National Library of Energy BETA

Sample records for memory corruption vulnerability

  1. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  2. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  3. T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

  4. V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June...

  5. T-627: Adobe Flash Player Memory Corruption | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    27: Adobe Flash Player Memory Corruption T-627: Adobe Flash Player Memory Corruption May 20, 2011 - 2:50pm Addthis PROBLEM: Adobe Flash Player Memory Corruption, Denial Of Service, Execute Code PLATFORM: Windows, Mac OS X, Linux, and Solaris ABSTRACT: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as

  6. V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Execute Arbitrary Code | Department of Energy 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS:

  7. V-228: RealPlayer Buffer Overflow and Memory Corruption Error...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute ... Lets Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid ...

  8. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G.; Pedretti, Kevin Thomas Tauke; Mueller, Frank; Fiala, David; Brightwell, Ronald Brian

    2012-05-01

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  9. U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  10. T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.

  11. U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems.

  12. U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.

  13. V-214: Mozilla Firefox Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors....

  14. T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 5: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code January 28, 2011 - 7:21am Addthis PROBLEM: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code. PLATFORM: RealPlayer 14.0.1 and prior versions ABSTRACT: A vulnerability was reported in RealPlayer. A remote user can

  15. V-105: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    navigation handling. 3) An error in Web Audio can be exploited to cause memory corruption. 4) A use-after-free error exists in SVG animations. 5) An error in Indexed DB can...

  16. Memory Considerations

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Memory Considerations Memory Considerations Memory Usage Considerations on Franklin Each Franklin compute node has 8 GB (8192 MB) of physical memory, but, not all that memory is...

  17. Memory Considerations

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Memory Considerations Memory Considerations Memory Usage Considerations on Hopper Most Hopper compute nodes have 32 GB of physical memory, but, not all that memory is available to...

  18. T-550: Apache Denial of Service Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption).

  19. Lessons about vulnerability assessments.

    SciTech Connect (OSTI)

    Johnston, R. G.

    2004-01-01

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.

  20. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    a critical vulnerability that allows for remote code execution June 12, 2013 V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code A...

  1. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    a critical vulnerability that allows for remote code execution June 12, 2013 V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code A...

  2. Memory Considerations

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Memory Considerations Memory Considerations Memory Usage Considerations on Edison Edison compute nodes have 64 GB of physical memory (2.67GB per core), but not all the memory is available to user programs. Compute Node Linux (the kernel), the Lustre file system software, and message passing library buffers all consume memory, as does loading the executable into the memory. Thus the precise memory available to an application varies. Approximately 61 GB of memory can be allocated from within an

  3. Memory Considerations

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Memory Considerations Memory Considerations Memory Usage Considerations on Franklin Each Franklin compute node has 8 GB (8192 MB) of physical memory, but, not all that memory is available to user programs. Compute Node Linux (the kernel), the Lustre file system software, and message passing library buffers all consume memory, as does loading the executable into memory. Thus the precise memory available to an application varies, approximately 7566 MB (7.38 GB) of memory can be allocated from

  4. Memory Considerations

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Memory Considerations Memory Considerations Memory Usage Considerations on Hopper Most Hopper compute nodes have 32 GB of physical memory, but, not all that memory is available to user programs. Compute Node Linux (the kernel), the Lustre file system software, and message passing library buffers all consume memory, as does loading the executable into memory. Thus the precise memory available to an application varies. Approximately 31 GB of memory can be allocated from within an MPI program using

  5. Conducting business under the Foreign Corrupt Practices Act

    SciTech Connect (OSTI)

    Ittig, J.

    1982-07-01

    The Foreign Corrupt Practices Act inhibits many businesses conducting international transactions. Although the Senate has proposed revisions to the FCPA to alleviate some of the handicaps of U.S. citizens doing business abroad, the House of Representatives has yet to approve a bill. This study identifies the critical interpretive problems, and suggests protective measures a company can take to avoid problems until the FCPA is amended.

  6. Mechanical memory

    DOE Patents [OSTI]

    Gilkey, Jeffrey C.; Duesterhaus, Michelle A.; Peter, Frank J.; Renn, Rosemarie A.; Baker, Michael S.

    2006-08-15

    A first-in-first-out (FIFO) microelectromechanical memory apparatus (also termed a mechanical memory) is disclosed. The mechanical memory utilizes a plurality of memory cells, with each memory cell having a beam which can be bowed in either of two directions of curvature to indicate two different logic states for that memory cell. The memory cells can be arranged around a wheel which operates as a clocking actuator to serially shift data from one memory cell to the next. The mechanical memory can be formed using conventional surface micromachining, and can be formed as either a nonvolatile memory or as a volatile memory.

  7. Mechanical memory

    DOE Patents [OSTI]

    Gilkey, Jeffrey C.; Duesterhaus, Michelle A.; Peter, Frank J.; Renn, Rosemarie A.; Baker, Michael S.

    2006-05-16

    A first-in-first-out (FIFO) microelectromechanical memory apparatus (also termed a mechanical memory) is disclosed. The mechanical memory utilizes a plurality of memory cells, with each memory cell having a beam which can be bowed in either of two directions of curvature to indicate two different logic states for that memory cell. The memory cells can be arranged around a wheel which operates as a clocking actuator to serially shift data from one memory cell to the next. The mechanical memory can be formed using conventional surface micromachining, and can be formed as either a nonvolatile memory or as a volatile memory.

  8. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor

  9. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  10. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  11. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs Advanced

  12. Memory Considerations

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Memory Considerations Memory Considerations Overview Carver login nodes each have 48GB of ... Furthermore, since Carver nodes have no disk, the "root" file system (including tmp) is ...

