with integrated actuation using embedded particles. One embodiment provides a shape memory material apparatus comprising a shape memory material body and magnetic pieces in the shape memory material body. Another embodiment provides a method of actuating a device to perform an activity on a subject comprising the steps of positioning a shape memory material body in a desired position with regard to the subject, the shape memory material body capable of being formed in a specific primary shape, reformed into a secondary stable shape, and controllably actuated to recover the specific primary shape; including pieces in the shape memory material body; and actuating the shape memory material body using the pieces causing the shape memory material body to be controllably actuated to recover the specific primary shape and perform the activity on the subject.

Buckley, Patrick R. (New York, NY); Maitland, Duncan J. (Pleasant Hill, CA)

2009-09-22T23:59:59.000Z

458

Shape memory system with integrated actuation using embedded particles  

DOE Patents (OSTI)

A shape memory material with integrated actuation using embedded particles. One embodiment provides a shape memory material apparatus comprising a shape memory material body and magnetic pieces in the shape memory material body. Another embodiment provides a method of actuating a device to perform an activity on a subject comprising the steps of positioning a shape memory material body in a desired position with regard to the subject, the shape memory material body capable of being formed in a specific primary shape, reformed into a secondary stable shape, and controllably actuated to recover the specific primary shape; including pieces in the shape memory material body; and actuating the shape memory material body using the pieces causing the shape memory material body to be controllably actuated to recover the specific primary shape and perform the activity on the subject.

Buckley, Patrick R. (New York, NY); Maitland, Duncan J. (Pleasant Hill, CA)

2012-05-29T23:59:59.000Z

459

V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

177: VMware vCenter Chargeback Manager File Upload Handling 177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability June 13, 2013 - 6:00am Addthis PROBLEM: vCenter Chargeback Manager Remote Code Execution PLATFORM: VMware vCenter Chargeback Manager 2.x ABSTRACT: The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution REFERENCE LINKS: Secunia Advisory SA53798 VMWare Security Advisory VMSA-2013-0008 CVE-2013-3520 IMPACT ASSESSMENT: Medium DISCUSSION: The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely. IMPACT: System Access SOLUTION: Vendor recommends updating to version 2.5.1

460

Local Implications of Globally Restricted Mobility: A study of Queenstown’s vulnerability to peak oil and climate change.  

E-Print Network (OSTI)

??This thesis employs a case study approach to investigate local implications of globally restricted mobility by examining Queenstown’s vulnerability to peak oil and climate change.… (more)

Walsh, Tim

2011-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

Compile-Time Compaction Of Traces For Memory Simulation  

E-Print Network (OSTI)

This thesis examines compile-time compaction of program execution traces. It presents a new method for compacting traces for memory simulation. Further, it describes a tool prototype that implements the method. Experiments with the tool prototype show that the new method reduces the time needed in simulating the operation of memories. Memory simulation is needed in the performance analysis and in the design of programs. In high performance applications, the data transfer between different layers of memory is one of the main bottlenecks. A program execution trace is a list of memory references. Using traces as simulation inputs is a flexible way of analyzing the memory perfor...

Vesa Hirvisalo; Vesa Hirvisalo; Dr. Tech Esko Nuutila

1998-01-01T23:59:59.000Z

462

Department of Energy Plutonium ES&H Vulnerability Assessment Savannah River Site interim compensatory measures  

Science Conference Proceedings (OSTI)

The Savannah River Site (SRS) has recently completed a self-assessment of potential vulnerabilities associated with plutonium and other transuranic materials stored at the site. An independent Working Group Assessment Team (WGAT) appointed by DOE/ES&H also performed an independent assessment, and reviewed and validated the site self-assessment. The purpose of this report is to provide a status of interim compensatory measures at SRS to address hazards in advance of any corrective actions. ES&H has requested this status for all vulnerabilities ranked medium or higher with respect to potential consequences to workers, environment, and the public.

Bickford, W.E.