  13. Climate Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Vulnerabilities Climate Vulnerabilities The Energy Sector's Vulnerabilities to Climatic Conditions x Impacts Due to... Increasing Temperatures Decreasing Water Availability Increasing Storms, Flooding, and Sea Level Rise See All Impacts Map locations are approximate. Find out more about this data here. Click and drag the map to read about each location

  14. Memory Considerations

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Memory Considerations Memory Considerations Overview Carver login nodes each have 48GB of physical memory. Most compute nodes have 24GB; however, 80 compute nodes have 48GB. Not all of this memory is available to user processes. Some memory is reserved for the Linux kernel. Furthermore, since Carver nodes have no disk, the "root" file system (including /tmp) is kept in memory ("ramdisk"). The kernel and root file system combined occupy about 4GB of memory. Therefore users

  15. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the

  16. Regional Climate Vulnerabilities and Resilience Solutions | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Regional Climate Vulnerabilities and Resilience Solutions Regional Climate Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please ...

  17. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability...

  18. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  19. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  20. Detecting Silent Data Corruption for Extreme-Scale Applications through Data Mining

    SciTech Connect (OSTI)

    Bautista-Gomez, Leonardo; Cappello, Franck

    2014-01-16

    Supercomputers allow scientists to study natural phenomena by means of computer simulations. Next-generation machines are expected to have more components and, at the same time, consume several times less energy per operation. These trends are pushing supercomputer construction to the limits of miniaturization and energy-saving strategies. Consequently, the number of soft errors is expected to increase dramatically in the coming years. While mechanisms are in place to correct or at least detect some soft errors, a significant percentage of those errors pass unnoticed by the hardware. Such silent errors are extremely damaging because they can make applications silently produce wrong results. In this work we propose a technique that leverages certain properties of high-performance computing applications in order to detect silent errors at the application level. Our technique detects corruption solely based on the behavior of the application datasets and is completely application-agnostic. We propose multiple corruption detectors, and we couple them to work together in a fashion transparent to the user. We demonstrate that this strategy can detect the majority of the corruptions, while incurring negligible overhead. We show that with the help of these detectors, applications can have up to 80% of coverage against data corruption.

  1. U-115: Novell GroupWise Client Address Book Processing Buffer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    is vulnerable to an exploit where a malformed address book could cause heap memory corruption, which could lead to remote code execution under the privilege of the user that...

  2. T-540: Sybase EAServer Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information.

  3. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  4. V-131: Adobe Shockwave Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system

  5. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  6. V-208: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system.

  7. U-169: Sympa Multiple Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.

  8. V-224: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in...

  9. V-121: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

  10. V-207: Wireshark Multiple Denial of Service Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

  11. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  12. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  13. Assessing the Security Vulnerabilities of Correctional Facilities

    SciTech Connect (OSTI)

    Morrison, G.S.; Spencer, D.S.

    1998-10-27

    The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

  14. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

  15. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  16. NSTB Summarizes Vulnerable Areas | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    NSTB Summarizes Vulnerable Areas Experts at the National SCADA Test Bed (NSTB) discovered ... Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems ...

  17. US Energy Sector Vulnerabilities to Climate Change

    Broader source: Energy.gov (indexed) [DOE]

    Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND ... and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). ...

  18. Vulnerability Analysis of Energy Delivery Control Systems

    Broader source: Energy.gov (indexed) [DOE]

    ... Attackers can search for vulnerabilities in firewalls, ... organization, measured in terms of confidentiality, ... in which an adversary can enter the system and potentially ...

  19. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E.

    1996-10-01

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  20. Genepool Memory Heatmaps

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Genepool Memory Heatmaps Heatmap of Memory and Slots Requested vs Time Waited (in hours) | Queue: All | Last 7 Days Memory Requested Slots <5GB 5-10GB 10-20GB 20-30GB 30-40GB...

  1. U-179: IBM Java 7 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  2. Optical memory

    DOE Patents [OSTI]

    Mao, Samuel S; Zhang, Yanfeng

    2013-07-02

    Optical memory comprising: a semiconductor wire, a first electrode, a second electrode, a light source, a means for producing a first voltage at the first electrode, a means for producing a second voltage at the second electrode, and a means for determining the presence of an electrical voltage across the first electrode and the second electrode exceeding a predefined voltage. The first voltage, preferably less than 0 volts, different from said second voltage. The semiconductor wire is optically transparent and has a bandgap less than the energy produced by the light source. The light source is optically connected to the semiconductor wire. The first electrode and the second electrode are electrically insulated from each other and said semiconductor wire.

  3. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier; Duarte, Oscar; Requena, Ignacio; Zamorano, Montserrat

    2012-01-15

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  4. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

  5. U-273: Multiple vulnerabilities have been reported in Wireshark

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  6. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities The objective of safeguards is the timely detection of ...

  7. V-111: Multiple vulnerabilities have been reported in Puppet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerable system. SOLUTION: Update to a fixed version. Addthis Related Articles V-090: Adobe Flash Player AIR Multiple Vulnerabilities V-083: Oracle Java Multiple...

  8. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-191: Oracle Java Multiple Vulnerabilities U-105:Oracle Java SE Critical Patch Update Advisory T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities...

  9. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment AgencyCompany Organization Climate and Development...

  10. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment (Redirected from CDKN-Colombia-Cartagena Vulnerability Assessment) Jump to: navigation, search Name Colombia-CDKN-Cartagena...

  11. OLADE-Central America Climate Change Vulnerability Program |...

    Open Energy Info (EERE)

    Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program AgencyCompany Organization Latin...

  12. India-Vulnerability Assessment and Enhancing Adaptive Capacities...

    Open Energy Info (EERE)

    Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

  13. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  14. Potential Vulnerability of US Petroleum Refineries to Increasing...

    Energy Savers [EERE]

    Potential Vulnerability of US Petroleum Refineries to Increasing Water Temperature andor Reduced Water Availability Potential Vulnerability of US Petroleum Refineries to ...

  15. V-094: IBM Multiple Products Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple ...

  16. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Technical Report: Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities You are accessing a document from the ...

  17. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  18. V-126: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system

  19. V-187: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  20. V-097: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  1. Extra-Large Memory Nodes

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Extra-Large Memory Nodes Extra-Large Memory Nodes Extra-Large Memory Nodes Overview Carver has two "extra-large" memory nodes; each node has four 8-core Intel X7550 ("Nehalem EX")...

  2. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  3. U-173: Symantec Web Gateway Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system.

  4. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  5. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  6. Measuring and Understanding Memory Bandwidth

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Measuring and Understanding Memory Bandwidth Measuring and Understanding Memory Bandwidth Measuring Bandwidth Usage Measuring memory bandwidth is a good way of understanding how well your application uses cache memory. Today's processors are constructed under the assumption that a small amount of (expensive) fast memory - called "cache" - is used more often than a larger amount of slower memory (DRAM). The extent to which this assumption applies to your code is referred to as memory

  7. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  8. Shape memory polymers

    DOE Patents [OSTI]

    Wilson, Thomas S.; Bearinger, Jane P.

    2015-06-09

    New shape memory polymer compositions, methods for synthesizing new shape memory polymers, and apparatus comprising an actuator and a shape memory polymer wherein the shape memory polymer comprises at least a portion of the actuator. A shape memory polymer comprising a polymer composition which physically forms a network structure wherein the polymer composition has shape-memory behavior and can be formed into a permanent primary shape, re-formed into a stable secondary shape, and controllably actuated to recover the permanent primary shape. Polymers have optimal aliphatic network structures due to minimization of dangling chains by using monomers that are symmetrical and that have matching amine and hydroxyl groups providing polymers and polymer foams with clarity, tight (narrow temperature range) single transitions, and high shape recovery and recovery force that are especially useful for implanting in the human body.

  9. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system

  10. T-731:Symantec IM Manager Code Injection Vulnerability | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code...

  11. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security...

  12. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X...

  13. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  14. Myrmics Memory Allocator

    Energy Science and Technology Software Center (OSTI)

    2011-09-23

    MMA is a stand-alone memory management system for MPI clusters. It implements a shared Partitioned Global Address Space, where multiple MPI processes request objects from the allocator and the latter provides them with system-wide unique memory addresses for each object. It provides applications with an intuitive way of managing the memory system in a unified way, thus enabling easier writing of irregular application code.

  15. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 74: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT

  16. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 0: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin

  17. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  18. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

  19. Vulnerability Analysis of Energy Delivery Control Systems (September 2011)

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems (September 2011) The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides recommendations for vendors and owners of those systems to identify and reduce those risks. Vulnerability Analysis of Energy Delivery Control Systems (September 2011) (2.69 MB)

  20. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability

  1. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: IBM Lotus Expeditor Multiple Vulnerabilities U-198: IBM Lotus Expeditor Multiple Vulnerabilities June 25, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus Expeditor. PLATFORM: IBM Lotus Expeditor 6.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.. Reference Links: Vendor Advisory

  2. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  3. U-013: HP Data Protector Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

  4. V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system

  5. T-564: Vulnerabilities in Citrix Licensing administration components

    Broader source: Energy.gov [DOE]

    The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

  6. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  7. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  8. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection

  9. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs

  10. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  11. COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS Jason Stamp, John Dillinger, and William Young Networked Systems Survivability and Assurance Department Jennifer DePoy Information Operations Red Team & Assessments Department Sandia National Laboratories Albuquerque, NM 87185-0785 22 May 2003 (2 nd edition, revised 11 November 2003) Copyright © 2003, Sandia Corporation. All rights reserved. Permission is granted to display, copy, publish, and distribute this document in its

  12. Using on-package memory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    on-package memory Using on-package memory Introduction The NERSC-8 system will include a novel feature on its node architecture: 16 GB of high-bandwidth 3D stacked memory...

  13. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591

  14. Shape memory polymers (Patent) | DOEPatents

    Office of Scientific and Technical Information (OSTI)

    polymers Title: Shape memory polymers New shape memory polymer compositions, methods for ... Sponsoring Org: USDOE Country of Publication: United States Language: English Subject: 36 ...

  15. Computer memory management system

    DOE Patents [OSTI]

    Kirk, III, Whitson John

    2002-01-01

    A computer memory management system utilizing a memory structure system of "intelligent" pointers in which information related to the use status of the memory structure is designed into the pointer. Through this pointer system, The present invention provides essentially automatic memory management (often referred to as garbage collection) by allowing relationships between objects to have definite memory management behavior by use of coding protocol which describes when relationships should be maintained and when the relationships should be broken. In one aspect, the present invention system allows automatic breaking of strong links to facilitate object garbage collection, coupled with relationship adjectives which define deletion of associated objects. In another aspect, The present invention includes simple-to-use infinite undo/redo functionality in that it has the capability, through a simple function call, to undo all of the changes made to a data model since the previous `valid state` was noted.

  16. Vulnerability Analysis of Energy Delivery Control Systems

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the

  17. The Unobtrusive Memory Allocator

    Energy Science and Technology Software Center (OSTI)

    2003-03-31

    This library implements a memory allocator/manager which ask its host program or library for memory refions to manage rather than requesting them from the operating system. This allocator supports multiple distinct heaps within a single executable, each of which may grow either upward or downward in memory. The GNU mmalloc library has been modified in such a way that its allocation algorithms have been preserved, but the manner in which it obtains regions to managemore » has been changed to request memory from the host program or library. Additional modifications allow the allocator to manage each heap as either upward or downward-growing. By allowing the hosting program or library to determine what memory is managed, this package allows a greater degree of control than other memory allocation/management libraries. Additional distinguishing features include the ability to manage multiple distinct heaps with in a single executable, each of which may grow either upward or downward in memory. The most common use of this library is in conjunction with the Berkeley Unified Parallel C (UPC) Runtime Library. This package is a modified version of the LGPL-licensed "mmalloc" allocator from release 5.2 of the "gdb" debugger's source code.« less

  18. Using on-package memory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    on-package memory Using on-package memory Introduction The NERSC-8 system will include a novel feature on its node architecture: 16 GB of high-bandwidth 3D stacked memory interposed between the KNL chip and the slower off-package DDR memory. Compared to the on-node DDR4 memory, the high-bandwidth memory (HBM) has approximately 5x the bandwidth but has similar latency. This new feature has the potential to accelerate those applications which are particularly sensitive to memory bandwidth limits.