1994-09-15T23:59:59.000Z

463

The capacity of hybrid quantum memory  

E-Print Network (OSTI)

The general stable quantum memory unit is a hybrid consisting of a classical digit with a quantum digit (qudit) assigned to each classical state. The shape of the memory is the vector of sizes of these qudits, which may differ. We determine when N copies of a quantum memory A embed in N(1+o(1)) copies of another quantum memory B. This relationship captures the notion that B is as at least as useful as A for all purposes in the bulk limit. We show that the embeddings exist if and only if for all p >= 1, the p-norm of the shape of A does not exceed the p-norm of the shape of B. The log of the p-norm of the shape of A can be interpreted as the maximum of S(\\rho) + H(\\rho)/p (quantum entropy plus discounted classical entropy) taken over all mixed states \\rho on A. We also establish a noiseless coding theorem that justifies these entropies. The noiseless coding theorem and the bulk embedding theorem together say that either A blindly bulk-encodes into B with perfect fidelity, or A admits a state that does not visibly bulk-encode into B with high fidelity. In conclusion, the utility of a hybrid quantum memory is determined by its simultaneous capacity for classical and quantum entropy, which is not a finite list of numbers, but rather a convex region in the classical-quantum entropy plane.

Greg Kuperberg

2002-03-21T23:59:59.000Z

464

Organic Data Memory using the DNA Approach  

Science Conference Proceedings (OSTI)

A data preservation problem looms large behind today's information superhighway. During the prehistoric age, humans preserved their knowledge by engraving bones and rocks. About two millenniums ago, people invented paper and started writing and publishing. In today?s electronic age, we use magnetic media and silicon chips to store our data. But bones and rocks erode, paper disintegrates, and electronic memory simply loses its contents into thin air. All these storage media require constant attention to maintain their information content. All of them can easily be destroyed intentionally or accidentally by people or natural disasters. With the large amount of information generated by our society every day, it is time to think of a new generation of data memory. In an effort to search for an inexpensive and lasting data memory, scientists at the Pacific Northwest National Laboratory (PNNL) have investigated the use of deoxyribonucleic acid--commonly known as DNA--as an information storage medium since 1998. The ambitious goal is to develop a data memory technology that has a life expectancy much longer than any of the existing ones. The creation of our initial DNA memory prototype consists of four major steps: encoding meaningful information as artificial DNA sequences, transforming the sequences to living organisms, allowing the organisms to grow and multiply, and eventually extracting the information back from the organisms. This article describes the objective of our investigation, followed by a brief description of our recent experiments and several potential applications being considered at PNNL.

Wong, Pak C.; Wong, Kwong K.; Foote, Harlan P.

2003-01-01T23:59:59.000Z

465

U-175: Linux Kernel KVM Memory Slot Management Flaw  

Energy.gov (U.S. Department of Energy (DOE))

A vulnerability was reported in the Linux Kernel. A local user on the guest operating system can cause denial of service conditions on the host operating system.

466

Memorandum Memorializing Ex Parte Communication, DOE impending  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Memorandum Memorializing Ex Parte Communication, DOE impending Memorandum Memorializing Ex Parte Communication, DOE impending determination of coverage for commercial and industrial fans, blowers, and fume hoods. Memorandum Memorializing Ex Parte Communication, DOE impending determination of coverage for commercial and industrial fans, blowers, and fume hoods. The meeting was requested by AMCA International to introduce the association's leadership, standards, and experience in developing fan standards to DOE; to learn more about the DOE process for developing regulations for fan efficiency standards; and to inform DOE on how commercial and industrial fan markets work. AMCA_Ex_Parte.pdf More Documents & Publications DOE-STD-1168-2013 DOE Meeting Memorandum: Ex Parte Communications Independent Oversight Review, Savannah River Site - August 2011

467

REMEM: REmote MEMory as Checkpointing Storage  

SciTech Connect

Checkpointing is a widely used mechanism for supporting fault tolerance, but notorious in its high-cost disk access. The idea of memory-based checkpointing has been extensively studied in research but made little success in practice due to its complexity and potential reliability concerns. In this study we present the design and implementation of REMEM, a REmote MEMory checkpointing system to extend the checkpointing storage from disk to remote memory. A unique feature of REMEM is that it can be integrated into existing disk-based checkpointing systems seamlessly. A user can flexibly switch between REMEM and disk as checkpointing storage to balance the efficiency and reliability. The implementation of REMEM on Open MPI is also introduced. The experimental results confirm that REMEM and the proposed adaptive checkpointing storage selection are promising in both performance, reliability and scalability.