  19. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan

    2014-01-15

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts

  20. U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player

  1. T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

  2. Top 10 Vulnerabilities of Control Systems and Their Associated Migitations

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2006) | Department of Energy Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. Top 10 Vulnerabilities of

  3. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of Indian Energy report assesses climate change and extreme weather vulnerabilities specific to tribal energy infrastructure and systems in the contiguous United States and Alaska. It includes information about the impacts from climate change and extreme weather events on both onsite and offsite

  4. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors

  5. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides practices that can help mitigate the potential risks that can occur to some electricity sector organizations. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED

  6. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

  7. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

  8. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

  9. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  10. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    :"","inlineLabel":"","visitedicon":"" Display map Period 2011-2014 References EU Smart Grid Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency...

  11. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

  12. V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    source code repository Addthis Related Articles V-222: SUSE update for Filezilla V-157: Adobe Reader Acrobat Multiple Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws...

  13. GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material...

    National Nuclear Security Administration (NNSA)

    GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material May 29, 2014 GTRI's Remove Program works around the world to remove excess nuclear and radiological materials ...

  14. V-107: Wireshark Multiple Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  15. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Mitigations for Security Vulnerabilities Found in Control System Networks (425.98 KB) More Documents & Publications Cyber Assessment Methods for SCADA Security Introduction SCADA ...

  16. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Introduction SCADA Security for Managers and Operators DOE National SCADA Test Bed Program ...

  17. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems - 2011 Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

  18. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  19. U-172: OpenOffice.org Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

  20. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  1. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    France) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country France Coordinates...

  2. V-062: Asterisk Two Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

  3. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This ... States government or any agency thereof. energy.govindianenergy | indianenergy@hq.doe.go...

  4. V-082: Novell GroupWise Client Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

  5. U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

  6. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    on both onsite and offsite tribally owned and non-tribally owned energy infrastructure. ... Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  7. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct

  8. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton; Phillips, Cynthia A.

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  9. Costs of strikes between vulnerable missile forces

    SciTech Connect (OSTI)

    Canavan, G.H.

    1997-02-01

    This note derives the first and second strike magnitudes and costs for strikes between vulnerable missile forces with multiple warheads. The extension to mixes with invulnerable missiles is performed in a companion note. Stability increases as the number of weapons per missile is reduced. The optimal allocation of weapons between missiles and value is significant in predicting the stability impact of the reduction of the number of weapons per missile at large numbers of missiles, less significant in reducing the number of missiles for fixed weapons per missile. At low numbers of missiles, the stability indices for singlet and triplet configurations are comparable, as are the number of weapons each would deliver on value targets.

  10. MODELING UNDERGROUND STRUCTURE VULNERABILITY IN JOINTED ROCK

    SciTech Connect (OSTI)

    R. SWIFT; D. STEEDMAN

    2001-02-01

    The vulnerability of underground structures and openings in deep jointed rock to ground shock attack is of chief concern to military planning and security. Damage and/or loss of stability to a structure in jointed rock, often manifested as brittle failure and accompanied with block movement, can depend significantly on jointed properties, such as spacing, orientation, strength, and block character. We apply a hybrid Discrete Element Method combined with the Smooth Particle Hydrodynamics approach to simulate the MIGHTY NORTH event, a definitive high-explosive test performed on an aluminum lined cylindrical opening in jointed Salem limestone. Representing limestone with discrete elements having elastic-equivalence and explicit brittle tensile behavior and the liner as an elastic-plastic continuum provides good agreement with the experiment and damage obtained with finite-element simulations. Extending the approach to parameter variations shows damage is substantially altered by differences in joint geometry and liner properties.

  11. Extra-Large Memory Nodes

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Extra-Large Memory Nodes Extra-Large Memory Nodes Extra-Large Memory Nodes Overview Carver has two "extra-large" memory nodes; each node has four 8-core Intel X7550 ("Nehalem EX") 2.0 GHz processors (32 cores total) and 1TB memory. These nodes are available through the queue "reg_xlmem". They can be used for interactive and batch jobs that require large amount of memory (16GB per core or more). reg_xlmem queue Please refer to the "Queues and Policies" page

  12. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  13. Shape memory polymer medical device

    DOE Patents [OSTI]

    Maitland, Duncan; Benett, William J.; Bearinger, Jane P.; Wilson, Thomas S.; Small, IV, Ward; Schumann, Daniel L.; Jensen, Wayne A.; Ortega, Jason M.; Marion, III, John E.; Loge, Jeffrey M.

    2010-06-29

    A system for removing matter from a conduit. The system includes the steps of passing a transport vehicle and a shape memory polymer material through the conduit, transmitting energy to the shape memory polymer material for moving the shape memory polymer material from a first shape to a second and different shape, and withdrawing the transport vehicle and the shape memory polymer material through the conduit carrying the matter.

  14. T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

  15. New 1 Terabyte Memory Node

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    New 1 Terabyte Memory Node New 1 Terabyte Memory Node June 17, 2011 by Francesca Verdier A new "extra large" memory node that has four 8-core Nehalem EX processors (32 cores total) and 1TB memory has been deployed in the Carver/Magellan complex. See Memory Considerations on Carver. Subscribe via RSS Subscribe Browse by Date August 2016 June 2016 May 2016 April 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 April 2015 March 2015 January

  16. U-191: Oracle Java Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes

  17. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  18. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J; Pleszkoch, Mark G; Sayre, Kirk D; Linger, Richard C

    2012-01-01

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  19. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis PROBLEM: Cisco Unified Communications Manager contains a vulnerability that could allow an authenticated, remote attacker to inject arbitrary script code on a targeted system. PLATFORM: Cisco Unified Communications Manager versions prior to 8.5(1), 8.0(3), 7.1(5)su1, and 6.1(5)su2 are

  20. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  1. Atomic memory access hardware implementations

    SciTech Connect (OSTI)

    Ahn, Jung Ho; Erez, Mattan; Dally, William J

    2015-02-17

    Atomic memory access requests are handled using a variety of systems and methods. According to one example method, a data-processing circuit having an address-request generator that issues requests to a common memory implements a method of processing the requests using a memory-access intervention circuit coupled between the generator and the common memory. The method identifies a current atomic-memory access request from a plurality of memory access requests. A data set is stored that corresponds to the current atomic-memory access request in a data storage circuit within the intervention circuit. It is determined whether the current atomic-memory access request corresponds to at least one previously-stored atomic-memory access request. In response to determining correspondence, the current request is implemented by retrieving data from the common memory. The data is modified in response to the current request and at least one other access request in the memory-access intervention circuit.

  2. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  3. U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

  4. T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.

  5. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  6. Method and apparatus for faulty memory utilization

    DOE Patents [OSTI]

    Cher, Chen-Yong; Andrade Costa, Carlos H.; Park, Yoonho; Rosenburg, Bryan S.; Ryu, Kyung D.

    2016-04-19

    A method for faulty memory utilization in a memory system includes: obtaining information regarding memory health status of at least one memory page in the memory system; determining an error tolerance of the memory page when the information regarding memory health status indicates that a failure is predicted to occur in an area of the memory system affecting the memory page; initiating a migration of data stored in the memory page when it is determined that the data stored in the memory page is non-error-tolerant; notifying at least one application regarding a predicted operating system failure and/or a predicted application failure when it is determined that data stored in the memory page is non-error-tolerant and cannot be migrated; and notifying at least one application regarding the memory failure predicted to occur when it is determined that data stored in the memory page is error-tolerant.

  7. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate...

  8. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  9. T-542: SAP Crystal Reports Server Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.

  10. V-173: Plesk 0-Day Vulnerability | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro...

  11. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 9.0 or update to version 8.5.3 Fix Pack 4 when available Addthis Related Articles T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service...

  12. U.S. Energy Sector Vulnerability Report | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support climate change preparedness and resilience planning -- and to advance the Energy Department's goal of promoting energy security -- the Department is assessing the threats of climate change and extreme weather to the Nation' energy system. Two reports have been released that examine the current and potential future impacts of climate change and extreme weather on the

  13. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 96: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can

  14. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  15. Shape memory alloy actuator

    DOE Patents [OSTI]

    Varma, Venugopal K.

    2001-01-01

    An actuator for cycling between first and second positions includes a first shaped memory alloy (SMA) leg, a second SMA leg. At least one heating/cooling device is thermally connected to at least one of the legs, each heating/cooling device capable of simultaneously heating one leg while cooling the other leg. The heating/cooling devices can include thermoelectric and/or thermoionic elements.

  16. Genepool Memory Heatmaps

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Genepool Memory Heatmaps Heatmap of Memory and Slots Requested vs Time Waited (in hours) | Queue: All | Last 7 Days Memory Requested Slots <5GB 5-10GB 10-20GB 20-30GB 30-40GB 40-50GB 50-100GB 100-150GB 150-200GB 200-256GB 256-512GB 512+GB Job Count Longest Wait 1 2.26 (2693) 10.5 (201167) 3.2 (11650) 0 1.75 (282) 1.49 (1627) 0.03 (1) 0 0 0 0 0 217420 538.96 2 0.26 (103) 1.02 (2817) 0 0 0 0 0 0 0 0 0 0 2920 9.1 4 1.55 (198) 1.48 (104) 0.34 (8) 0 0 0 1.86 (3) 0 0 0 0 0 313 20.48 6 0.01 (1) 0.09

  17. DOE Science Showcase - Shape-Memory Materials | OSTI, US Dept...

    Office of Scientific and Technical Information (OSTI)

    Shape-memory Materials, explainthatstuff.com Shape-memory Alloys, Wikipedia Shape-memory Polymers, Wikipedia Shape Memory Alloy demonstration, University of Birmingham, YouTube ...

  18. Shape memory polymers (Patent) | DOEPatents

    Office of Scientific and Technical Information (OSTI)

    polymers Title: Shape memory polymers You are accessing a document from the Department ... Sponsoring Org: USDOE Country of Publication: United States Language: English Subject: 36 ...

  19. Memory-2014-salishan.key

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    WHAT'S NEXT? Bruce Jacob University of Maryland SLIDE Your Next Memory System Bruce Jacob University of Maryland PERSPECTIVE: 1 Cost for 10 GB Power for 10 GB...

  20. Carlsbad employees fund veteran memorial

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    regional veterans by purchasing and placing their own remembrance. On November 12, a dedication ceremony will recognize newly placed memorials in the Park, including one from LANL...

  1. V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability

    Broader source: Energy.gov [DOE]

    The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution

  2. T-607: Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability.

  3. A multi-state magnetic memory dependent on the permeability of Metglas

    SciTech Connect (OSTI)

    Petrie, J. R.; Wieland, K. A.; Timmerwilke, J. M.; Burke, R. A.; Newburgh, G. A.; Fischer, G. A.; Edelstein, A. S.; Barron, S. C.; Burnette, J. E.

    2015-04-06

    A three-state magnetic memory was developed based on differences in the magnetic permeability of a soft ferromagnetic media, Metglas 2826MB (Fe{sub 40}Ni{sub 38}Mo{sub 4}B{sub 18}). By heating bits of a 250 nm thick Metglas film with 70–100 mW of laser power, we were able to tune the local microstructure, and hence, the permeability. Ternary memory states were created by using lower laser power to enhance the initial permeability through localized atomic rearrangement and higher power to reduce the permeability through crystallization. The permeability of the bits was read by detecting variations in an external 32 Oe probe field within 10 μm of the media via a magnetic tunnel junction read head. Compared to data based on remanent magnetization, these multi-permeability bits have enhanced insensitivity to unexpected field and temperature changes. We found that data was not corrupted after exposure to fields of 1 T or temperatures of 423 K, indicating the effectiveness of this multi-state approach for safely storing large amounts of data.