Jin, Hui [Illinois Institute of Technology; Sun, Xian-He [Illinois Institute of Technology; Chen, Yong [ORNL; Ke, Tao [Illinois Institute of Technology

2010-01-01T23:59:59.000Z

468

Profile Guided Load Marking for Memory Renaming  

E-Print Network (OSTI)

Memory operations remain a significant bottleneck in dynamically scheduled pipelined processors, due in part to the inability to statically determine the existence of memory address dependencies. Hardware memory renaming techniques have been proposed which predict which stores a load might be dependent upon. These prediction techniques can be used to speculatively forward a value from a predicted store dependency to a load through a value prediction table; however, these techniques require large and time-consuming hardware tables. In this paper we propose a software-guided approach for identifying dependencies between store and load instructions and the Load Marking (LM) architecture to communicate these dependencies to the hardware. Compiler analysis and profiles are used to find important store/load relationships, and these relationships are identified during execution via hints or an n-bit tag. For those loads that are not marked for renaming, we then use additional profiling inform...

Glenn Reinman; Brad Calder; Dean Tullsen; Gary Tyson; Todd Austin

1998-01-01T23:59:59.000Z

469

Home-based Shared Virtual Memory  

E-Print Network (OSTI)

In this dissertation, I investigate how to improve the performance of shared virtual memory (SVM) by examining consistency models, protocols, hardware support and applications. The main conclusion of this research is that the performance of shared virtual memory can be significantly improved when performance-enhancing techniques from all these areas are combined. This dissertation proposes home-based lazy release consistency as a simple, effective, and scalable way to build shared virtual memory systems. In home-based protocols each shared page has a home to which all writes are propagated and from which all copies are derived. Two home-based protocols are described, implemented and evaluated on two hardware and software platforms: Automatic Update Release Consistency (AURC), which requires hardware support for fine-grained remote writes (automatic updates), and Homebased Lazy Release Consistency (HLRC), which is implemented exclusively in software. The dissertation investigates the ...

Liviu Iftode

1998-01-01T23:59:59.000Z

470

DIODE STEERED MANGETIC-CORE MEMORY  

DOE Patents (OSTI)

A word-arranged magnetic-core memory is designed for use in a digital computer utilizing the reverse or back current property of the semi-conductor diodes to restore the information in the memory after read-out. In order to ob tain a read-out signal from a magnetic core storage unit, it is necessary to change the states of some of the magnetic cores. In order to retain the information in the memory after read-out it is then necessary to provide a means to return the switched cores to their states before read-out. A rewrite driver passes a pulse back through each row of cores in which some switching has taken place. This pulse combines with the reverse current pulses of diodes for each column in which a core is switched during read-out to cause the particular cores to be switched back into their states prior to read-out. (AEC)

Melmed, A.S.; Shevlin, R.T.; Laupheimer, R.

1962-09-18T23:59:59.000Z

471

Memory device using movement of protons  

DOE Patents (OSTI)

An electrically written memory element utilizing the motion of protons within a dielectric layer surrounded by layers on either side to confine the protons within the dielectric layer with electrode means attached to the surrounding layers to change the spatial position of the protons within the dielectric layer. The device is preferably constructed as a silicon-silicon dioxide-silicon layered structure with the protons being introduced to the structure laterally through the exposed edges of the silicon dioxide layer during a high temperature anneal in an atmosphere containing hydrogen gas. The device operates at low power, is preferably nonvolatile, is radiation tolerant, and is compatible with convention silicon MOS processing for integration with other microelectronic elements on the same silicon substrate. With the addition of an optically active layer, the memory element becomes an electrically written, optically read optical memory element.

Warren, William L. (Albuquerque, NM); Vanheusden, Karel J. R. (Albuquerque, NM); Fleetwood, Daniel M. (Albuquerque, NM); Devine, Roderick A. B. (St. Martin le Vinoux, FR)

2000-01-01T23:59:59.000Z

472

Estimating Local Memory of Tropical Cyclones through MPI Anomaly Evolution  

Science Conference Proceedings (OSTI)

This study examines the local memory of atmospheric and oceanic changes associated with a tropical cyclone (TC). The memory is quantified through anomalous maximum potential intensity (MPI) evolution for 20 days prior to the arrival of a TC ...

Robert E. Hart; Ryan N. Maue; Michael C. Watson

2007-12-01T23:59:59.000Z

473

Speedy transactions in multicore in-memory databases  

Science Conference Proceedings (OSTI)

Silo is a new in-memory database that achieves excellent performance and scalability on modern multicore machines. Silo was designed from the ground up to use system memory and caches efficiently. For instance, it avoids all centralized contention points, ...