  4. Nanoparticle shuttle memory

    DOE Patents [OSTI]

    Zettl, Alex Karlwalter

    2012-03-06

    A device for storing data using nanoparticle shuttle memory having a nanotube. The nanotube has a first end and a second end. A first electrode is electrically connected to the first end of the nanotube. A second electrode is electrically connected to the second end of the nanotube. The nanotube has an enclosed nanoparticle shuttle. A switched voltage source is electrically connected to the first electrode and the second electrode, whereby a voltage may be controllably applied across the nanotube. A resistance meter is also connected to the first electrode and the second electrode, whereby the electrical resistance across the nanotube can be determined.

  5. Climate variability and climate change vulnerability and adaptation. Workshop summary

    SciTech Connect (OSTI)

    Bhatti, N.; Cirillo, R.R.; Dixon, R.K.

    1995-12-31

    Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

  6. U-054: Security Advisory for Adobe Reader and Acrobat

    Broader source: Energy.gov [DOE]

    This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows. Adobe Reader X Protected Mode and Acrobat X Protected View mitigations would prevent an exploit of this kind from executing.

  7. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT

  8. Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

  9. Shape memory alloy thaw sensors

    DOE Patents [OSTI]

    Shahinpoor, Mohsen; Martinez, David R.

    1998-01-01

    A sensor permanently indicates that it has been exposed to temperatures exceeding a critical temperature for a predetermined time period. An element of the sensor made from shape memory alloy changes shape when exposed, even temporarily, to temperatures above the Austenitic temperature of the shape memory alloy. The shape change of the SMA element causes the sensor to change between two readily distinguishable states.

  10. Shape memory polymer medical device (Patent) | DOEPatents

    Office of Scientific and Technical Information (OSTI)

    Shape memory polymer medical device Title: Shape memory polymer medical device A system for removing matter from a conduit. The system includes the steps of passing a transport ...

  11. Disorder-Induced Microscopic Magnetic Memory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Disorder-Induced Microscopic Magnetic Memory Disorder-Induced Microscopic Magnetic Memory Print Wednesday, 26 October 2005 00:00 The magnetic-recording industry deliberately...

  12. Memorandum Memorializing Ex Parte Communication | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Memorandum Memorializing Ex Parte Communication Memorandum Memorializing Ex Parte Communication On March 31, 2011, a call was held between the Department of Energy and...

  13. Memorandum Memorializing Ex Parte Communication | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Memorandum Memorializing Ex Parte Communication More Documents & Publications Exelon response Memorandum Memorializing Ex Parte Communication CSC Workshop Transcript 02-20-2105

  14. Memorandum Memorializing Ex Parte Communication | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    PDF icon Memorandum Memorializing Ex Parte Communication More Documents & Publications Memorandum Memorializing Ex Parte Communication Public Comment re NOI on Convention on ...

  15. Energy Department Issues Tribal Energy System Vulnerabilities to Climate

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Change and Extreme Weather Report, $6M for Native American Clean Energy Projects | Department of Energy Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects Energy Department Issues Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects September 2, 2015 - 3:30pm Addthis NEWS MEDIA CONTACT 202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy

  16. ELECTROSTATIC MEMORY SYSTEM

    DOE Patents [OSTI]

    Chu, J.C.

    1958-09-23

    An improved electrostatic memory system is de scribed fer a digital computer wherein a plarality of storage tubes are adapted to operate in either of two possible modes. According to the present irvention, duplicate storage tubes are provided fur each denominational order of the several binary digits. A single discriminator system is provided between corresponding duplicate tubes to determine the character of the infurmation stored in each. If either tube produces the selected type signal, corresponding to binazy "1" in the preferred embodiment, a "1" is regenerated in both tubes. In one mode of operation each bit of information is stored in two corresponding tubes, while in the other mode of operation each bit is stored in only one tube in the conventional manner.

  17. Vulnerability of the US to future sea level rise

    SciTech Connect (OSTI)

    Gornitz, V. . Goddard Inst. for Space Studies); White, T.W.; Cushman, R.M. )

    1991-01-01

    The differential vulnerability of the conterminous United States to future sea level rise from greenhouse climate warming is assessed, using a coastal hazards data base. This data contains information on seven variables relating to inundation and erosion risks. High risk shorelines are characterized by low relief, erodible substrate, subsidence, shoreline retreat, and high wave/tide energies. Very high risk shorelines on the Atlantic Coast (Coastal Vulnerability Index {ge}33.0) include the outer coast of the Delmarva Peninsula, northern Cape Hatteras, and segments of New Jersey, Georgia and South Carolina. Louisiana and sections of Texas are potentially the most vulnerable, due to anomalously high relative sea level rise and erosion, coupled with low elevation and mobile sediments. Although the Pacific Coast is generally the least vulnerable, because of its rugged relief and erosion-resistant substrate, the high geographic variability leads to several exceptions, such as the San Joaquin-Sacramento Delta area, the barrier beaches of Oregon and Washington, and parts of the Puget Sound Lowlands. 31 refs., 2 figs., 3 tabs.

  18. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  19. Regulatory Guide on Conducting a Security Vulnerability Assessment

    SciTech Connect (OSTI)

    Ek, David R.

    2016-01-01

    This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

  20. Earthquake 'memory' could spur aftershocks

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    applied. More surprising still, the team found that the granular beads could store a "memory" even after the system had undergone a quake and the beads had rearranged themselves....

  1. Shape memory alloy thaw sensors

    DOE Patents [OSTI]

    Shahinpoor, M.; Martinez, D.R.

    1998-04-07

    A sensor permanently indicates that it has been exposed to temperatures exceeding a critical temperature for a predetermined time period. An element of the sensor made from shape memory alloy changes shape when exposed, even temporarily, to temperatures above the austenitic temperature of the shape memory alloy. The shape change of the SMA element causes the sensor to change between two readily distinguishable states. 16 figs.

  2. Remote direct memory access

    DOE Patents [OSTI]

    Archer, Charles J.; Blocksome, Michael A.

    2012-12-11

    Methods, parallel computers, and computer program products are disclosed for remote direct memory access. Embodiments include transmitting, from an origin DMA engine on an origin compute node to a plurality target DMA engines on target compute nodes, a request to send message, the request to send message specifying a data to be transferred from the origin DMA engine to data storage on each target compute node; receiving, by each target DMA engine on each target compute node, the request to send message; preparing, by each target DMA engine, to store data according to the data storage reference and the data length, including assigning a base storage address for the data storage reference; sending, by one or more of the target DMA engines, an acknowledgment message acknowledging that all the target DMA engines are prepared to receive a data transmission from the origin DMA engine; receiving, by the origin DMA engine, the acknowledgement message from the one or more of the target DMA engines; and transferring, by the origin DMA engine, data to data storage on each of the target compute nodes according to the data storage reference using a single direct put operation.

  3. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J; Fernandez, Steven J

    2014-01-01

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events

  4. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  5. U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.

  6. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Reader/Acrobat Multiple Vulnerabilities U-146: Adobe Reader/Acrobat Multiple Vulnerabilities April 12, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat. PLATFORM: Adobe Acrobat 9.x Adobe Acrobat X 10.x Adobe Reader 9.x Adobe Reader X 10.x ABSTRACT: Vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive

  7. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  8. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  9. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  10. Subsidence vulnerability in shallow room-and-pillar mines

    SciTech Connect (OSTI)

    Missavage, R.

    1985-07-01

    Concern over mining-related subsidence is inhibiting the development of surface land uses in previously mined areas and is constraining the recovery of coal resources in areas with established land uses that might be impacted by subsequent subsidence. The determination of subsidence vulnerability of mined-out areas (especially abandoned mine areas) can be a useful tool in the design and location of surface structures. A model has been developed for assessing subsidence vulnerability in shallow room-and-pillar mines based on the flexural rigidity and strength characteristics of the overlying strata. The model does not predict the subsidence profile or when the subsidence will occur. It only predicts those areas that are likely to subside. This paper briefly describes the model and its testing.

  11. Vulnerability, Sensitivity, and Coping/Adaptive Capacity Worldwide

    SciTech Connect (OSTI)

    Malone, Elizabeth L.; Brenkert, Antoinette L.

    2009-10-01

    Research and analyses have repeatedly shown that impacts of climate change will be unevenly distributed and will affect various societies in various ways. The severity of impacts will depend in part on ability to cope in the short term and adapt in the longer term. However, it has been difficult to find a comparative basis on which to assess differential impacts of climate change. This chapter describes the Vulnerability-Resilience Indicator Model that uses 18 proxy indicators, grouped into 8 elements, to assess on a quantitative basis the comparative potential vulnerability and resilience of countries to climate change. The model integrates socioeconomic and environmental information such as land use, crop production, water availability, per capita GDP, inequality, and health status. Comparative results for 160 countries are presented and analyzed.

  12. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  13. Agenda: Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  14. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  15. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This report was prepared as an account of work sponsored by an agency of the United States government. Neither the United States government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use

  16. Vulnerability Analysis of Energy Delivery Control Systems - 2011 |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The

  17. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  18. T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

  19. Temperature-based Instanton Analysis: Identifying Vulnerability in Transmission Networks

    SciTech Connect (OSTI)

    Kersulis, Jonas; Hiskens, Ian; Chertkov, Michael; Backhaus, Scott N.; Bienstock, Daniel

    2015-04-08

    A time-coupled instanton method for characterizing transmission network vulnerability to wind generation fluctuation is presented. To extend prior instanton work to multiple-time-step analysis, line constraints are specified in terms of temperature rather than current. An optimization formulation is developed to express the minimum wind forecast deviation such that at least one line is driven to its thermal limit. Results are shown for an IEEE RTS-96 system with several wind-farms.

  20. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6 by ISA - The Instrumentation, Systems and Automation Society. Presented at 16th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference; http://www.isa.org Mitigations for Security Vulnerabilities Found in Control System Networks May Permann John Hammer Computer Security Researcher Computer Security Researcher Communications & Cyber Security Communications & Cyber Security Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 Kathy

  1. Shape memory system with integrated actuation using embedded...

    Office of Scientific and Technical Information (OSTI)

    Shape memory system with integrated actuation using embedded particles Title: Shape memory system with integrated actuation using embedded particles A shape memory material with ...

  2. Shape memory system with integrated actuation using embedded...

    Office of Scientific and Technical Information (OSTI)

    One embodiment provides a shape memory material apparatus comprising a shape memory material body and magnetic pieces in the shape memory material body. Another embodiment provides ...

  3. Shape memory polymers (Patent) | SciTech Connect

    Office of Scientific and Technical Information (OSTI)

    Citation Details In-Document Search Title: Shape memory polymers New shape memory polymer compositions, methods for synthesizing new shape memory polymers, and apparatus comprising ...

  4. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  5. System and method for memory allocation in a multiclass memory system

    DOE Patents [OSTI]

    Loh, Gabriel; Meswani, Mitesh; Ignatowski, Michael; Nutter, Mark

    2016-06-28

    A system for memory allocation in a multiclass memory system includes a processor coupleable to a plurality of memories sharing a unified memory address space, and a library store to store a library of software functions. The processor identifies a type of a data structure in response to a memory allocation function call to the library for allocating memory to the data structure. Using the library, the processor allocates portions of the data structure among multiple memories of the multiclass memory system based on the type of the data structure.

  6. V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when

  7. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related

  8. Shape memory polymers (Patent) | SciTech Connect

    Office of Scientific and Technical Information (OSTI)

    Shape memory polymers Citation Details In-Document Search Title: Shape memory polymers New shape memory polymer compositions, methods for synthesizing new shape memory polymers, and apparatus comprising an actuator and a shape memory polymer wherein the shape memory polymer comprises at least a portion of the actuator. A shape memory polymer comprising a polymer composition which physically forms a network structure wherein the polymer composition has shape-memory behavior and can be formed into

  9. Taxonomy for Common-Cause Failure Vulnerability and Mitigation

    SciTech Connect (OSTI)

    Wood, Richard Thomas; Korsah, Kofi; Mullens, James Allen; Pullum, Laura L.