Stephen Tu, Wenting Zheng, Eddie Kohler, Barbara Liskov, Samuel Madden

2013-11-01T23:59:59.000Z

474

Design and Implementation of High Speed Memory in 130 nm  

Science Conference Proceedings (OSTI)

This paper deals with the design and analysis of high speed SRAM memory using ATD (Address Transition Detector) technique in 130 nm with the capacitive load of the memory is 5pF

Sampath Kumar; Arti Noor; Sanjay Kr. Singh

2010-01-01T23:59:59.000Z

475

Dynamic Memory Optimization using Pool Allocation and Prefetching  

E-Print Network (OSTI)

Heap memory allocation plays an important role in modern applications. Conventional heap allocators, however, generally ignore the underlying memory hierarchy of the system, favoring instead a low runtime overhead and fast ...

Zhao, Qin

476

Clotho: decoupling memory page layout from storage organization  

Science Conference Proceedings (OSTI)

As database application performance depends on the utilization of the memory hierarchy, smart data placement plays a central role in increasing locality and in improving memory utilization. Existing techniques, however, do not optimize accesses to all ...

Minglong Shao; Jiri Schindler; Steven W. Schlosser; Anastassia Ailamaki; Gregory R. Ganger

2004-08-01T23:59:59.000Z

477

Teapot: language support for writing memory coherence protocols  

Science Conference Proceedings (OSTI)

Recent shared-memory parallel computer systems offer the exciting possibility of customizing memory coherence protocols to fit an application's semantics and sharing patterns. Custom protocols have been used to achieve message-passing performance---while ...

Satish Chandra; Brad Richards; James R. Larus

1996-05-01T23:59:59.000Z

478

Intellectual property strategy : analysis of the flash memory industry  

E-Print Network (OSTI)

This thesis studies the intellectual property strategy of companies in the flash memory industry, with special emphasis on technology and the development of nitride-based flash, a new and emerging type of memory technology. ...

Ogura, Tomoko H

2006-01-01T23:59:59.000Z

479

THE FOUNDATION, INC. THE ALLEN SHACKELFORD AIFD MEMORIAL SCHOLARSHIP FUND  

E-Print Network (OSTI)

THE FOUNDATION, INC. THE ALLEN SHACKELFORD AIFD MEMORIAL SCHOLARSHIP FUND THE EULALAH OVERMEYER of an application for scholarship under The Allen Shackelford AIFD Memorial Scholarship Fund, The Eulalah Overmeyer

Schweik, Charles M.

480

Shape Memory Behavior of Heat Treated Ni60Ti40 (wt%)  

Science Conference Proceedings (OSTI)

About this Abstract. Meeting, Materials Science & Technology 2011. Symposium, Shape Memory Alloys. Presentation Title, Shape Memory Behavior of Heat ...

Note: This page contains sample records for the topic "memory corruption vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


481

Energy Sector Vulnerable to Climate Change, U.S. Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

Energy Sector Vulnerable to Climate Change, U.S. Department of Energy Report Says Print E-mail Energy Sector Vulnerable to Climate Change, U.S. Department of Energy Report Says Print E-mail President Obama Announces His Climate Action Plan Friday, July 26, 2013 Featured by DOE, a member of the U.S. Global Change Research Program In his speech at Georgetown University last month, President Obama referred to our nation's vulnerabilities to climate change, underscoring how Hurricane Sandy and other climate-related disasters serve as wake-up calls. These extreme weather events as well as changes in temperature and water availability - all related to our changing climate - are disrupting the ways we generate, distribute, and consume energy, according to a new report released by the US Department of Energy. The U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather report examines current and potential future impacts of these climate trends on the U.S. energy sector.

482

U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Cisco IOS IPSec IKE Unspecified Denial of Service 8: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability April 2, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco IOS XE 2.1.x Cisco IOS XE 2.2.x Cisco IOS XE 2.3.x Cisco IOS XE 2.4.x Cisco IOS XE 2.5.x Cisco IOS XE 2.6.x Cisco IOS XE 3.1.x Cisco IOS XE 3.3.x ABSTRACT: The IKEv1 feature of Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected device. REFERENCE LINKS: Vendor Advisory Secunia Advisory SA48607 CVE-2012-0381 iMPACT ASSESSMENT: High discussion: The March 28, 2012, Cisco IOS Software Secur