    2015-09-01

    Applying current guidance and practices for common-cause failure (CCF) mitigation to digital instrumentation and control (I&C) systems has proven problematic, and the regulatory environment has been unpredictable. The potential for CCF vulnerability inhibits I&C modernization, thereby challenging the long-term sustainability of existing plants. For new plants and advanced reactor concepts, concern about CCF vulnerability in highly integrated digital I&C systems imposes a design burden that results in higher costs and increased complexity. The regulatory uncertainty in determining which mitigation strategies will be acceptable (e.g., what diversity is needed and how much is sufficient) drives designers to adopt complicated, costly solutions devised for existing plants. To address the conditions that constrain the transition to digital I&C technology by the US nuclear industry, crosscutting research is needed to resolve uncertainty, demonstrate necessary characteristics, and establish an objective basis for qualification of digital technology for nuclear power plant (NPP) I&C applications. To fulfill this research need, Oak Ridge National Laboratory is investigating mitigation of CCF vulnerability for nuclear-qualified applications. The outcome of this research is expected to contribute to a fundamentally sound, comprehensive basis to qualify digital technology for nuclear power applications. This report documents the development of a CCF taxonomy. The basis for the CCF taxonomy was generated by determining consistent terminology and establishing a classification approach. The terminology is based on definitions from standards, guides, and relevant nuclear power industry technical reports. The classification approach is derived from identified classification schemes focused on I&C systems and key characteristics, including failure modes. The CCF taxonomy provides the basis for a systematic organization of key systems aspects relevant to analyzing the potential for

  10. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  11. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 | Princeton Plasma Physics Lab February 28, 2013, 4:15pm to 5:30pm Colloquia MBG Auditorium COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 Professor Nicholas K. Coch Queens College CUNY In the last two years. the

  12. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type

  13. Shape memory polymer foams for endovascular therapies

    DOE Patents [OSTI]

    Wilson, Thomas S.; Maitland, Duncan J.

    2015-05-26

    A system for occluding a physical anomaly. One embodiment comprises a shape memory material body wherein the shape memory material body fits within the physical anomaly occluding the physical anomaly. The shape memory material body has a primary shape for occluding the physical anomaly and a secondary shape for being positioned in the physical anomaly.

  14. Shape memory polymer foams for endovascular therapies

    DOE Patents [OSTI]

    Wilson, Thomas S.; Maitland, Duncan J.

    2012-03-13

    A system for occluding a physical anomaly. One embodiment comprises a shape memory material body wherein the shape memory material body fits within the physical anomaly occluding the physical anomaly. The shape memory material body has a primary shape for occluding the physical anomaly and a secondary shape for being positioned in the physical anomaly.

  15. Configurable memory system and method for providing atomic counting operations in a memory device

    DOE Patents [OSTI]

    Bellofatto, Ralph E.; Gara, Alan G.; Giampapa, Mark E.; Ohmacht, Martin

    2010-09-14

    A memory system and method for providing atomic memory-based counter operations to operating systems and applications that make most efficient use of counter-backing memory and virtual and physical address space, while simplifying operating system memory management, and enabling the counter-backing memory to be used for purposes other than counter-backing storage when desired. The encoding and address decoding enabled by the invention provides all this functionality through a combination of software and hardware.

  16. V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities

    Broader source: Energy.gov [DOE]

    This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

  17. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  18. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  19. Memory Optimization for Phase-field Simulations

    SciTech Connect (OSTI)

    Derek Gaston; John Peterson; Andrew Slaughter; Cody Permann; David Andrs

    2014-08-01

    Phase-field simulations are computationally and memory intensive applications. Many of the phase-field simulations being conducted in support of NEAMS were not capable of running on “normal clusters” with 2-4GB of RAM per core, and instead required specialized “big-memory” clusters with 64GB per core. To address this issue, the MOOSE team developed a new Python-based utility called MemoryLogger, and applied it to locate, diagnose, and eradicate memory bottlenecks within the MOOSE framework. MemoryLogger allows for a better understanding of the memory usage of an application being run in parallel across a cluster. Memory usage information is captured for every individual process in a parallel job, and communicated to the head node of the cluster. Console text output from the application itself is automatically matched with this memory usage information to produce a detailed picture of memory usage over time, making it straightforward to identify the subroutines which contribute most to the application’s peak memory usage. The information produced by the MemoryLogger quickly and effectively narrows the search for memory optimizations to the most data-intensive parts of the simulation.

  20. Shape memory alloy/shape memory polymer tools

    DOE Patents [OSTI]

    Seward, Kirk P.; Krulevitch, Peter A.

    2005-03-29

    Micro-electromechanical tools for minimally invasive techniques including microsurgery. These tools utilize composite shape memory alloy (SMA), shape memory polymer (SMP) and combinations of SMA and SMP to produce catheter distal tips, actuators, etc., which are bistable. Applications for these structures include: 1) a method for reversible fine positioning of a catheter tip, 2) a method for reversible fine positioning of tools or therapeutic catheters by a guide catheter, 3) a method for bending articulation through the body's vasculature, 4) methods for controlled stent delivery, deployment, and repositioning, and 5) catheters with variable modulus, with vibration mode, with inchworm capability, and with articulated tips. These actuators and catheter tips are bistable and are opportune for in vivo usage because the materials are biocompatible and convenient for intravascular use as well as other minimal by invasive techniques.

  1. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  2. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  3. V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the

  4. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory

  5. T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

  6. U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure

  7. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment...

    Broader source: Energy.gov (indexed) [DOE]

    PROBLEM: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. PLATFORM: * BlackBerry Enterprise Server Express version...

  8. V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service)

  9. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.

  10. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions...