Powered by Deep Web Technologies
Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

098: ISC BIND Deleted Domain Name Resolving Vulnerability 098: ISC BIND Deleted Domain Name Resolving Vulnerability U-098: ISC BIND Deleted Domain Name Resolving Vulnerability February 8, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ABSTRACT: The vulnerability is caused due to an error within the cache update policy. reference LINKS: Original Advisory Secunia Advisory SA47884 CVE-2012-1033 IMPACT ASSESSMENT: High Discussion: Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The

2

U-183: ISC BIND DNS Resource Records Handling Vulnerability ...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability U-038: BIND 9 Resolver crashes after logging an error in query.c T-617: BIND RPZ Processing Flaw Lets Remote Users...

3

National Vulnerability Database Full Vulnerability Listing  

Science Conference Proceedings (OSTI)

NVD Complete Vulnerability Listing. This web page contains direct links to every National Vulnerability Database vulnerability entry. ...

4

Argonne's Vulnerability  

NLE Websites -- All DOE Office Websites (Extended Search)

finding finding and fixing security flaws Argonne's Vulnerability assessment Team VAT researchers spend their workdays devising and demonstrating ways to defeat a wide variety of security devices, systems, and programs, ranging from electronic voting machines and global positioning systems (GPS) to nuclear safeguards programs and biometrics-based access control. This involves analyzing the security features, reverse-engineering the technology or

5

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Shockwave Player Multiple Vulnerabilities 1: Adobe Shockwave Player Multiple Vulnerabilities V-131: Adobe Shockwave Player Multiple Vulnerabilities April 11, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Shockwave Player PLATFORM: The vulnerabilities are reported in versions 12.0.0.112 and prior ABSTRACT: This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system REFERENCE LINKS: Secunia Advisory: SA52981 Adobe Security Bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385 CVE-2013-1386 IMPACT ASSESSMENT: High DISCUSSION: This update resolves : 1) A buffer overflow vulnerability that could lead to code execution 2) Memory corruption vulnerabilities that could lead to code execution 3) Memory leakage vulnerability that could be exploited to reduce the

6

Software Vulnerability Taxonomy Consolidation  

SciTech Connect

In today's environment, computers and networks are increasing exposed to a number of software vulnerabilities. Information about these vulnerabilities is collected and disseminated via various large publicly available databases such as BugTraq, OSVDB and ICAT. Each of these databases, individually, do not cover all aspects of a vulnerability and lack a standard format among them, making it difficult for end-users to easily compare various vulnerabilities. A central database of vulnerabilities has not been available until today for a number of reasons, such as the non-uniform methods by which current vulnerability database providers receive information, disagreement over which features of a particular vulnerability are important and how best to present them, and the non-utility of the information presented in many databases. The goal of this software vulnerability taxonomy consolidation project is to address the need for a universally accepted vulnerability taxonomy that classifies vulnerabilities in an unambiguous manner. A consolidated vulnerability database (CVDB) was implemented that coalesces and organizes vulnerability data from disparate data sources. Based on the work done in this paper, there is strong evidence that a consolidated taxonomy encompassing and organizing all relevant data can be achieved. However, three primary obstacles remain: lack of referencing a common ''primary key'', un-structured and free-form descriptions of necessary vulnerability data, and lack of data on all aspects of a vulnerability. This work has only considered data that can be unambiguously extracted from various data sources by straightforward parsers. It is felt that even with the use of more advanced, information mining tools, which can wade through the sea of unstructured vulnerability data, this current integration methodology would still provide repeatable, unambiguous, and exhaustive results. Though the goal of coalescing all available data, which would be of use to system administrators, software developers and vulnerability researchers is not yet achieved, this work has resulted in the most exhaustive collection of vulnerability data to date.

Polepeddi, S

2004-12-08T23:59:59.000Z

7

Quantifying software vulnerability  

Science Conference Proceedings (OSTI)

The technique known as ACE Analysis allows researchers to quantify a hardware structure's Architectural Vulnerability Factor (AVF) using simulation. This allows researchers to understand a hardware structure's vulnerability to soft errors and consider ... Keywords: fault tolerance, modeling, soft errors

Vilas Sridharan; David R. Kaeli

2008-05-01T23:59:59.000Z

8

Tornado Vulnerability in Texas  

Science Conference Proceedings (OSTI)

Tornado vulnerability depends on the incidence of and societal exposure to tornadoes for a particular location. This study assesses the vulnerability of Texas counties to tornadoes using tornado incidence and societal exposure composite scores. ...

Richard W. Dixon; Todd W. Moore

2012-01-01T23:59:59.000Z

9

NSTB Summarizes Vulnerable Areas  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Commonly Found in Energy Control Systems Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. The paper "Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems" describes the vulnerabilities and recommended strategies for mitigating them. It should be of use to asset owners and operators, control system vendors, system integrators, and third-party vendors interested in enhancing the security characteristics of current and future products.

10

V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability 3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability April 1, 2013 - 1:26am Addthis PROBLEM: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability PLATFORM: VMware ESX Server 4.x VMware ESXi 4.x VMware ESXi 5.x ABSTRACT: A vulnerability has been reported in VMware ESX and ESXi REFERENCE LINKS: VMware ESXi security update Secunia Advisory SA52844 CVE-2012-5134 IMPACT ASSESSMENT: High DISCUSSION: The ESXi userworld libxml2 library has been updated to resolve a security issue IMPACT: VMware ESX and ESXi can be exploited by malicious people to compromise a vulnerable system SOLUTION: The vendor has issued a fix, VMware ESXi 5.0, Patch Release ESXi500-201303001 (2044373) Addthis Related Articles U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets

11

Philosophy on Vulnerability Assessments  

NLE Websites -- All DOE Office Websites (Extended Search)

capabilities/vat/assess/ capabilities/vat/assess/ ARGONNE NATIONAL LABORATORY, Nuclear Engineering Division, 9700 South Cass Ave., Argonne, IL Philosophy on Vulnerability Assessments Argonne Vulnerability Assessment Team Roger G. Johnston, Ph.D., CPP , 630-252-6168 1. There are a number of conventional tools for finding security vulnerabilities. These include security surveys, risk management, design basis threat, CARVER Method, Delphi Method, software vulnerability assessment tools, infrastructure modeling, etc. 2. These tools have some value, and indeed we have used them all. 3. Experience has shown, however, that these methods do not usually result in dramatic improvements to security, nor do they reliably predict catastrophic security incidents that

12

Analyses Of Two End-User Software Vulnerability Exposure Metrics  

SciTech Connect

The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

Jason L. Wright; Miles McQueen; Lawrence Wellman

2012-08-01T23:59:59.000Z

13

Energy vulnerability relationships  

Science Conference Proceedings (OSTI)

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

14

Plutonium Vulnerability Management Plan  

Science Conference Proceedings (OSTI)

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

15

Vulnerability due to Nocturnal Tornadoes  

Science Conference Proceedings (OSTI)

This study investigates the human vulnerability caused by tornadoes that occurred between sunset and sunrise from 1880 to 2007. Nocturnal tornadoes are theorized to enhance vulnerability because they are difficult to spot and occur when the ...

Walker S. Ashley; Andrew J. Krmenec; Rick Schwantes

2008-10-01T23:59:59.000Z

16

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability 7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability July 11, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Adobe ColdFusion PLATFORM: The vulnerability is reported in version 10 for Windows, Macintosh, and Linux ABSTRACT: The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets REFERENCE LINKS: Secunia Advisory SA54024 Adobe Security Bulletin APSB13-19 Stackoverflow.com CVE-2013-3350 IMPACT ASSESSMENT: High DISCUSSION: The hotfix resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets IMPACT: Security Bypass

17

Guide to Critical Infrastructure Protection Cyber Vulnerability...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized...

18

Security Automation and the National Vulnerability Database  

Science Conference Proceedings (OSTI)

... 6 Page 7. National Vulnerability Database Role Receive CVE ... Environmental Integrity ... Use Case: Vulnerability Management CVE 2012-3544 30 ...

2013-06-05T23:59:59.000Z

19

HEPA Filter Vulnerability Assessment  

SciTech Connect

This assessment of High Efficiency Particulate Air (HEPA) filter vulnerability was requested by the USDOE Office of River Protection (ORP) to satisfy a DOE-HQ directive to evaluate the effect of filter degradation on the facility authorization basis assumptions. Within the scope of this assessment are ventilation system HEPA filters that are classified as Safety-Class (SC) or Safety-Significant (SS) components that perform an accident mitigation function. The objective of the assessment is to verify whether HEPA filters that perform a safety function during an accident are likely to perform as intended to limit release of hazardous or radioactive materials, considering factors that could degrade the filters. Filter degradation factors considered include aging, wetting of filters, exposure to high temperature, exposure to corrosive or reactive chemicals, and exposure to radiation. Screening and evaluation criteria were developed by a site-wide group of HVAC engineers and HEPA filter experts from published empirical data. For River Protection Project (RPP) filters, the only degradation factor that exceeded the screening threshold was for filter aging. Subsequent evaluation of the effect of filter aging on the filter strength was conducted, and the results were compared with required performance to meet the conditions assumed in the RPP Authorization Basis (AB). It was found that the reduction in filter strength due to aging does not affect the filter performance requirements as specified in the AB. A portion of the HEPA filter vulnerability assessment is being conducted by the ORP and is not part of the scope of this study. The ORP is conducting an assessment of the existing policies and programs relating to maintenance, testing, and change-out of HEPA filters used for SC/SS service. This document presents the results of a HEPA filter vulnerability assessment conducted for the River protection project as requested by the DOE Office of River Protection.

GUSTAVSON, R.D.

2000-05-11T23:59:59.000Z

20

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE))

The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides...

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

NSTB Summarizes Vulnerable Areas | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. NSTB Summarizes Vulnerable Areas More Documents & Publications...

22

Energy Spending and Vulnerable Households  

E-Print Network (OSTI)

offthanbefore.Inparticularlargehouseholdswithlow incomesseemtohavebeenadverselyaffectedbythenewtariffstructuressince theyhavecomparablylargeenergyexpenditure(Bennetetal.,2002). 5. VulnerableHouseholdsandEnergySpending The... tariffscanplayanimportantpartinthepublicdebate on eradicating fuel poverty and helping the vulnerable households. Smart metering can provide consumers with information on the actual energy consumptionandmight lead to...

Jamasb, Tooraj; Meier, Helena

2011-01-26T23:59:59.000Z

23

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

24

Diversity Strategies to Mitigate Postulated Common Cause Failure Vulnerabilities  

Science Conference Proceedings (OSTI)

This paper describes an approach to establish effective mitigating strategies that can resolve potential common-cause failure (CCF) vulnerabilities in instrumentation and control (I&C) systems at nuclear power plants. A particular objective in the development of these strategies, which consist of combinations of diversity attributes and their associated criteria, is to address the unique characteristics of digital technology that can contribute to CCF concerns. The research approach employed to establish diversity strategies involves investigation of available documentation on diversity usage and experience from nuclear power and non-nuclear industries, capture of expert knowledge and lessons learned, determination of common practices, and assessment of the nature of CCFs and compensating diversity attributes. The resulting diversity strategies address considerations such as the effect of technology choices, the nature of CCF vulnerabilities, and the prospective impact of each diversity type. In particular, the impact of each attribute and criterion on the purpose, process, product, and performance aspects of diverse systems are considered.

Wood, Richard Thomas [ORNL

2010-01-01T23:59:59.000Z

25

Time-Resolved  

NLE Websites -- All DOE Office Websites (Extended Search)

Time-Resolved Time-Resolved Time-Resolved Print Of the four fundamental parameters that we use to perceive the physical world (energy, momentum, position, and time) three correspond to the three broad categories of synchrotron experimental measurement techniques: spectroscopy (energy), scattering (momentum), and imaging (position). The fourth parameter-time-can in principle be applied to all the techniques. At the ALS, many experiments can be carried out in real time, with data being recorded from the same sample as it changes over time. Some time-resolved experiments take advantage of the pulsed nature of the ALS's synchrotron radiation, which, like a strobe light, can capture a series of "snapshots" of a process that, when viewed sequentially, show us how a given process evolves over time. Other experiments simply require two pulses: one to "pump" energy into the sample system and a second to probe the system's excited state.

26

Coastal Impacts, Adaptation, and Vulnerabilities  

E-Print Network (OSTI)

· Robert R. Twilley, Louisiana State University · Jordan West, U.S. Environmental Protection Agency Chapter and Restoration Authority of Louisiana · Richard Raynie, Coastal Protection and Restoration Authority of Louisiana.3.7 Emergency Response, Recovery, and Vulnerability Reduction 4.3.8 Coastal and Nearshore Oil and Ga0 4.4 Human

Kossin, James P.

27

Understanding cyber threats and vulnerabilities  

Science Conference Proceedings (OSTI)

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ... Keywords: actor, critical infrastructure, cyber crime, cyber terrorism, cyber threat, cyber vulnerabilities

Eric Luiijf

2012-01-01T23:59:59.000Z

28

V-207: Wireshark Multiple Denial of Service Vulnerabilities ...  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

29

V-019: Google Chrome Multiple Vulnerabilities | Department of...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Google Chrome Multiple Vulnerabilities V-019: Google Chrome Multiple Vulnerabilities November 8, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

30

NEHRP - Hazard Vulnerability and Disaster Resiliency ...  

Science Conference Proceedings (OSTI)

... Hazard Vulnerability and Disaster Resiliency. 2013. ... gaps for achieving resilience in the ... protection, emergency response, business continuity, and ...

31

Vulnerability Assessment Team (VAT) - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability Assessment Team Vulnerability Assessment Team VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

32

V-211: IBM iNotes Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

33

NV: Nessus Vulnerability Visualization for the Web  

SciTech Connect

Network vulnerability is a critical component of network se- curity. Yet vulnerability analysis has received relatively lit- tle attention from the security visualization community. In this paper we describe nv, a web-based Nessus vulnerability visualization. Nv utilizes treemaps and linked histograms to allow system administrators to discover, analyze, and man- age vulnerabilities on their networks. In addition to visual- izing single Nessus scans, nv supports the analysis of sequen- tial scans by showing which vulnerabilities have been fixed, remain open, or are newly discovered. Nv was also designed to operate completely in-browser, to avoid sending sensitive data to outside servers. We discuss the design of nv, as well as provide case studies demonstrating vulnerability analysis workflows which include a multiple-node testbed and data from the 2011 VAST Challenge.

Harrison, Lane [University of North Carolina, Charlotte; Spahn, Riley B [ORNL; Iannacone, Michael D [ORNL; Downing, Evan P [ORNL; Goodall, John R [ORNL

2012-01-01T23:59:59.000Z

34

Resolvers Revealed: Characterizing DNS Resolvers and their Clients  

Science Conference Proceedings (OSTI)

The Domain Name System (DNS) allows clients to use resolvers, sometimes called caches, to query a set of authoritative servers to translate host names into IP addresses. Prior work has proposed using the interaction between these DNS resolvers and the ... Keywords: DNS resolvers, security

Craig A. Shue; Andrew J. Kalafut

2013-07-01T23:59:59.000Z

35

Mining Bug Databases for Unidentified Software Vulnerabilities  

SciTech Connect

Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

2012-06-01T23:59:59.000Z

36

Assessing Network Infrastructure Vulnerabilities to Physical ...  

Science Conference Proceedings (OSTI)

... networks, air traffic control systems, and water distribution systems ... is that we consider the vulnerability to this ... States is buried in the ground within a ...

1999-11-05T23:59:59.000Z

37

U-198: IBM Lotus Expeditor Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

38

Vulnerability analysis of three remote voting methods  

E-Print Network (OSTI)

This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities.

Enguehard, Chantal

2009-01-01T23:59:59.000Z

39

Seals Applications - Vulnerability Assessment Team - Nuclear...  

NLE Websites -- All DOE Office Websites (Extended Search)

Physical Security Maxims Read the Security Maxims Devil's Dictionary of Security Terms For more information: Vulnerability Assessment Section Sect. Manager: Roger G....

40

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This...

42

Multics Security Evaluation (Volume II): Vulnerability Analysis  

Science Conference Proceedings (OSTI)

Page 1. ESD-TR-74-J93, Vor. II ' MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS Pau r A. Karger, 2Lt ...

2013-04-15T23:59:59.000Z

43

Toward a Resiliency and Vulnerability Observatory Network ...  

Science Conference Proceedings (OSTI)

... is already undertaking extensive investment in its ... vulnerability or more generally, equity, should permeate all ... etc.), parcel and/or tax portfolio data ...

2009-02-05T23:59:59.000Z

44

Resolve at CEBAF  

SciTech Connect

M. Lee`s program RESOLVE has recently been in extensive use at CEBAF to help identify and correct optics problems in recirculation arcs and in linac beamlines encountered during the commissioning of the 4- GeV accelerator. We describe the integration of the program with our machine applications software package. A significant vertical focusing error in one of the recirculation arcs, which is attributed to edge focusing of dipole magnets, was found from the analysis of difference orbit measurement data. A corrective measure has been successfully implemented. Optics checks in the spreader and recombiner regions are discussed along with linac optics and 60Hz jitter. 7 refs., 4 figs.

Yunn, B. C.; Li, R.; Simrock, S.

1995-12-31T23:59:59.000Z

45

Resolve at CEBAF  

SciTech Connect

M. Lee's program RESOLVE has recently been in extensive use at CEBAF to help identify and correct optics problems in recirculation arcs and in linac beamlines encountered during the commissioning of the 4-GeV accelerator. The authors describe the integration of the program with their machine applications software package. A significant vertical focusing error in one of the recirculation arcs, which is attributed to edge focusing of dipole magnets, was found from the analysis of difference orbit measurement data. A corrective measure has been successfully implemented. Optics checks in the spreader and recombiner regions are discussed along with linac optics and 60Hz jitter. 7 refs., 4 figs.

Yunn, B. C.; Li, R.; Simrock, S.

1995-12-31T23:59:59.000Z

46

T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Linux Kernel dns_resolver Key Processing Error Lets Local 1: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services March 7, 2011 - 3:05pm Addthis PROBLEM: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services. PLATFORM: Linux Kernel 2.6.37 and prior versions ABSTRACT: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID:1025162 Latest Stable Kernel CVE-2011-1076 IMPACT ASSESSMENT: High Discussion: When a DNS resolver key is instantiated with an error indication, a local user can attempt to read the key to trigger a null pointer dereference and cause a kernel crash. A local user can cause the target system to crash.

47

Definitions, Seals - Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Definitions Definitions VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

48

Safety - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety Safety VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

49

Useful Resources- Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Publications Selected Publications VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

50

NIST State-resolved Biomolecular Spectroscopies  

Science Conference Proceedings (OSTI)

State-resolved Spectroscopy of Biomolecules. Summary: ... For examples, see State-resolved terahertz spectroscopy of biomolecules. ...

2012-10-18T23:59:59.000Z

51

T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

52

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple...

53

India-Vulnerability Assessment and Enhancing Adaptive Capacities...  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

54

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

55

Election Security - Vulnerability Assessment Team - Nuclear Engineerin...  

NLE Websites -- All DOE Office Websites (Extended Search)

on LinkedIn The Vulnerability Assessment Team has demonstrated easy to execute, non-cyber attacks on two different kinds of electronic voting machines. We believe that too...

56

New York City's Vulnerability to Coastal Flooding  

Science Conference Proceedings (OSTI)

New York City, New York (NYC), is extremely vulnerable to coastal flooding; thus, verification and improvements in storm surge models are needed in order to protect both life and property. This paper highlights the Stony Brook Storm Surge (SBSS) ...

Brian A. Colle; Frank Buonaiuto; Malcolm J. Bowman; Robert E. Wilson; Roger Flood; Robert Hunter; Alexander Mintz; Douglas Hill

2008-06-01T23:59:59.000Z

57

CDKN-Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Cartagena Vulnerability Assessment Cartagena Vulnerability Assessment Jump to: navigation, search Name CDKN-Colombia-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] CDKN-Colombia-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=CDKN-Colombia-Cartagena_Vulnerability_Assessment&oldid=407543

58

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow  

NLE Websites -- All DOE Office Websites (Extended Search)

65: Vulnerability in Microsoft Malware Protection Engine Could 65: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability February 25, 2011 - 7:40am Addthis PROBLEM: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability. PLATFORM: Microsoft Malware Protection Engine Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0 This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0 If the version of the Microsoft Malware Protection Engine is equal to or

59

U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Android DNS Resolver Randomization Flaw Lets Remote 0: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache July 25, 2012 - 7:00am Addthis PROBLEM: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache PLATFORM: Version(s): 4.0.4 and prior versions ABSTRACT: A remote user can poison the DNS cache. reference LINKS: IBM Application Security Research Group SecurityTracker Alert ID: 1027291 Bugtraq ID: 523624 CVE-2012-2808 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Google Android. The res_randomid() function, which bases a return value on the process ID and the current time, is called twice in quick succession. As a result, the effective

60

A framework for modeling rail transport vulnerability  

Science Conference Proceedings (OSTI)

Railroads represent one of the most efficient methods of long-haul transport for bulk commodities, from coal to agricultural products. Over the past fifty years, the rail network has contracted while tonnage has increased. Service, geographically, has been abandoned along short haul routes and increased along major long haul routes, resulting in a network that is more streamlined. The current rail network may be very vulnerable to disruptions, like the failure of a trestle. This paper proposes a framework to model rail network vulnerability and gives an application of this modeling framework in analyzing rail network vulnerability for the State of Washington. It concludes with a number of policy related issues that need to be addressed in order to identify, plan, and mitigate the risks associated with the sudden loss of a bridge or trestle.

Peterson, Steven K [ORNL; Church, Richard L. [University of California, Santa Barbara

2008-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Stratgies for Diversity Usage to Mitigate Postulated Common Cause Failure Vulnerabilities  

Science Conference Proceedings (OSTI)

This paper describes an approach to establish effective mitigating strategies that can resolve potential common-cause failure (CCF) vulnerabilities in instrumentation and control systems at nuclear power plants. A particular objective in the development of these strategies, which consist of combinations of diversity attributes and their associated criteria, is to address the unique characteristics of digital technology that can contribute to CCF concerns. The research approach employed to establish diversity strategies involves investigation of available documentation on diversity usage and experience from nuclear power and non-nuclear industries, capture of expert knowledge and lessons learned, determination of common practices, and assessment of the nature of CCFs and compensating diversity attributes. The resulting diversity strategies address considerations such as the effect of technology choices, the nature of CCF vulnerabilities, and the prospective impact of each diversity type. In particular, the impact of each attribute and criterion on the purpose, process, product, and performance aspects of diverse systems are considered.

Wood, Richard Thomas [ORNL; Waterman, Michael E. [U.S. Nuclear Regulatory Commission

2011-01-01T23:59:59.000Z

62

Nanosecond time resolved thermal emission measurements during...  

NLE Websites -- All DOE Office Websites (Extended Search)

Nanosecond time resolved thermal emission measurements during pulse excimer laser interaction with materials Title Nanosecond time resolved thermal emission measurements during...

63

Critical infrastructure protection: The vulnerability conundrum  

Science Conference Proceedings (OSTI)

Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats ... Keywords: Critical infrastructure, Fortification, Interdiction, Policy, Protection, Strategies, Vulnerability

Alan T. Murray; Tony H. Grubesic

2012-02-01T23:59:59.000Z

64

Chemical Safety Vulnerability Working Group Report  

SciTech Connect

This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

1994-09-01T23:59:59.000Z

65

V-038: Google Chrome Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Two Vulnerabilities 8: Google Chrome Two Vulnerabilities V-038: Google Chrome Two Vulnerabilities December 3, 2012 - 1:00am Addthis PROBLEM: Google Chrome Two Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 23.0.1271.95. ABSTRACT: Two vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA51447 CVE-2012-5137 CVE-2012-5138 IMPACT ASSESSMENT: High DISCUSSION: Two vulnerabilities have been reported in Google Chrome, where one has an unknown impact and the other can be exploited by malicious people to compromise a user's system. 1) An error exists when handling file paths. 2) A use-after-free error exists when handling media sources. The vulnerabilities are reported in versions prior to 23.0.1271.95. IMPACT:

66

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Secure Gateway Unspecified Vulnerability 6: Citrix Secure Gateway Unspecified Vulnerability T-566: Citrix Secure Gateway Unspecified Vulnerability February 28, 2011 - 11:22pm Addthis PROBLEM: Citrix Secure Gateway Unspecified Vulnerability. PLATFORM: Citrix Secure Gateway version 3.1.4 ABSTRACT: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia Advisory SA43497 Citrix Support IMPACT ASSESSMENT: High Discussion: This vulnerability only affects Secure Gateway version 3.1.4. Secure Gateway version 3.2.0 is not affected by this vulnerability, but Citrix recommends that customers currently using this version upgrade their deployments to version 3.2.1 in line with the guidance provided in

67

Empirical Estimates and Observations of 0Day Vulnerabilities  

Science Conference Proceedings (OSTI)

We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day.

Miles A. McQueen; Trevor A. McQueen; Wayne F. Boyer; May R. Chaffin

2009-01-01T23:59:59.000Z

68

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE  

E-Print Network (OSTI)

PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE A Quantitative Approach R. H. Moss A. L. Brenkert E@ntis.fedworld.gov Online ordering: http://www.ntis.gov/ordering.htm #12;iii EXECUTIVE SUMMARY The PNNL Vulnerability

Hultman, Nathan E.

69

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

70

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

71

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

72

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

73

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

74

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

62: Drupal Multiple Vulnerabilities 62: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

75

T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities 6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities March 14, 2011 - 3:05pm Addthis PROBLEM: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. PLATFORM: Sun Solaris 10 ABSTRACT: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. reference LINKS: Secunia Advisory: SA43747 Oracle Sun Advisory: CVE Multiple Vulnerabilities in Adobe Flash Player Secure List: SA43747 Oracle Sun Support Adobe Flash Player for Linux and Solaris IMPACT ASSESSMENT: High Discussion: Oracle has acknowledged multiple vulnerabilities in Solaris, which can be exploited by malicious people to disclose sensitive information, bypass

76

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

77

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

162: Drupal Multiple Vulnerabilities 162: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

78

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

79

T-540: Sybase EAServer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: Sybase EAServer Multiple Vulnerabilities 40: Sybase EAServer Multiple Vulnerabilities T-540: Sybase EAServer Multiple Vulnerabilities January 24, 2011 - 6:16am Addthis PROBLEM: Sybase EAServer Multiple Vulnerabilities PLATFORM: Sybase EAServer versions 6.3 and prior ABSTRACT: Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information. Sybase EAServer versions 6.3 and prior are affected. reference LINKS: Bugtraq ID: 45809 SyBase Advisory IMPACT ASSESSMENT: Medium Discussion: Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over

80

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Colombia-Cartagena Vulnerability Assessment Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] Colombia-CDKN-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=Colombia-Cartagena_Vulnerability_Assessment&oldid=699760"

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Spatially Resolved Porous Electrode Theory for Rechargeable ...  

Science Conference Proceedings (OSTI)

Symposium, Nanostructured Materials for Lithium Ion Batteries and for Supercapacitors. Presentation Title, Spatially Resolved Porous Electrode Theory for...

82

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

83

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Multiple Vulnerabilities 1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: versions prior to 26.0.1410.43. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Secunia Advisory SA52761 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. IMPACT: 1) A use-after-free error exists in Web Audio.

84

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Vulnerabilities 5: Google Chrome Multiple Vulnerabilities V-105: Google Chrome Multiple Vulnerabilities March 6, 2013 - 12:09am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome prior to 25.0.1364.152. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA52454 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities in Google Chrome may have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in frame loader. 2) A use-after-free error exists in browser navigation handling.

85

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

86

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Unified Customer Voice Portal (CVP) Multiple 2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT: Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. REFERENCE LINKS: Secunia Advisory SA53306 Cisco Advisory ID cisco-sa-20130508-cvp Cisco Applied Mitigation Bulletin CVE-2013-1220 CVE-2013-1221 CVE-2013-1222 CVE-2013-1223 CVE-2013-1224 CVE-2013-1225 IMPACT ASSESSMENT: Medium DISCUSSION:

87

V-097: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Google Chrome Multiple Vulnerabilities 7: Google Chrome Multiple Vulnerabilities V-097: Google Chrome Multiple Vulnerabilities February 22, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome PLATFORM: The vulnerabilities are reported in versions prior to Google Chrome 24.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52320 Chrome Stable Channel Update CVE-2013-0879 CVE-2013-0880 CVE-2013-0881 CVE-2013-0882 CVE-2013-0883 CVE-2013-0884 CVE-2013-0885 CVE-2013-0886 CVE-2013-0887 CVE-2013-0888 CVE-2013-0889 CVE-2013-0890 CVE-2013-0891 CVE-2013-0892 CVE-2013-0893

88

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

89

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

90

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Data Studio Web Console Java Multiple Vulnerabilities 8: IBM Data Studio Web Console Java Multiple Vulnerabilities V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities June 14, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE REFERENCE LINKS: Secunia Advisory SA53778 IBM Flash Alert 1640533 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: High DISCUSSION: An unspecified vulnerability within the JSSE component could allow: 1) A remote attacker to cause a denial of service 2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of

91

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Informix Genero libpng Integer Overflow Vulnerability 4: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT ASSESSMENT: Medium DISCUSSION: The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix

92

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

93

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

94

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google Picasa BMP and TIFF Images Processing Vulnerabilities 6: Google Picasa BMP and TIFF Images Processing Vulnerabilities V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities March 21, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been discovered in Google Picasa PLATFORM: Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac ABSTRACT: Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA51652 Picasa Release Notes IMPACT ASSESSMENT: High DISCUSSION: 1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field. 2) The application bundles a vulnerable version of LibTIFF.

95

T-550: Apache Denial of Service Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

550: Apache Denial of Service Vulnerability 550: Apache Denial of Service Vulnerability T-550: Apache Denial of Service Vulnerability February 4, 2011 - 3:03am Addthis PROBLEM: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. PLATFORM: Versions prior to 'APR-util' 1.3.10 are vulnerable. ABSTRACT: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption). reference LINKS: Securityfocus

96

V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Adobe Flash Player / AIR Multiple Vulnerabilities 0: Adobe Flash Player / AIR Multiple Vulnerabilities V-090: Adobe Flash Player / AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player / AIR Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.5.502.149 and prior for Windows and Macintosh Adobe Flash Player versions 11.2.202.262 and prior for Linux Adobe Flash Player versions 11.1.115.37 and prior for Android 4.x Adobe Flash Player versions 11.1.111.32 and prior for Android 3.x and 2.x Adobe AIR versions 3.5.0.1060 and prior Adobe AIR versions 3.5.0.1060 SDK and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR. REFERENCE LINKS: Vulnerability identifier: APSB13-05 Secunia Advisory SA52166 CVE-2013-0637 CVE-2013-0638 CVE-2013-0639

97

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

98

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

99

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

100

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Bugzilla LDAP Injection and Information Disclosure 1: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities September 5, 2012 - 6:00am Addthis PROBLEM: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: Bugzilla is prone to an LDAP-injection vulnerability and an information-disclosure vulnerability reference LINKS: Bugzilla Homepage Bugzilla Security Advisory Bugtraq ID: 55349 Secunia Advisory SA50433 CVE-2012-3981 CVE-2012-4747 IMPACT ASSESSMENT: Medium Discussion: A vulnerability and a security issue have been reported, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used

102

V-062: Asterisk Two Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Asterisk Two Denial of Service Vulnerabilities 2: Asterisk Two Denial of Service Vulnerabilities V-062: Asterisk Two Denial of Service Vulnerabilities January 4, 2013 - 6:00am Addthis PROBLEM: Asterisk Two Denial of Service Vulnerabilities PLATFORM: The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x. ABSTRACT: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA51689 Asterisk Project Security Advisories CVE-2012-5976 CVE-2012-5977 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via

103

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

104

U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities 6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities December 22, 2011 - 6:30am Addthis PROBLEM: Mozilla Firefox / Thunderbird Multiple Vulnerabilities . PLATFORM: Mozilla Firefox 8.x and Mozilla Thunderbird 8.x ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. reference LINKS: Advisory 2011-53 Advisory 2011-54 Advisory 2011-55 Advisory 2011-56 Advisory 2011-57 Advisory 2011-58 Secunia Advisory: SA47302 IMPACT ASSESSMENT: High Discussion: Vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further

105

V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox Multiple Vulnerabilities 6: Mozilla Firefox Multiple Vulnerabilities V-126: Mozilla Firefox Multiple Vulnerabilities April 4, 2013 - 6:00am Addthis PROBLEM: Mozilla Firefox Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 20.0 ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52770 Secunia Advisory SA52293 Mozilla Security Announcement mfsa2013-30 Mozilla Security Announcement mfsa2013-31 Mozilla Security Announcement mfsa2013-32 Mozilla Security Announcement mfsa2013-34 Mozilla Security Announcement mfsa2013-35

106

U-104: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Flash Player Multiple Vulnerabilities 4: Adobe Flash Player Multiple Vulnerabilities U-104: Adobe Flash Player Multiple Vulnerabilities February 16, 2012 - 6:30am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. reference LINKS: Adobe Security Bulletin Secunia Advisory 48033 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Adobe Flash Player, which

107

U-246: Tigase XMPP Dialback Protection Bypass Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Tigase XMPP Dialback Protection Bypass Vulnerability 6: Tigase XMPP Dialback Protection Bypass Vulnerability U-246: Tigase XMPP Dialback Protection Bypass Vulnerability August 28, 2012 - 7:00am Addthis PROBLEM: Tigase XMPP Dialback Protection Bypass Vulnerability PLATFORM: Tigase 5.x ABSTRACT: A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. reference LINKS: XMPP Standards Foundation Secunia Advisory SA50362 tigase.org CVE-2012-4670 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.

108

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Multiple Vulnerabilities 4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system. PLATFORM: Google Chrome 28.x ABSTRACT: The vulnerabilities are reported in versions prior to 29.0.1547.57 REFERENCE LINKS: Secunia Advisory ID: 1028921 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose

109

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

110

T-730: Vulnerability in Citrix Provisioning Services could result in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

730: Vulnerability in Citrix Provisioning Services could result 730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution September 29, 2011 - 8:30am Addthis PROBLEM: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution. PLATFORM: This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6 Service Pack 1. ABSTRACT: Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. reference LINKS: Citrix Document ID: CTX130846 Security Focus: Bugtraq ID 49803 IMPACT ASSESSMENT:

111

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Multiple Vulnerabilities 8: Google Chrome Multiple Vulnerabilities V-208: Google Chrome Multiple Vulnerabilities August 1, 2013 - 2:32am Addthis PROBLEM: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. PLATFORM: Google Chrome 28.x ABSTRACT: Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54325 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to

112

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

113

U-249: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

49: Google Chrome Multiple Vulnerabilities 49: Google Chrome Multiple Vulnerabilities U-249: Google Chrome Multiple Vulnerabilities August 31, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome 21.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome. reference LINKS: Secunia Advisory SA50447 Stable Channel Update CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An out-of-bounds read error exists when handling line breaks. 2) A bad cast error exists within run-ins.

114

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

115

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Access Gateway Unspecified Security Bypass 6: Citrix Access Gateway Unspecified Security Bypass Vulnerability V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway PLATFORM: Standard Edition 5.0.x prior to 5.0.4.223524. Versions 4.5.x and 4.6.x are not affected by this vulnerability ABSTRACT: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA52479 Security Tracker Alert ID 1028255 com/id/1028255 CVE-2013-2263 Citrix Knowledge Center IMPACT ASSESSMENT: High DISCUSSION: The vulnerability could allow an unauthenticated user to gain access to network resources. IMPACT:

116

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Mozilla Firefox Multiple Vulnerabilities 4: Mozilla Firefox Multiple Vulnerabilities V-214: Mozilla Firefox Multiple Vulnerabilities August 8, 2013 - 2:16am Addthis PROBLEM: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. PLATFORM: Mozilla Firefox 22.x ABSTRACT: The vulnerabilities are reported in versions prior to 23.0. REFERENCE LINKS: Secunia Advisory SA54418 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can

117

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

118

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

119

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

120

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

NLE Websites -- All DOE Office Websites (Extended Search)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

National Nuclear Security Administration (NNSA)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

122

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS Introduction SCADA Security for Managers and Operators Intermediate SCADA Security Training Course Slides...

123

Mapping Climate Change Vulnerability and Impact Scenarios - A...  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change...

124

Locating Climate Insecurity: Where Are the Most Vulnerable Places...  

Open Energy Info (EERE)

Twitter icon Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Name Locating Climate Insecurity: Where Are the Most...

125

The (In)Security of Drug Testing - Vulnerability Assessment Team...  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Papers > The (In)Security of Drug Testing VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security...

126

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0-18381 0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the U.S. Government. Neither the U.S. Government nor any agency thereof, nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness, of any information, apparatus, product, or

127

Using hardware vulnerability factors to enhance AVF analysis  

Science Conference Proceedings (OSTI)

Fault tolerance is now a primary design constraint for all major microprocessors. One step in determining a processor's compliance to its failure rate target is measuring the Architectural Vulnerability Factor (AVF) of each on-chip structure. The AVF ... Keywords: architectural vulnerability factor, fault tolerance, reliability

Vilas Sridharan; David R. Kaeli

2010-06-01T23:59:59.000Z

128

An OVAL-based active vulnerability assessment system for enterprise computer networks  

Science Conference Proceedings (OSTI)

Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter ... Keywords: Attack path, Network security, Open vulnerability assessment language, Predicate logic, Relational database management system, Security vulnerability

Xiuzhen Chen; Qinghua Zheng; Xiaohong Guan

2008-11-01T23:59:59.000Z

129

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

130

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Lotus Domino Multiple Vulnerabilities 8: IBM Lotus Domino Multiple Vulnerabilities V-118: IBM Lotus Domino Multiple Vulnerabilities March 25, 2013 - 12:40am Addthis PROBLEM: IBM Lotus Domino Multiple Vulnerabilities PLATFORM: IBM Domino 8.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Lotus Domino REFERENCE LINKS: IBM Reference #:1627597 Secunia Advisory SA52753 CVE-2012-6277 CVE-2013-0486 CVE-2013-0487 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access. Successful exploitation may require certain knowledge of Domino server configuration. 2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

131

T-625: Opera Frameset Handling Memory Corruption Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Opera Frameset Handling Memory Corruption Vulnerability 5: Opera Frameset Handling Memory Corruption Vulnerability T-625: Opera Frameset Handling Memory Corruption Vulnerability May 18, 2011 - 3:05pm Addthis PROBLEM: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. PLATFORM: Opera versions prior to 11.11 ABSTRACT: The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page. reference LINKS: Secunia Advisory: SA44611 Opera Knowledge Base Opera 11.11 for Windows Opera Download Opera Mobile IMPACT ASSESSMENT: High Discussion: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a

132

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

94: IBM Multiple Products Multiple Vulnerabilities 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1 IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2 ABSTRACT: A weakness and multiple vulnerabilities have been reported in multiple IBM products. REFERENCE LINKS: IBM Reference #:1625624 IBM Product Security Incident Response Blog Secunia Advisory SA52132

133

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Attachmate Reflection Products Java Multiple Vulnerabilities 2: Attachmate Reflection Products Java Multiple Vulnerabilities V-022: Attachmate Reflection Products Java Multiple Vulnerabilities November 13, 2012 - 1:00am Addthis PROBLEM: Attachmate Reflection Products Java Multiple Vulnerabilities PLATFORM: Reflection X 2011 Reflection Suite for X 2011 Reflection for Secure IT Server for Windows Reflection for Secure IT Client and Server for UNIX ABSTRACT: Security issues related to Reflection PKI Services Manager REFERENCE LINKS: PKI Services Manager Technical Note 2560 Secunia Advisory SA51256 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 IMPACT ASSESSMENT: High DISCUSSION: Attachmate has acknowledged multiple vulnerabilities in some Reflection

134

India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Agency/Company /Organization Swiss Agency for Development and Cooperation Sector Energy, Land, Water Focus Area Agriculture Topics Co-benefits assessment, Background analysis Resource Type Lessons learned/best practices Website http://www.intercooperation.or Country India Southern Asia References India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change[1] India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Screenshot Contents 1 Introduction [1] 2 Community-based Institutions [2] 3 Pasture Land Development [3]

135

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

136

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

137

U-100: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Vulnerabilities 0: Google Chrome Multiple Vulnerabilities U-100: Google Chrome Multiple Vulnerabilities February 10, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. PLATFORM: Google Chrome 16.x ABSTRACT: A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Reference LINKS: Google Announcements and Release Channel Secunia Advisory SA47938 Security Tracker ID 1026654 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some

138

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Agency/Company /Organization: United Nations Development Programme (UNDP) Resource Type: Guide/manual Website: www.beta.undp.org/content/dam/aplaws/publication/en/publications/envir Language: English Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Screenshot This guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate policies and intervention can

139

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

140

T-731:Symantec IM Manager Code Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code Injection Vulnerability. PLATFORM: IM Manager versions prior to 8.4.18 are affected. ABSTRACT: Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. referecnce LINKS: Symantec Security Advisory SYM11-012 Symantec Security Updates Bugtraq ID: 49742 IMPACT ASSESSMENT: High Discussion: Symantec was notified of Cross-Site Scripting and Code injection/execution issues present in the Symantec IM Manager management console. The management console fails to properly filter/validate external inputs. Successful exploitation of SQL Injection or Remote Code execution might

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Drupal Secure Password Hashes Module Security Bypass 74: Drupal Secure Password Hashes Module Security Bypass Vulnerability T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability July 22, 2011 - 3:00pm Addthis PROBLEM: Drupal Secure Password Hashes Module Security Bypass Vulnerability PLATFORM: Drupal Secure Password Hashes 6.X-1.0 Drupal Secure Password Hashes 5.X-1.4 ABSTRACT: The Secure Password Hashes module for Drupal is prone to a security-bypass vulnerability. reference LINKS: Drupal Homepage SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities IMPACT ASSESSMENT: Medium Discussion: This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the {users} database column but does not replace the pass attribute of the account

142

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

143

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

144

V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox Multiple Vulnerabilities 7: Mozilla Firefox Multiple Vulnerabilities V-187: Mozilla Firefox Multiple Vulnerabilities June 27, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Mozilla Firefox PLATFORM: Mozilla Firefox 21.x ABSTRACT: These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53970 Secunia Advisory SA53953 Mozilla Advisory mfsa2013-49 Mozilla Advisory mfsa2013-50 Mozilla Advisory mfsa2013-51 Mozilla Advisory mfsa2013-53 Mozilla Advisory mfsa2013-55 Mozilla Advisory mfsa2013-56 Mozilla Advisory mfsa2013-59 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685

145

Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of  

Open Energy Info (EERE)

Impacts, Vulnerability and Adaptation: The Case of Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Agency/Company /Organization World Agroforestry Centre Sector Land Focus Area Forestry Topics Adaptation, Background analysis, Co-benefits assessment Resource Type Publications Website http://www.worldagroforestry.o Country Philippines UN Region South-Eastern Asia References Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed[1] Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Screenshot This article is a stub. You can help OpenEI by expanding it.

146

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

147

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Security AppScan Enterprise Multiple Vulnerabilities 9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security AppScan Enterprise Multiple Vulnerabilities PLATFORM: IBM Rational AppScan 5.x IBM Rational AppScan 8.x ABSTRACT: IBM has acknowledged multiple vulnerabilities REFERENCE LINKS: IBM Reference #:1626264 Secunia Advisory SA52764 CVE-2008-4033 CVE-2012-4431 CVE-2012-5081 CVE-2013-0473 CVE-2013-0474 CVE-2013-0510 CVE-2013-0511 CVE-2013-0512 CVE-2013-0513 CVE-2013-0532 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a

148

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Multiple vulnerabilities have been reported in Puppet 1: Multiple vulnerabilities have been reported in Puppet V-111: Multiple vulnerabilities have been reported in Puppet March 14, 2013 - 12:12am Addthis PROBLEM: Multiple vulnerabilities have been reported in Puppet PLATFORM: Puppet 2.x Puppet 3.x Puppet Enterprise 1.x Puppet Enterprise 2.x ABSTRACT: Puppet Multiple Vulnerabilities REFERENCE LINKS: Puppet Blog Secunia Advisory SA52596 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request. 2) An input validation error exists in the application and can be exploited

149

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). The coordinating lead author and a principal author was Craig Zamuda of DOE-PI; other principal authors included Bryan Mignone of DOE-PI, and Dan Bilello, KC Hallett, Courtney Lee, Jordan Macknick, Robin Newmark, and Daniel Steinberg of NREL. Vince Tidwell of Sandia National Laboratories, Tom Wilbanks of

150

Reducing US vulnerability to oil supply shocks  

Science Conference Proceedings (OSTI)

The 1990 crisis in the Middle East has raised concern about the United States`s vulnerability to oil supply disruptions. In addition, a number of trends point to increased US dependence on imported oil. Oil imports have increased and production has declined in the United States for the last eight years. Imports now comprise 42 percent of total oil consumption and US dependence on oil imports is projected to increase over the next 20 years. The Energy Modeling Forum forecasts imports to be more than twice domestic production by the year 2010. There are many studies examining the effects of various policies to protect US energy security. Not many consider the Strategic Petroleum Reserve (SPR), which can be a powerful tool in combating energy supply shocks. The SPR can dramatically increase the domestic short run supply elasticity, which has been found to be a key element in the welfare cost of protectionist policies. Upon examining 5 policies the author finds that the SPR together with a protectionist policy works best against a supply disruption. 27 refs., 3 tabs.

Yuecel, M.K. [Federal Reserve Bank of Dallas, TX (United States)

1994-10-01T23:59:59.000Z

151

V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Oracle Solaris Java Multiple Vulnerabilities 1: Oracle Solaris Java Multiple Vulnerabilities V-051: Oracle Solaris Java Multiple Vulnerabilities December 20, 2012 - 12:15am Addthis PROBLEM: Oracle Solaris Java Multiple Vulnerabilities PLATFORM: Oracle Solaris 11.x ABSTRACT: Oracle has acknowledged multiple vulnerabilities in Java included in Solaris REFERENCE LINKS: Secunia Advisory: SA51618 Secunia Advisory: SA50949 Third Party Vulnerability Resolution Blog in Java 7U9 Third Party Vulnerability Resolution Blog in Java 6U37 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5067 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084

152

Rapid Sampling from Sealed Containers - Vulnerability Assessment Team -  

NLE Websites -- All DOE Office Websites (Extended Search)

Nonproliferation and Nonproliferation and National Security > VAT > Current Projects > Rapid Sampling Tools > ... from Sealed Containers VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Tamper & Intrusion Detection Rapid Sampling from Sealed Containers Demo video Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned

153

Common Myths about Tamper Indicating Seals - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Common Myths about Tamper Common Myths about Tamper Indicating Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

154

New Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

More Information More Information VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

155

Insanely Fast Microprocessor Shop - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Insanely Fast Microprocessor Shop Insanely Fast Microprocessor Shop VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

156

About Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Seals Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

157

Findings and Lessons, Seals - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Findings and Lessons Learned Findings and Lessons Learned VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

158

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

159

Automated Vulnerability Detection for Compiled Smart Grid Software  

Science Conference Proceedings (OSTI)

While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

Prowell, Stacy J [ORNL; Pleszkoch, Mark G [ORNL; Sayre, Kirk D [ORNL; Linger, Richard C [ORNL

2012-01-01T23:59:59.000Z

160

NIST SP 800-24, PBX Vulnerability Analysis : Finding Holes In ...  

Science Conference Proceedings (OSTI)

... 35 Silent Monitoring 35 Conferencing 36 ... Dial-back modem vulnerabilities. Unattended remote access to a switch clearly represents a vulnerability. ...

2012-05-09T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

613: Microsoft Excel Axis Properties Remote Code Execution 613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability May 2, 2011 - 7:42am Addthis PROBLEM: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fail to sufficiently validate user-supplied input. PLATFORM: Microsoft Excel (2002-2010) ABSTRACT: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service

162

U-187: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Multiple Vulnerabilities 7: Adobe Flash Player Multiple Vulnerabilities U-187: Adobe Flash Player Multiple Vulnerabilities June 11, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Flash Player PLATFORM: Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux Adobe Flash Player 11.1.115.8 and earlier for Android 4.x Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android ABSTRACT: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates

163

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

164

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

165

U.S. Energy Sector Vulnerability Report | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process -- and to advance the Energy Department's goal of promoting energy security -- the Department released the U.S. Energy Sector Vulnerability to Climate Change and Extreme Weather report. The report examines current and potential future impacts of climate change trends on the U.S. energy sector, including: Coastal energy infrastructure is at risk from sea level rise, increasing storm intensity and higher storm surge and flooding. Oil and gas production -- including refining, hydraulic fracturing

166

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

97: Cisco Adaptive Security Appliances Denial of Service 97: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device. reference LINKS: Vendor Advisory Secunia ID 49647 CVE-2012-3058 IMPACT ASSESSMENT: High Discussion: Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco

167

T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

22: Adobe Acrobat and Reader Unspecified Memory Corruption 22: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability May 13, 2011 - 3:25am Addthis PROBLEM: Adobe Acrobat and Reader contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. PLATFORM: Adobe Reader versions 9.4.1 and prior, versions 8.2.5 and prior, and version 10.0 Acrobat Standard and Professional versions 9.4.1 and prior and version 10.0 Acrobat Standard and Professional versions 8.2.5 and prior Acrobat Professional Extended versions 9.4.1 and prior Acrobat 3D versions 8.2.5 and prior Adobe Flash Player versions 10.2.159.1 and prior for Windows, Macintosh, Linux, and Solaris ABSTRACT: The vulnerability is due to an unspecified error in the affected software

168

T-547: Microsoft Windows Human Interface Device (HID) Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

547: Microsoft Windows Human Interface Device (HID) Vulnerability 547: Microsoft Windows Human Interface Device (HID) Vulnerability T-547: Microsoft Windows Human Interface Device (HID) Vulnerability February 1, 2011 - 3:20am Addthis PROBLEM Microsoft Windows Human Interface Device (HID) Vulnerability. PLATFORM: Microsoft 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a Smartphone that the user connected to the computer. reference LINKS: Security Lab: Reference CVE-2011-0638 CVE Details: Reference CVE-2011-0638 Mitre Reference: CVE-2011-0638

169

U-191: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

91: Oracle Java Multiple Vulnerabilities 91: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes.

170

OLADE-Central America Climate Change Vulnerability Program | Open Energy  

Open Energy Info (EERE)

OLADE-Central America Climate Change Vulnerability Program OLADE-Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program Agency/Company /Organization Latin America Energy Organization Partner Ministries of Energy and Energy Enterprises Sector Energy, Land Topics Background analysis Website http://www.olade.org/proyecto_ Program Start 2010 Program End 2011 Country Belize, Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, Panama Central America, Central America, Central America, Central America, Central America, Central America, Central America References OLADE Energy and Climate Change Projects[1] OLADE is a Latin American organization working with Central American countries on climate change vulnerability for hydroelectric systems and

171

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

172

U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

35: Adobe Flash Player Multiple Vulnerabilities 35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should

173

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM Maximo Asset Management Products Java Multiple 61: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

174

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot. 2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check

175

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-180: IBM Application Manager For Smart Business Multiple V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin 1640752 Secunia Advisory SA53844 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

176

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple 1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

177

U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

SMB share and repairing the installation. 4) An unspecified error within the JavaScript API can be exploited to corrupt memory. NOTE: This vulnerability affects the Macintosh and...

178

Systematic Techniques for Finding and Preventing Script Injection Vulnerabilities  

E-Print Network (OSTI)

2010). http://code. google.com/p/browsersec/wiki/Part1. [101] SecuriTeam. Google.com UTF-7 XSS Vulnerabilities.sensitive data of the google.com domain. In the past, Barth

Saxena, Prateek

2012-01-01T23:59:59.000Z

179

Vulnerability beyond Stereotypes: Context and Agency in Hurricane Risk Communication  

Science Conference Proceedings (OSTI)

Risk communication may accentuate or alleviate the vulnerability of people who have particular difficulties responding to the threat of hazards such as hurricanes. The process of risk communication involves how hazard information is received, ...

Heather Lazrus; Betty H. Morrow; Rebecca E. Morss; Jeffrey K. Lazo

2012-04-01T23:59:59.000Z

180

V-061: IBM SPSS Modeler XML Document Parsing Vulnerability |...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

and cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain XML documents and can be exploited via a specially crafted document....

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

Equally Unprepared: Assessing the Hurricane Vulnerability of Undergraduate Students  

Science Conference Proceedings (OSTI)

Students have been described as being both particularly vulnerable to natural disasters and highly resilient in recovery. In addition, they often have been treated as a distinct, homogeneous group sharing similar characteristics. This research ...

Jason L. Simms; Margarethe Kusenbach; Graham A. Tobin

2013-07-01T23:59:59.000Z

182

T-614: Cisco Unified Communications Manager Database Security Vulnerability  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerability is due to unspecified errors in the affected software that may allow the attacker to perform SQL injections. An authenticated, remote attacker could inject arbitrary SQL code on the system, allowing the attacker to take unauthorized actions.

183

System Assurance: Beyond Detecting Vulnerabilities, 1st edition  

Science Conference Proceedings (OSTI)

In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable ...

Nikolai Mansourov; Djenana Campara

2010-12-01T23:59:59.000Z

184

Vulnerability and social risk management in India and Mexico  

E-Print Network (OSTI)

The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

Flores Ballesteros, Luis

2008-01-01T23:59:59.000Z

185

SLAC National Accelerator Laboratory - Bendable Crystals Resolve...  

NLE Websites -- All DOE Office Websites (Extended Search)

Bendable Crystals Resolve Properties of X-ray Pulses By Glenn Roberts Jr. September 12, 2012 A frustrating flaw in a set of custom crystals for an instrument at SLAC National...

186

Resolving Convection in a Global Hypohydrostatic Model  

Science Conference Proceedings (OSTI)

Convection cannot be explicitly resolved in general circulation models given their typical grid size of 50 km or larger. However, by multiplying the vertical acceleration in the equation of motion by a constant larger than unity, the horizontal ...

S. T. Garner; D. M. W. Frierson; I. M. Held; O. Pauluis; G. K. Vallis

2007-06-01T23:59:59.000Z

187

Predictability Mysteries in Cloud-Resolving Models  

Science Conference Proceedings (OSTI)

The rapid amplification of small-amplitude perturbations by the chaotic nature of the atmospheric dynamics intrinsically limits the skill of deterministic weather forecasts. In this study, limited-area cloud-resolving numerical weather prediction ...

Cathy Hohenegger; Daniel Lthi; Christoph Schr

2006-08-01T23:59:59.000Z

188

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

189

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

190

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

191

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

192

Soft Error Vulnerability of Iterative Linear Algebra Methods  

Science Conference Proceedings (OSTI)

Devices become increasingly vulnerable to soft errors as their feature sizes shrink. Previously, soft errors primarily caused problems for space and high-atmospheric computing applications. Modern architectures now use features so small at sufficiently low voltages that soft errors are becoming significant even at terrestrial altitudes. The soft error vulnerability of iterative linear algebra methods, which many scientific applications use, is a critical aspect of the overall application vulnerability. These methods are often considered invulnerable to many soft errors because they converge from an imprecise solution to a precise one. However, we show that iterative methods can be vulnerable to soft errors, with a high rate of silent data corruptions. We quantify this vulnerability, with algorithms generating up to 8.5% erroneous results when subjected to a single bit-flip. Further, we show that detecting soft errors in an iterative method depends on its detailed convergence properties and requires more complex mechanisms than simply checking the residual. Finally, we explore inexpensive techniques to tolerate soft errors in these methods.

Bronevetsky, G; de Supinski, B

2007-12-15T23:59:59.000Z

193

Vulnerability Analysis of Energy Delivery Control Systems - 2011 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The goal of the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE) National Supervisory Control and Data Acquisition (SCADA) Test Bed (NSTB) program is to enhance the reliability and resiliency of the Nation's energy infrastructure by reducing the risk

194

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

vulnerability vulnerability identification, dEfense and Restoration (Smart Grid Project) (United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom Coordinates 55.378052°, -3.435973° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":55.378052,"lon":-3.435973,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

195

Locating Climate Insecurity: Where Are the Most Vulnerable Places in  

Open Energy Info (EERE)

Locating Climate Insecurity: Where Are the Most Vulnerable Places in Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Agency/Company /Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.org/system/research_items/pdfs/19/original.pdf?128 UN Region: "Sub-Saharan Africa" is not in the list of possible values (Eastern Africa, Middle Africa, Northern Africa, Southern Africa, Western Africa, Caribbean, Central America, South America, Northern America, Central Asia, Eastern Asia, Southern Asia, South-Eastern Asia, Western Asia, Eastern Europe, Northern Europe, Southern Europe, Western Europe, Australia and New Zealand, Melanesia, Micronesia, Polynesia, Latin America and the Caribbean) for this property.

196

The Journal of Physical Security - Vulnerability Assessment Team - Argonne  

NLE Websites -- All DOE Office Websites (Extended Search)

Current Projects > The Journal of Physical Current Projects > The Journal of Physical Security VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

197

T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Drupal Prepopulate - Multiple vulnerabilities 7: Drupal Prepopulate - Multiple vulnerabilities T-657: Drupal Prepopulate - Multiple vulnerabilities June 29, 2011 - 3:34pm Addthis PROBLEM: Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. PLATFORM: Prepopulate module for Drupal 6.x versions prior to 6.x-2.2 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2011-023 Prepopulate module Prepopulate 6.x-2.2 Update IMPACT ASSESSMENT: High Discussion: The Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. Users privileged to

198

Chemical Safety Vulnerability Working Group report. Volume 1  

Science Conference Proceedings (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

Not Available

1994-09-01T23:59:59.000Z

199

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mac RealPlayer Multiple Vulnerabilities 2: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

200

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: Mac RealPlayer Multiple Vulnerabilities 42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS  

E-Print Network (OSTI)

VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS S A Bhattil environment of an Electricity transmission substation environment is modelled as a Symmetric Alpha Stable of an electricity transmission substation. I. INTRODUCTION In industrial environments, Supervisor Control and Data

Atkinson, Robert C

202

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot- tleneck in mobile devices (the battery power

California at Davis, University of

203

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery  

E-Print Network (OSTI)

Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot­ tleneck in mobile devices (the battery power

Chen, Hao

204

Steganographic information hiding that exploits a novel file system vulnerability  

Science Conference Proceedings (OSTI)

In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. ...

Avinash Srinivasan; Satish Kolli; Jie Wu

2013-08-01T23:59:59.000Z

205

An adaptive architecture of applying vulnerability analysis to IDS alerts  

Science Conference Proceedings (OSTI)

With increasing intrusions and attacks on the Internet, there is an urgent need to develop techniques for network security. Current standalone network security products, such as the firewall systems, the Intrusion Detection System (IDS), the anti-virus ... Keywords: alert, intrusion detection, network security, predicate-based evaluation, vulnerability analysis

Xuejiao Liu; Xin Zhuang; Debao Xiao

2008-07-01T23:59:59.000Z

206

Vulnerabilities Analyzing Model for Alert Correlation in Distributed Environment  

Science Conference Proceedings (OSTI)

With the growing deployment of host and network intrusion detection systems, managing alerts from these systems becomes critically important. A promising approach is to develop a cooperation module between several IDS to achieve alerts correlation and ... Keywords: alert correlation, prerequisites and consequences, hyper-alert type, vulnerability tuple

Wen Long; Yang Xin; Yixian Yang

2009-07-01T23:59:59.000Z

207

An assessment of fire vulnerability for aged electrical relays  

SciTech Connect

There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

1995-03-01T23:59:59.000Z

208

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

209

Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach  

Science Conference Proceedings (OSTI)

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and ... Keywords: Genetic algorithms, Information security

Mukul Gupta; Jackie Rees; Alok Chaturvedi; Jie Chi

2006-03-01T23:59:59.000Z

210

Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach  

Science Conference Proceedings (OSTI)

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and ... Keywords: genetic algorithms, information security

Mukul Gupta; Jackie Rees; Alok Chaturvedi; Jie Chi

2006-03-01T23:59:59.000Z

211

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

212

U-234: Oracle MySQL User Login Security Bypass Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

234: Oracle MySQL User Login Security Bypass Vulnerability 234: Oracle MySQL User Login Security Bypass Vulnerability U-234: Oracle MySQL User Login Security Bypass Vulnerability August 14, 2012 - 7:00am Addthis PROBLEM: Oracle MySQL User Login Security Bypass Vulnerability PLATFORM: Version(s): prior to 5.1.63 and 5.5.25 are vulnerable. ABSTRACT: Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions. REFERENCE LINKS: http://www.securityfocus.com/bid/53911/discuss CVE-2012-2122 IMPACT ASSESSMENT: Medium Discussion: Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in

213

U-158: HP NonStop Server Java Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP NonStop Server Java Multiple Vulnerabilities 8: HP NonStop Server Java Multiple Vulnerabilities U-158: HP NonStop Server Java Multiple Vulnerabilities April 30, 2012 - 7:00am Addthis PROBLEM: HP NonStop Server Java Multiple Vulnerabilities PLATFORM: HP NonStop Server 6.x ABSTRACT: Multiple vulnerabilities have been reported in HP NonStop Server Reference links: Secunia Advisory SA48977 CVE-2011-3547 CVE-2011-3551 CVE-2011-3553 IMPACT ASSESSMENT: High Discussion: HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact: Successful exploitation of this vulnerability may allow remote manipulation

214

U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Cisco AnyConnect VPN Client Two Vulnerabilities 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader

215

T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution  

Energy.gov (U.S. Department of Energy (DOE))

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

216

A Global Cloud Resolving Model Goals  

NLE Websites -- All DOE Office Websites (Extended Search)

Cloud Resolving Model Cloud Resolving Model Goals Uniform global horizontal grid spacing of 4 km or better ("cloud permitting") 100 or more layers up to at least the stratopause Parameterizations of microphysics, turbulence (including small clouds), and radiation Execution speed of at least several simulated days per wall-clock day on immediately available systems Annual cycle simulation by end of 2011. Motivations Parameterizations are still problematic. There are no spectral gaps. The equations themselves change at high resolution. GCRMs will be used for NWP within 10 years. GCRMs will be used for climate time-slices shortly thereafter. It's going to take some time to learn how to do GCRMs well. Scaling Science Length, Spatial extent, #Atoms, Weak scaling Time scale

217

Time-resolved multiple probe spectroscopy  

SciTech Connect

Time-resolved multiple probe spectroscopy combines optical, electronic, and data acquisition capabilities to enable measurement of picosecond to millisecond time-resolved spectra within a single experiment, using a single activation pulse. This technology enables a wide range of dynamic processes to be studied on a single laser and sample system. The technique includes a 1 kHz pump, 10 kHz probe flash photolysis-like mode of acquisition (pump-probe-probe-probe, etc.), increasing the amount of information from each experiment. We demonstrate the capability of the instrument by measuring the photolysis of tungsten hexacarbonyl (W(CO){sub 6}) monitored by IR absorption spectroscopy, following picosecond vibrational cooling of product formation through to slower bimolecular diffusion reactions on the microsecond time scale.

Greetham, G. M.; Sole, D.; Clark, I. P.; Parker, A. W.; Pollard, M. R.; Towrie, M. [Central Laser Facility, Science and Technology Facilities Council, Research Complex at Harwell, Rutherford Appleton Laboratory, Harwell, Oxfordshire, OX11 0QX (United Kingdom)

2012-10-15T23:59:59.000Z

218

RESOLVED: Projectb filesystem outage July 9, 2012  

NLE Websites -- All DOE Office Websites (Extended Search)

RESOLVED: Projectb filesystem outage July 9, 2012 RESOLVED: Projectb filesystem outage July 9, 2012 RESOLVED: Projectb filesystem outage July 9, 2012 July 9, 2012 (0 Comments) The projectb filesystem had a hardware failure that potentially generated I/O errors. The filesystem logs indicate that the earliest abnormal event on the filesystem occurred at 9:19AM and the filesystem was taken down for maintenance at 10:42AM. The filesystem returned to service at 11:20AM. Jobs running on the cluster would not have been able to read from or write to the projectb filesystem between 10:42AM and 11:20AM. Between 9:19AM and 10:42AM one out of the 20 GPFS controllers on projectb was down, and didn't failover (as it should have). This means: 1/20 file I/O operations could have failed between 9:19AM and 10:42AM If your job was performing a large number of short reads and writes, then

219

Research on memory access vulnerability analysis technique in SCADA protocol implementation  

Science Conference Proceedings (OSTI)

SCADA systems play key roles in monitor and control of the critical infrastructures, the vulnerabilities existed in them may destroy the controlled critical infrastructures. This paper proposes an analysis method of memory access vulnerability in SCADA ... Keywords: SCADA protocol implementation, dynamic analysis, memory access vulnerability

Fang Lan; Wang Chunlei; He Ronghui

2010-07-01T23:59:59.000Z

220

Using semantic templates to study vulnerabilities recorded in large software repositories  

Science Conference Proceedings (OSTI)

Software repositories are rich sources of information about vulnerabilities that occur during a product's lifecycle. Although available, such information is scattered across numerous databases. Furthermore, in large software repositories, a single vulnerability ... Keywords: CVE, CWE, buffer overflow, fix patterns, ontology, semantic template, software repository, vulnerability

Yan Wu; Robin A. Gandhi; Harvey Siy

2010-05-01T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities  

Science Conference Proceedings (OSTI)

Software security failures are common and the problem is growing. A vulnerability is a weakness in the software that, when exploited, causes a security failure. It is difficult to detect vulnerabilities until they manifest themselves as security failures ... Keywords: Cohesion, Complexity, Coupling, Software metrics, Vulnerability prediction

Istehad Chowdhury; Mohammad Zulkernine

2011-03-01T23:59:59.000Z

222

SIPC Advisory -Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code Execution -RISK: HIGH  

E-Print Network (OSTI)

SIPC Advisory - Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code/4/2011 SUBJECT: Vulnerability in Windows Graphics Rendering Engine Could Allow Remote Code Execution OVERVIEW: A new vulnerability has been discovered in Microsoft Windows Graphics Rendering Engine, which could

Holliday, Vance T.

223

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1  

E-Print Network (OSTI)

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack Acquisition (SCADA) systems that allows us to calculate device vulnerability and help power substation vulnerable to cyber attack. We use graph theory to model electric power control and protection devices

Krings, Axel W.

224

T-596: 0-Day Windows Network Interception Configuration Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: 0-Day Windows Network Interception Configuration 6: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can be used to stage potential man-in-the-middle (MITM) attacks on IPv4 traffic. Please see the "Other Links" section below, as it provides an external URL reference. reference LINKS: InfoSec Institute - SLAAC Attack Cisco Threat Comparison and Best-Practice White Paper IMPACT ASSESSMENT: High

225

T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Xen Multiple Buffer Overflow and Integer Overflow 6: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities May 19, 2011 - 3:05pm Addthis PROBLEM: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities PLATFORM: XenSource Xen 3.3.1, XenSource Xen 3.3, XenSource Xen 3.2, XenSource Xen 3.1.2, XenSource Xen 3.1.1, XenSource Xen 3.0.3, XenSource Xen 4.0, XenSource Xen 3.0, RedHat Enterprise Linux Virtualization 5 server, RedHat Enterprise Linux Desktop Multi OS 5 client ,RedHat Enterprise Linux 5 server, Red Hat Fedora 15 ,and Red Hat Enterprise Linux Desktop 5 client ABSTRACT: It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the

226

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

AFTER A Framework for electrical power sysTems vulnerability AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Norway) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Norway Coordinates 60.472023°, 8.468946° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":60.472023,"lon":8.468946,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

227

Putting vulnerability to climate change on the map: a review of approaches, benefits, and risks  

Science Conference Proceedings (OSTI)

There is growing demand among stakeholders across public and private institutions for spatially-explicit information regarding vulnerability to climate change at the local scale. However, the challenges associated with mapping the geography of climate change vulnerability are non-trivial, both conceptually and technically, suggesting the need for more critical evaluation of this practice. Here, we review climate change vulnerability mapping in the context of four key questions that are fundamental to assessment design. First, what are the goals of the assessment? A review of published assessments yields a range of objective statements that emphasize problem orientation or decision-making about adaptation actions. Second, how is the assessment of vulnerability framed? Assessments vary with respect to what values are assessed (vulnerability of what) and the underlying determinants of vulnerability that are considered (vulnerability to what). The selected frame ultimately influences perceptions of the primary driving forces of vulnerability as well as preferences regarding management alternatives. Third, what are the technical methods by which an assessment is conducted? The integration of vulnerability determinants into a common map remains an emergent and subjective practice associated with a number of methodological challenges. Fourth, who participates in the assessment and how will it be used to facilitate change? Assessments are often conducted under the auspices of benefiting stakeholders, yet many lack direct engagement with stakeholders. Each of these questions is reviewed in turn by drawing on an illustrative set of 45 vulnerability mapping studies appearing in the literature. A number of pathways for placing vulnerability

Preston, Benjamin L [ORNL

2011-01-01T23:59:59.000Z

228

T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google SketchUp v8.x - '.DAE' File Memory Corruption 6: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability September 14, 2011 - 9:28am Addthis PROBLEM: Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. PLATFORM: Google SketchUp 8 is vulnerable; other versions may also be affected. ABSTRACT: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability reference LINKS: Vulnerability-Lab SketchUp Downloads IMPACT ASSESSMENT: Medium Discussion: A Memory Corruption vulnerability is detected on the Google s SketchUp v8.x. The vulnerability is caused by an memory corruption when processing corrupt DAE files through the filter, which could be exploited by attackers

229

V-070: Apache CouchDB Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache CouchDB Multiple Vulnerabilities 0: Apache CouchDB Multiple Vulnerabilities V-070: Apache CouchDB Multiple Vulnerabilities January 16, 2013 - 1:00am Addthis PROBLEM: Apache CouchDB Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.0.4, 1.1.2, and 1.2.1. ABSTRACT: Multiple vulnerabilities have been reported in Apache CouchDB REFERENCE LINKS: Secunia Advisory SA51765 Seclists.org/fulldisclosure/2013/Jan/80 Seclists.org/fulldisclosure/2013/Jan/81 Seclists.org/fulldisclosure/2013/Jan/82 CVE-2012-5641 CVE-2012-5649 CVE-2012-5650 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed via the query parameters to browser-based test suite is not

230

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities 3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities January 26, 2011 - 7:35am Addthis PROBLEM: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. PLATFORM: Wireshark 0.8.20 through 1.2.8. ABSTRACT: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application. reference LINKS: Securityfocus IMPACT ASSESSMENT: Medium Discussion: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.Exploiting these issues may allow attackers to crash the

231

U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability 18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability July 23, 2012 - 6:49am Addthis PROBLEM: Cisco Linksys WMB54G TFTP Command Injection Vulnerability PLATFORM: Cisco Linksys WMB54G 1.x ABSTRACT: System access from local network reference LINKS: Bugtraq ID: 54615 Original Advisory Secunia Advisory SA49868 Cisco Advisory ID: cisco-sa-20111019-cs IMPACT ASSESSMENT: Medium Discussion: A vulnerability in Cisco Linksys WMB54G was reported, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to missing input validation in the TFTP service when running the firmware update functionality and can be exploited to inject and execute arbitrary shell commands. Additionally, it may be

232

U-099: MySQL Unspecified Code Execution Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

099: MySQL Unspecified Code Execution Vulnerability 099: MySQL Unspecified Code Execution Vulnerability U-099: MySQL Unspecified Code Execution Vulnerability February 9, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a vulnerable system. PLATFORM: MySQL 5.x ABSTRACT: Successful exploitation allows execution of arbitrary code. Reference LINKS: Secunia Advisory SA47894 No CVE references currently available. IMPACT ASSESSMENT: Medium Discussion: The vulnerability is reported in version 5.5.20. Other versions may also be affected. The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb on Debian 6.0. Impact: System access from local network Solution: An effective workaround cannot currently be provided due to limited vulnerability details.

233

V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: RealPlayer MP4 Processing Buffer Overflow Vulnerability 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when processing MP4 files and can be exploited to cause a heap-based buffer overflow via a specially crafted MP4 file. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 16.0.1.18. Addthis Related Articles U-042: Mac RealPlayer Multiple Vulnerabilities V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

234

Resolving The Moth at Millimeter Wavelengths  

E-Print Network (OSTI)

HD 61005, also known as "The Moth," is one of only a handful of debris disks that exhibit swept-back "wings" thought to be caused by interaction with the ambient interstellar medium (ISM). We present 1.3 mm Submillimeter Array (SMA) observations of the debris disk around HD 61005 at a spatial resolution of 1.9 arcsec that resolve the emission from large grains for the first time. The disk exhibits a double-peaked morphology at millimeter wavelengths, consistent with an optically thin ring viewed close to edge-on. To investigate the disk structure and the properties of the dust grains we simultaneously model the spatially resolved 1.3 mm visibilities and the unresolved spectral energy distribution. The temperatures indicated by the SED are consistent with expected temperatures for grains close to the blowout size located at radii commensurate with the millimeter and scattered light data. We also perform a visibility-domain analysis of the spatial distribution of millimeter-wavelength flux, incorporating constr...

Ricarte, Angelo; Hughes, A Meredith; Duchne, Gaspard; Williams, Jonathan P; Andrews, Sean M; Wilner, David J

2013-01-01T23:59:59.000Z

235

Wilson loops in warped resolved deformed conifolds  

Science Conference Proceedings (OSTI)

We calculate quark-antiquark potentials using the relationship between the expectation value of the Wilson loop and the action of a probe string in the string dual. We review and categorise the possible forms of the dependence of the energy on the separation between the quarks. In particular, we examine the possibility of there being a minimum separation for probe strings which do not penetrate close to the origin of the bulk space, and derive a condition which determines whether this is the case. We then apply these considerations to the flavoured resolved deformed conifold background of Gaillard et al. (2010) . We suggest that the unusual behaviour that we observe in this solution is likely to be related to the IR singularity which is not present in the unflavoured case. - Highlights: > We calculate quark-antiquark potentials using the Wilson loop and the action of a probe string in the string dual. > We review and categorise the possible forms of the dependence of the energy on the separation between the quarks. > We look in particular at the flavoured resolved deformed conifold. > There appears to be unusual behaviour which seems likely to be related to the IR singularity introduced by flavours.

Bennett, Stephen, E-mail: pystephen@swansea.ac.uk

2011-11-15T23:59:59.000Z

236

Time Resolved Deposition Measurements in NSTX  

SciTech Connect

Time-resolved measurements of deposition in current tokamaks are crucial to gain a predictive understanding of deposition with a view to mitigating tritium retention and deposition on diagnostic mirrors expected in next-step devices. Two quartz crystal microbalances have been installed on NSTX at a location 0.77m outside the last closed flux surface. This configuration mimics a typical diagnostic window or mirror. The deposits were analyzed ex-situ and found to be dominantly carbon, oxygen, and deuterium. A rear facing quartz crystal recorded deposition of lower sticking probability molecules at 10% of the rate of the front facing one. Time resolved measurements over a 4-week period with 497 discharges, recorded 29.2 {micro}g/cm{sup 2} of deposition, however surprisingly, 15.9 {micro}g/cm{sup 2} of material loss occurred at 7 discharges. The net deposited mass of 13.3 {micro}g/cm{sup 2} matched the mass of 13.5 {micro}g/cm{sup 2} measured independently by ion beam analysis. Monte Carlo modeling suggests that transient processes are likely to dominate the deposition.

C.H. Skinner; H. Kugel; A.L. Roquemore; J. Hogan; W.R. Wampler; the NSTX team

2004-08-03T23:59:59.000Z

237

Water vulnerabilities for existing coal-fired power plants.  

SciTech Connect

This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considere

Elcock, D.; Kuiper, J.; Environmental Science Division

2010-08-19T23:59:59.000Z

238

V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

239

Review: Interpretive review of conceptual frameworks and research models that inform Australia's agricultural vulnerability to climate change  

Science Conference Proceedings (OSTI)

Agriculture in Australia is highly vulnerable to climate change. Understanding the sector's vulnerability is critical to developing immediate policy for the future of the agricultural industries and their communities. This review aims to identify research ... Keywords: Biophysical models, Contextual vulnerability, Outcome vulnerability

Leonie J. Pearson; Rohan Nelsonc; Steve Crimp; Jenny Langridge

2011-02-01T23:59:59.000Z

240

Time resolved side scatter diagnostics at NOVA  

Science Conference Proceedings (OSTI)

Side scattering of the radiation during the interaction of a laser beam with the long scale length plasma in hohlraum is a difficult problem of relevance to the viability of ICF. It is important to measure the absolute amount of the laser side scatter as well as the angular distribution of that scatter. The OSA diagnostics has been implemented on NOVA to measure these quantities. We have implemented a fiber-optically coupled streak camera to measure the temporally and angularly resolved side scatter radiation at 351 nm at 9 different angles. Filtered PIN diodes were positioned at 31 various angles in the E-field planed and B-field plane of the incident probe beam to sample and measure the scattered radiation at the 351 nm wavelength of the probe. The diode data was used to calibrate the Brillouin power received by the 9 strategically located fiber optic channels. This presentation will describe the OSA and associated diagnostics.

Kyrala, G.A.; Evans, S.C.; Jimerson, J.R.; Fernandez, J.C.

1996-06-01T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

Seismic Vulnerability and Performance Level of confined brick walls  

Science Conference Proceedings (OSTI)

There has been an increase on the interest of Engineers and designers to use designing methods based on displacement and behavior (designing based on performance) Regarding to the importance of resisting structure design against dynamic loads such as earthquake, and inability to design according to prediction of nonlinear behavior element caused by nonlinear properties of constructional material.Economically speaking, easy carrying out and accessibility of masonry material have caused an enormous increase in masonry structures in villages, towns and cities. On the other hand, there is a necessity to study behavior and Seismic Vulnerability in these kinds of structures since Iran is located on the earthquake belt of Alpide.Different reasons such as environmental, economic, social, cultural and accessible constructional material have caused different kinds of constructional structures.In this study, some tied walls have been modeled with software and with relevant accelerator suitable with geology conditions under dynamic analysis to research on the Seismic Vulnerability and performance level of confined brick walls. Results from this analysis seem to be satisfactory after comparison of them with the values in Code ATC40, FEMA and standard 2800 of Iran.

Ghalehnovi, M.; Rahdar, H. A. [University of Sistan and Baluchestan, Zahedan (Iran, Islamic Republic of)

2008-07-08T23:59:59.000Z

242

Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

Not Available

1994-09-01T23:59:59.000Z

243

Chemical Safety Vulnerability Working Group report. Volume 3  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

Not Available

1994-09-01T23:59:59.000Z

244

U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: McAfee Web Gateway Web Access Cross Site Scripting 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI. reference LINKS: McAfee Web Gateway Release Notes Bugtraq ID: 50341 Secunia Advisory: SA46570 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in McAfee Web Gateway, which can be

245

V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: PuTTY SSH Handshake Integer Overflow Vulnerabilities 3: PuTTY SSH Handshake Integer Overflow Vulnerabilities V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities August 7, 2013 - 6:00am Addthis PROBLEM: SEARCH-LAB has reported some vulnerabilities in PuTTY PLATFORM: PuTTY 0.x ABSTRACT: The vulnerabilities can be exploited by malicious people to potentially compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520 CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerabilities are caused due to some integer overflow errors when handling the SSH handshake and can be exploited to cause heap-based buffer overflows via a negative handshake message length. IMPACT: Successful exploitation of may allow execution of arbitrary code

246

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: ModSecurity Multipart Message Parsing Security Bypass 5: ModSecurity Multipart Message Parsing Security Bypass Vulnerability V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability October 18, 2012 - 6:00am Addthis PROBLEM: ModSecurity Multipart Message Parsing Security Bypass Vulnerability PLATFORM: Modsecurity Versions prior to 2.70 ABSTRACT: SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions REFERENCE LINKS: SEC Consult Secunia Advisory SA49853 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules. IMPACT: Remote Security Bypass SOLUTION: Update to version 2.70. Addthis Related Articles V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

247

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM WebSphere Commerce User Information Disclosure 2: IBM WebSphere Commerce User Information Disclosure Vulnerability U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability October 2, 2012 - 6:00am Addthis PROBLEM: IBM WebSphere Commerce User Information Disclosure Vulnerability PLATFORM: WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11 WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6 ABSTRACT: A vulnerability in WebSphere Commerce could allow disclosure of user personal data. reference LINKS: IBM Security Bulletin 1612484 X-Force Vulnerability Database (78867) Secunia Advisory SA50821 CVE-2012-4830 IMPACT ASSESSMENT: Medium Discussion: A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.

248

U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Microsoft Windows win32k.sys Memory Corruption Vulnerability 5: Microsoft Windows win32k.sys Memory Corruption Vulnerability U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability December 20, 2011 - 9:45am Addthis PROBLEM: Microsoft Windows win32k.sys Memory Corruption Vulnerability. PLATFORM: Operating System Microsoft Windows 7 ABSTRACT: Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. reference LINKS: Secunia Advisory SA47237 MS11-087:Article ID: 2639417 IMPACT ASSESSMENT: High Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page

249

V-082: Novell GroupWise Client Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Novell GroupWise Client Two Vulnerabilities 2: Novell GroupWise Client Two Vulnerabilities V-082: Novell GroupWise Client Two Vulnerabilities February 1, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Novell GroupWise Client PLATFORM: Novell GroupWise 2012 Novell GroupWise Client 2012 Novell GroupWise Client 8.x Novell GroupWise Server 8.x ABSTRACT: Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52031 CVE-2012-0439 CVE-2013-0804 Novell KB 7011687 Novell KB 7011688 IMPACT ASSESSMENT: High DISCUSSION: The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on

250

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

76: VMware vCenter Operations Cross-Site Scripting Vulnerability 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory Secunia Advisory SA50795 CVE-2012-5050 IMPACT ASSESSMENT: Medium Discussion: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact: A vulnerability in VMware vCenter Operations, which can be exploited to

251

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability 5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability June 27, 2011 - 4:31pm Addthis PROBLEM: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability PLATFORM: Mozilla Firefox ABSTRACT: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. reference LINKS: Securityfocus Mozilla Firefox Homepage MFSA 2011-27: XSS encoding hazard with inline SVG IMPACT ASSESSMENT: High Discussion: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to

252

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities August 6, 2012 - 7:00am Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions 2.0.1.358 and earlier. ABSTRACT: Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software reference LINKS: BlackBerry Article ID: KB31675 Secunia Advisory SA50164 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0773 CVE-2012-0779 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

253

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

94: IBM solidDB Password Hash Authentication Bypass 94: IBM solidDB Password Hash Authentication Bypass Vulnerability T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability April 4, 2011 - 6:08am Addthis PROBLEM: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: IBM solidDB 4.x - IBM solidDB 6.x ABSTRACT: This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. REFERENCE LINKS: IBM Security Alert Secunia Advisory: SA44030 ZDI Advisory: ZDI-11-115 IBM solidDB Support IMPACT ASSESSMENT: Medium Discussion: The specific flaw exists within the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol

254

V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IntegraXor ActiveX Control Buffer Overflow Vulnerability 6: IntegraXor ActiveX Control Buffer Overflow Vulnerability V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability February 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in IntegraXor PLATFORM: Integraxor Versions prior to 4.x ABSTRACT: The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow. REFERENCE LINKS: Secunia Advisory SA52073 CVE-2012-4700 US-CERT Advisory IMPACT ASSESSMENT: High DISCUSSION: Successfully exploiting this vulnerability could lead to a DoS for the application or could allow an attacker to execute arbitrary code. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 4.00 build 4280.0 Addthis Related Articles

255

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-214: HP Network Node Manager Java JDK / JRE Multiple U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

256

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability January 23, 2012 - 9:00am Addthis PROBLEM: Linux Kernel "/proc//mem" Privilege Escalation Vulnerability. PLATFORM: Linux Kernel 2.6.x ABSTRACT: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges reference LINKS: Linux Kernel Update CVE-2012-0056 Red Hat Bugzilla Bug 782642 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to the kernel not properly restricting access to "/proc//mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.

257

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java. IMPACT: Apache can be exploited by malicious people to conduct spoofing attacks. SOLUTION: The vendor has issued a fix. Addthis Related Articles

258

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: ISC DHCP Multiple Denial of Service Vulnerabilities 4: ISC DHCP Multiple Denial of Service Vulnerabilities U-224: ISC DHCP Multiple Denial of Service Vulnerabilities July 31, 2012 - 7:00am Addthis PROBLEM: ISC DHCP Multiple Denial of Service Vulnerabilities PLATFORM: ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1 ABSTRACT: ISC DHCP is prone to multiple denial-of-service vulnerabilities. reference LINKS: BIND and DHCP Security Updates Released Bugtraq ID: 54665 Secunia Advisory SA50018 CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests

259

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager Java JDK / JRE Multiple 4: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

260

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

211: IBM iNotes Multiple Vulnerabilities 211: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)  

SciTech Connect

The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

2013-02-01T23:59:59.000Z

262

NIST SP 800-51 Revision 1, Guide to Using Vulnerability ...  

Science Conference Proceedings (OSTI)

... A vulnerability naming scheme is a systematic method for creating and maintaining a standardized dictionary of common names for a set of ...

2012-02-06T23:59:59.000Z

263

Two Manufacturers Agree to Civil Penalties to Resolve Enforcement...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

here. Addthis Related Articles Westinghouse Pays 50,000 Civil Penalty to Resolve Light Bulb Efficiency Violations DOE Collects Civil Penalties for Failure to Certify DOE...

264

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Czech Czech Republic) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Czech Republic Coordinates 49.817493°, 15.472962° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":49.817493,"lon":15.472962,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

265

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Ireland) Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates 53.41291°, -8.24389° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":53.41291,"lon":-8.24389,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

266

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Belgium) Belgium) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Belgium Coordinates 50.359482°, 4.63623° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":50.359482,"lon":4.63623,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

267

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure  

SciTech Connect

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

Suski, N; Wuest, C

2011-02-04T23:59:59.000Z

268

Efficient data IO for a Parallel Global Cloud Resolving Model  

Science Conference Proceedings (OSTI)

Execution of a Global Cloud Resolving Model (GCRM) at target resolutions of 2-4 km will generate, at a minimum, 10s of Gigabytes of data per variable per snapshot. Writing this data to disk, without creating a serious bottleneck in the execution of the ... Keywords: Data formatting, Geodesic grid, Global Cloud Resolving Model, Grid Specifications, High performance IO, Parallel IO libraries

Bruce Palmer; Annette Koontz; Karen Schuchardt; Ross Heikes; David Randall

2011-12-01T23:59:59.000Z

269

Nonhydrostatic icosahedral atmospheric model (NICAM) for global cloud resolving simulations  

Science Conference Proceedings (OSTI)

A new type of ultra-high resolution atmospheric global circulation model is developed. The new model is designed to perform ''cloud resolving simulations'' by directly calculating deep convection and meso-scale circulations, which play key roles not ... Keywords: Aqua-planet experiments, Atmospheric general circulation models, Cloud clusters, Cloud resolving model, Icosahedral grids, Nonhydrostatic model

M. Satoh; T. Matsuno; H. Tomita; H. Miura; T. Nasuno; S. Iga

2008-03-01T23:59:59.000Z

270

Resolved-sideband cooling of a micromechanical oscillator  

E-Print Network (OSTI)

of a series of absorption lines, broadened owing to the upper state's decay rate (Fig. 1a). Cooling canARTICLES Resolved-sideband cooling of a micromechanical oscillator A. SCHLIESSER, R. RIVI`ERE, G In atomic laser cooling, preparation of the motional quantum ground state has been achieved using resolved

Loss, Daniel

271

GIS-based method for the environmental vulnerability assessment to volcanic ashfall at Etna Volcano  

Science Conference Proceedings (OSTI)

The response of environment to ashfall was evaluated aiming at defining the vulnerability in the areas surrounding Mt. Etna volcano, Sicily. The two utilized scenarios assume different thickness of ashfall, over distances comparable with those covered ... Keywords: Corine land cover, Environmental vulnerability, GIS, Volcanic risk

Silvia Rapicetta; Vittorio Zanon

2009-09-01T23:59:59.000Z

272

Aquifer Vulnerability Assessment to Petroleum Contaminants Based on Fuzzy Variable Set Theory and Geographic Information System  

Science Conference Proceedings (OSTI)

It is a common environmental and hydro-geological problem that groundwater system is contaminated by petroleum hydrocarbons. An important step of pollution control and treatment is aquifer vulnerability assessment. In this paper, a karst fissure groundwater ... Keywords: fuzzy variable set, GIS, aquifer, petroleum contamination, vulnerability, assessment

Li Qingguo; Ma Zhenmin; Fang Yunzhi; Chen Shouyu

2009-07-01T23:59:59.000Z

273

ICMPV6 Vulnerability: The Importance of Threat Model and SF-ICMP6  

Science Conference Proceedings (OSTI)

Handling Internet Control Message Protocol version 6 ICMPv6 vulnerabilities is among the challenges in securing the IPv6 deployment. Since ICMPv6 messages are crucial in IPv6 communications, this paper discusses the discovery of ICMPv6 vulnerabilities ... Keywords: ICMPv6 Policy, ICMPv6 Related Attacks, ICMPv6 Security, ICMPv6 Threat Model, Selective Filtering

Abidah Hj Mat Taib, Wan Nor Ashiqin Wan Ali, Nurul Sharidah Shaari

2013-04-01T23:59:59.000Z

274

Security Evaluation for Software System with Vulnerability Life Cycle and User Profiles  

Science Conference Proceedings (OSTI)

This paper proposes the definition of a security criterion and security assessment based on the criterion. More precisely, we present a stochastic model with a vulnerability life-cycle model and a user profile using continuous-time Markov chains. The ... Keywords: vulnerability, security evaluation, user profile

Hiroyuki Okamura; Masataka Tokuzane; Tadashi Dohi

2012-11-01T23:59:59.000Z

275

Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements  

Science Conference Proceedings (OSTI)

This paper proposes a new approach for assessing the organization's vulnerability to information-security breaches. Although much research has been done on qualitative approaches, the literature on numerical approaches to quantify information-security ... Keywords: Information security, Information-security measurement, Risk analysis, Security threats, Vulnerability measurement

Sandip C. Patel; James H. Graham; Patricia A. S. Ralston

2008-12-01T23:59:59.000Z

276

Nuclear Maintenance Applications Center: Emergency Diesel Generator Single Component Vulnerability Review Guidance.  

Science Conference Proceedings (OSTI)

This report provides guidance to owners and operators of nuclear power plants on performing emergency diesel generator (EDG) system single component vulnerability reviews. This guidance was developed based on a recommendation from the nuclear industrys EDG Technical Advisory Committee (TAC) that plants perform a single component vulnerability review as discussed in the Institute of Nuclear Power Operations Industry Experience Report ...

2013-11-01T23:59:59.000Z

277

Fuzzy integrated vulnerability assessment model for critical facilities in combating the terrorism  

Science Conference Proceedings (OSTI)

Critical facility vulnerability assessment is a highly complex strategic activity in combating the terrorism and necessitates a structured quantified methodology to support the decision-making process in defense planning. In the system perspective, the ... Keywords: Airport, Fuzzy Cognitive Maps (FCM), Fuzzy integrated vulnerability assessment model (FIVAM), Fuzzy set theory, Interdependency, Simple Multi-Attribute Rating Technique (SMART), Terrorism

Ilker Akgun; Ahmet Kandakoglu; Ahmet Fahri Ozok

2010-05-01T23:59:59.000Z

278

Civil Penalty Actions For Certification Violations Resolved | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Civil Penalty Actions For Certification Violations Resolved Civil Penalty Actions For Certification Violations Resolved Civil Penalty Actions For Certification Violations Resolved May 6, 2010 - 12:39pm Addthis Today, the Department of Energy announced that it had resolved civil penalty actions against four showerhead manufacturers for having violated the Department's water conservation certification regulations. To resolve these actions Zoe Industries, Altmans Products LLC, EZ-FLO International, and Watermark Designs Ltd. have now certified that their showerheads meet federal water conservation standards and collectively will pay civil penalties of $165,104. DOE had initiated cases against the four manufacturers on January 25th, alleging that they had failed to submit required documents to DOE demonstrating compliance with federal

279

Civil Penalty Actions For Certification Violations Resolved | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

Civil Penalty Actions For Certification Violations Resolved Civil Penalty Actions For Certification Violations Resolved Civil Penalty Actions For Certification Violations Resolved May 6, 2010 - 12:39pm Addthis Today, the Department of Energy announced that it had resolved civil penalty actions against four showerhead manufacturers for having violated the Department's water conservation certification regulations. To resolve these actions Zoe Industries, Altmans Products LLC, EZ-FLO International, and Watermark Designs Ltd. have now certified that their showerheads meet federal water conservation standards and collectively will pay civil penalties of $165,104. DOE had initiated cases against the four manufacturers on January 25th, alleging that they had failed to submit required documents to DOE demonstrating compliance with federal

280

U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Net4Switch ipswcom ActiveX Control Buffer Overflow 8: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability February 22, 2012 - 8:00am Addthis PROBLEM: A vulnerability was reported in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system. PLATFORM: Net4Switch ipswcom ActiveX Control 1.x ABSTRACT: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. reference LINKS: Vendor Advisory Secunia Advisroy 48125 No CVE references. IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow 19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis PROBLEM: Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system. PLATFORM: Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x ABSTRACT: The vulnerability is confirmed in the following products and versions: * Kingsoft Writer 2012 version 8.1.0.3030. * Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 8.1.0.3385. REFERENCE LINKS: Secunia Advisory SA53266 CVE-2013-3934 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a

282

U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Oracle AutoVue ActiveX Control Insecure Method 18: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities October 25, 2011 - 8:45am Addthis PROBLEM: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities. PLATFORM: The vulnerabilities are confirmed in version 20.0.2 build 7910 (AutoVueX.ocx 20.1.1.7910). Other versions may also be affected. ABSTRACT: Successful exploitation of the vulnerabilities allows execution of arbitrary code. reference LINKS: Bugtraq ID: 50321 Secunia Advisory SA46473 Oracle AutoVue IMPACT ASSESSMENT: High Discussion: Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the

283

T-682:Double free vulnerability in MapServer | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2:Double free vulnerability in MapServer 2:Double free vulnerability in MapServer T-682:Double free vulnerability in MapServer August 2, 2011 - 4:08pm Addthis PROBLEM: Double free vulnerability in MapServer PLATFORM: All versions may be susceptible to SQL injection under certain circumstances ABSTRACT: MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases. reference LINKS: Double-free in msAddImageSymbol() when filename is a http resource

284

V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: MediaWiki CentralAuth Extension Authentication Bypass 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for MediaWik REFERENCE LINKS: Secunia Advisory SA54723 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie. IMPACT:

285

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Vulnerabilities 2: Apple QuickTime Multiple Vulnerabilities U-022: Apple QuickTime Multiple Vulnerabilities October 28, 2011 - 8:15am Addthis PROBLEM: Apple QuickTime Multiple Vulnerabilities. PLATFORM: Apple QuickTime prior to 7.7.1 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Apple Product Security Article: HT5016 Secunia Advisory SA46618 SecurityTracker Alert ID: 1026251 CVE-2011-3218, CVE-2011-3219, CVE-2011-3220 CVE-2011-3221, CVE-2011-3222, CVE-2011-3223 CVE-2011-3228, CVE-2011-3247, CVE-2011-3248 CVE-2011-3249, CVE-2011-3250, CVE-2011-3251 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

286

V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Novell iPrint Client Unspecified Buffer Overflow 8: Novell iPrint Client Unspecified Buffer Overflow Vulnerability V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability May 3, 2013 - 6:00am Addthis PROBLEM: Novell iPrint Client Unspecified Buffer Overflow Vulnerability PLATFORM: Novell iPrint Client 5.x ABSTRACT: A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system REFERENCE LINKS: Secunia Advisory SA53261 Novell KB 7012344 Novell KB 7008708 CVE-2013-1091 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an unspecified error and can be exploited to cause a stack-based buffer overflow. IMPACT: Successful exploitation may allow execution of arbitrary code SOLUTION: Vendor recommendation is to update to Version 5.90

287

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-057: eXtplorer "ext_find_user()" Authentication Bypass V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

288

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

289

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat Security Bypass and Denial of Service 7: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities November 6, 2012 - 6:00am Addthis PROBLEM: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities PLATFORM: Apache Tomcat 5.x Apache Tomcat 6.x Apache Tomcat 7.x ABSTRACT: Two vulnerabilities were reported in Apache Tomcat REFERENCE LINKS: Apache.org Apache Tomcat Denial of Service Apache Tomcat DIGEST authentication weaknesses Secunia Advisory SA51138 CVE-2012-2733 CVE-2012-3439 IMPACT ASSESSMENT: Medium DISCUSSION: A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error within the "parseHeaders()" function

290

U-172: OpenOffice.org Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: OpenOffice.org Two Vulnerabilities 72: OpenOffice.org Two Vulnerabilities U-172: OpenOffice.org Two Vulnerabilities May 18, 2012 - 7:00am Addthis PROBLEM: OpenOffice.org Two Vulnerabilities PLATFORM: OpenOffice.org 3.3, Other versions may also be affected. ABSTRACT: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system. Reference LINKS: Secunia Advisory SA46992 CVE-2012-1149 CVE-2012-2149 IMPACT ASSESSMENT: High Discussion: 1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file. 2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect

291

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

292

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apache Struts "ParameterInterceptor" Security Bypass 2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Apache Struts PLATFORM: The vulnerability is reported in versions prior to 2.3.14.1 ABSTRACT: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA53495 Apache Struts Advisory S2-012 Apache Struts Advisory S2-013 CVE-2013-1965 CVE-2013-1966 IMPACT ASSESSMENT: High DISCUSSION: A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request

293

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

294

U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Apache OFBiz Cross-Site Scripting and Code Execution 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior versions may also be affected. references LINKS: Vendor Advisory Secunia Advisory 48800 CVE-2012-1621 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised within the "getServerError()" function in checkoutProcess.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code

295

T-572: VMware ESX/ESXi SLPD denial of service vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: VMware ESX/ESXi SLPD denial of service vulnerability 72: VMware ESX/ESXi SLPD denial of service vulnerability T-572: VMware ESX/ESXi SLPD denial of service vulnerability March 8, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions. PLATFORM: ESX/ESXi 4.0, 4.1 ABSTRACT: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. reference LINKS: VMware Security Advisory: VMSA-2011-0004 VMware vSphere 4 VMware ESXi 4.1 Update CVE-2010-3609 IMPACT ASSESSMENT: Moderate Discussion: A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.

296

Vulnerability assessment of medieval civic towers as a tool for retrofitting design  

Science Conference Proceedings (OSTI)

The seismic vulnerability of an ancient civic bell-tower is studied. Rather than seeing it as an intermediate stage toward a risk analysis, the assessment of vulnerability is here pursued for the purpose of optimizing the retrofit design. The vulnerability curves are drawn by carrying out a single time history analysis of a model calibrated on the basis of experimental data. From the results of this analysis, the medians of three selected performance parameters are estimated, and they are used to compute, for each of them, the probability of exceeding or attaining the three corresponding levels of light, moderate and severe damage. The same numerical model is then used to incorporate the effects of several retrofitting solutions and to re-estimate the associated vulnerability curves. The ultimate goal is to provide a numerical tool able to drive the optimization process of a retrofit design by the comparison of the vulnerability estimates associated with the different retrofitting solutions.

Casciati, Sara [ASTRA Department, University of Catania, Siracusa (Italy); Faravelli, Lucia [Department of Structural Mechanics, University of Pavia, Pavia, Pavia (Italy)

2008-07-08T23:59:59.000Z

297

Comparison of the Diurnal Precipitation Cycle in Convection-Resolving and Non-Convection-Resolving Mesoscale Models  

Science Conference Proceedings (OSTI)

The diurnal cycles of rainfall in 5-km grid-spacing convection-resolving and 22-km grid-spacing non-convection-resolving configurations of the Weather Research and Forecasting (WRF) model are compared to see if significant improvements can be ...

Adam J. Clark; William A. Gallus Jr.; Tsing-Chang Chen

2007-10-01T23:59:59.000Z

298

Ultra Wideband (UWB) communication vulnerability for security applications.  

Science Conference Proceedings (OSTI)

RF toxicity and Information Warfare (IW) are becoming omnipresent posing threats to the protection of nuclear assets, and within theatres of hostility or combat where tactical operation of wireless communication without detection and interception is important and sometimes critical for survival. As a result, a requirement for deployment of many security systems is a highly secure wireless technology manifesting stealth or covert operation suitable for either permanent or tactical deployment where operation without detection or interruption is important The possible use of ultra wideband (UWB) spectrum technology as an alternative physical medium for wireless network communication offers many advantages over conventional narrowband and spread spectrum wireless communication. UWB also known as fast-frequency chirp is nonsinusoidal and sends information directly by transmitting sub-nanosecond pulses without the use of mixing baseband information upon a sinusoidal carrier. Thus UWB sends information using radar-like impulses by spreading its energy thinly over a vast spectrum and can operate at extremely low-power transmission within the noise floor where other forms of RF find it difficult or impossible to operate. As a result UWB offers low probability of detection (LPD), low probability of interception (LPI) as well as anti-jamming (AJ) properties in signal space. This paper analyzes and compares the vulnerability of UWB to narrowband and spread spectrum wireless network communication.

Cooley, H. Timothy

2010-07-01T23:59:59.000Z

299

Social Vulnerability to Coastal and Inland Flood Hazards: A Comparison of GIS-Based Spatial Interpolation Methods  

Science Conference Proceedings (OSTI)

Previous research on exposure to flood hazards suggests that individuals characterized by low social vulnerability are more likely to reside in coastal flood hazard zones than individuals of higher social vulnerability, but few studies have examined ... Keywords: Areal Interpolation, Coastal Hazards, Dasymetric Mapping, Environmental Justice, Flood, Geographic Information Systems GIS, Risk, Vulnerability

Marilyn C. Montgomery, Jayajit Chakraborty

2013-07-01T23:59:59.000Z

300

Resolving Emissions Dynamics via Mass Spectrometry: Time Resolved Measurements of Emission Transients by Mass Spectrometry  

DOE Green Energy (OSTI)

Transient emissions occur throughout normal engine operation and can significantly contribute to overall system emissions. Such transient emissions may originate from various sources including cold start, varying load and exhaust-gas recirculation (EGR) rates; all of which are dynamic processes in the majority of engine operation applications (1). Alternatively, there are systems which are inherently dynamic even at steady-state engine-operation conditions. Such systems include catalytic exhaust-emissions treatment devices with self-initiated and sustained oscillations (2) and NOX adsorber systems (3,4,5). High-speed diagnostics, capable of temporally resolving such emissions transients, are required to characterize the process, verify calculated system inputs, and optimize the system.

Partridge, William P.

2000-08-20T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

DOE Office of Enforcement Resolves 20 Energy Efficiency Enforcement Cases |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolves 20 Energy Efficiency Enforcement Resolves 20 Energy Efficiency Enforcement Cases DOE Office of Enforcement Resolves 20 Energy Efficiency Enforcement Cases June 3, 2011 - 5:04pm Addthis The Department of Energy's Office of Enforcement today announced that it has resolved the 20 enforcement cases it brought in April 2011 against companies for failing to certify that their products comply with the Department's energy and water use standards. The certification requirement generates important information that allows the Department to verify compliance with its efficiency standards and ensures that consumers have the information they need to buy energy- and cost-saving products. In 17 of the cases, the companies entered agreements that include a commitment to certify all covered products. As part of the agreements,

302

DOE Successfully Resolves Three Enforcement Cases and Files Yet Another |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Successfully Resolves Three Enforcement Cases and Files Yet Successfully Resolves Three Enforcement Cases and Files Yet Another DOE Successfully Resolves Three Enforcement Cases and Files Yet Another September 29, 2010 - 5:24pm Addthis The Department has resolved three more of the 27 certification enforcement cases initiated three weeks ago and issued one additional penalty notice to Nordyne, LLC for failure to certify certain air conditioner and heat pump products. These actions reflect the Department's continued aggressive efforts to enforce the Department's certification requirement - which helps to ensure that appliance, plumbing, and lighting products meet the energy and water efficiency levels required by law. The three companies - Daewoo International Inc., Amerisink Inc., and Stiebel Eltron, Inc.- have each agreed to pay $5,000 in penalties and to

303

DOE Resolves Nearly All of its September 2010 Certification Enforcement  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolves Nearly All of its September 2010 Certification Resolves Nearly All of its September 2010 Certification Enforcement Actions DOE Resolves Nearly All of its September 2010 Certification Enforcement Actions October 19, 2010 - 10:39am Addthis The Energy Department's new Office of Enforcement, part of the General Counsel's Office, announced today that it has now successfully resolved 26 of the 30 certification enforcement cases brought in September 2010 as part of the Department's ongoing enforcement initiative. The Department will continue aggressively enforcing its certification requirements, which generate information that allows the Department to verify if a company is complying with energy and water efficiency standards that deliver significant energy, water, and cost savings to the American public.

304

DOE Resolves Nearly All of its September 2010 Certification Enforcement  

NLE Websites -- All DOE Office Websites (Extended Search)

Resolves Nearly All of its September 2010 Certification Resolves Nearly All of its September 2010 Certification Enforcement Actions DOE Resolves Nearly All of its September 2010 Certification Enforcement Actions October 19, 2010 - 10:39am Addthis The Energy Department's new Office of Enforcement, part of the General Counsel's Office, announced today that it has now successfully resolved 26 of the 30 certification enforcement cases brought in September 2010 as part of the Department's ongoing enforcement initiative. The Department will continue aggressively enforcing its certification requirements, which generate information that allows the Department to verify if a company is complying with energy and water efficiency standards that deliver significant energy, water, and cost savings to the American public.

305

DOE Resolves Avanti Refrigerator and Freezer Civil Penalty Case  

Energy.gov (U.S. Department of Energy (DOE))

Today, the Department of Energy announced that it has resolved thecivil penalty action against Mackle Company for its failure to certify that refrigerators and refrigerator-freezers sold under the...

306

SST Sensitivities in Multiday TOGA COARE Cloud-Resolving Simulations  

Science Conference Proceedings (OSTI)

A two-dimensional cloud-resolving model (CRM) was used to simulate the evolution of convection over the western Pacific between 19 and 26 December 1992, during the Tropical Ocean Global Atmosphere Coupled OceanAtmosphere Response Experiment. A ...

Alexandre A. Costa; William R. Cotton; Robert L. Walko; Roger A. Pielke Sr.; Hongli Jiang

2001-02-01T23:59:59.000Z

307

Entrainment in Cumulus Clouds: What Resolution is Cloud-Resolving?  

Science Conference Proceedings (OSTI)

Systematic numerical experiments were conducted to determine the spatial resolution required to resolve a moist thermal show convergence at a scale proportional to the smaller of the initial thermal diameter D0 and a buoyancy length scale Lbuoy. ...

George C. Craig; Andreas Drnbrack

2008-12-01T23:59:59.000Z

308

Passive background correction method for spatially resolved detection  

DOE Patents (OSTI)

A method for passive background correction during spatially or angularly resolved detection of emission that is based on the simultaneous acquisition of both the passive background spectrum and the spectrum of the target of interest.

Schmitt, Randal L. (Tijeras, NM); Hargis, Jr., Philip J. (Albuquerque, NM)

2011-05-10T23:59:59.000Z

309

Depth-resolved cathodoluminescence spectroscopy of silicon supersaturated with sulfur  

E-Print Network (OSTI)

We investigate the luminescence of Si supersaturated with S (Si:S) using depth-resolved cathodoluminescence spectroscopy and secondary ion mass spectroscopy as the S concentration is varied over 2 orders of magnitude ...

Fabbri, Filippo

310

Large-Scale Parallel Computing of Cloud Resolving Storm Simulator  

Science Conference Proceedings (OSTI)

A sever thunderstorm is composed of strong convective clouds. In order to perform a simulation of this type of storms, a very finegrid system is necessary to resolve individual convective clouds within a large domain. Since convective clouds are highly ...

Kazuhisa Tsuboki; Atsushi Sakakibara

2002-05-01T23:59:59.000Z

311

Varieties of Fully Resolved Spectra of Vertical Shear  

Science Conference Proceedings (OSTI)

The Multi-Scale profiler (MSP) resolves shear between vertical wavenumbers of 0.01 cpm and the viscous cutoff of small-scale turbulence. Observations from five sites reveal varied spectral shapes and amplitudes. Spectral amplitudes measured at ...

M. C. Gregg; D. P. Winkel; T. B. Sanford

1993-01-01T23:59:59.000Z

312

Depth resolved wide field illumination for biomedical imaging and fabrication  

E-Print Network (OSTI)

Nonlinear microscopic imaging is relatively slow due to the sequential nature of raster scanning. Recently, this limitation was overcome by developing a 3D-resolved wide-field two-photon microscope based on the concept of ...

So, Peter T. C.

313

Resolving complex cases of definite pronouns: the winograd schema challenge  

Science Conference Proceedings (OSTI)

We examine the task of resolving complex cases of definite pronouns, specifically those for which traditional linguistic constraints on coreference (e.g., Binding Constraints, gender and number agreement) as well as commonly-used resolution heuristics ...

Altaf Rahman; Vincent Ng

2012-07-01T23:59:59.000Z

314

T-668: Vulnerability in a BlackBerry Enterprise Server component could  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in a BlackBerry Enterprise Server component 8: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service July 14, 2011 - 7:20am Addthis PROBLEM: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service PLATFORM: Affected Software >> BlackBerry Enterprise Server (BES) version(s) 5.0.0 for API/MS Exchange (Admin API Option Only), BES/Express version 5.0.2 & 5.0.3 IBM Lotus Domino , BES 5.0.1, 5.0.2 & 5.0.3 for MS Exchange, IBM Lotus Domino, BlackBerry Enterprise Server versions 5.0.1 for GroupWise ABSTRACT: This advisory describes a security issue in the BlackBerry Administration

315

V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ownCloud Cross-Site Scripting and File Upload 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

316

U-151: Bugzilla Cross-Site Request Forgery Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Bugzilla Cross-Site Request Forgery Vulnerability 51: Bugzilla Cross-Site Request Forgery Vulnerability U-151: Bugzilla Cross-Site Request Forgery Vulnerability April 19, 2012 - 8:15am Addthis PROBLEM: A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. reference LINKS: Vendor Advisory Secunia Advisory 48835 CVE-2012-0465 CVE-2012-0466 IMPACT ASSESSMENT: Medium Discussion: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery of a valid user password. An attacker can get access to some bug information using the victim's

317

U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

28: Microsoft Windows win32k.sys TrueType Font Parsing 28: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability November 7, 2011 - 8:15am Addthis PROBLEM: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability. PLATFORM: Microsoft Windows 7 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows Storage Server 2003 Microsoft Windows Vista Microsoft Windows XP Home Edition Microsoft Windows XP Professional ABSTRACT: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. reference LINKS:

318

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather This report-part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process established under Executive Order 13514 and to advance the U.S. Department of Energy's goal of promoting energy security-examines current and potential future impacts of these climate trends on the U.S. energy sector. Report updated July 16, 2013. Explore an interactive map that shows where climate change has already impacted the energy sector. US Energy Sector Vulnerabilities to Climate Change More Documents & Publications

319

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerabilities to Climate Change and Extreme U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather This report-part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process established under Executive Order 13514 and to advance the U.S. Department of Energy's goal of promoting energy security-examines current and potential future impacts of these climate trends on the U.S. energy sector. Report updated July 16, 2013. Explore an interactive map that shows where climate change has already impacted the energy sector. US Energy Sector Vulnerabilities to Climate Change More Documents & Publications

320

A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

A Busy Year Securing Vulnerable Nuclear Material and Making the A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer January 7, 2011 - 6:22pm Addthis John Schueler John Schueler Former New Media Specialist, Office of Public Affairs This holiday season was certainly a busy one for the National Nuclear Security Administration (NNSA). While many Americans were off completing last minute Christmas shopping and spending time with loved ones, the team at NNSA was working around the clock to secure over 50 kilograms of highly enriched uranium from three sites in the Ukraine. As part of President Obama's ambitious plan to secure all vulnerable nuclear material around the world in four years, NNSA assisted in repatriating the dangerous

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: MySQL User Login Security Bypass and Unspecified 8: MySQL User Login Security Bypass and Unspecified Vulnerability U-188: MySQL User Login Security Bypass and Unspecified Vulnerability June 12, 2012 - 7:00am Addthis PROBLEM: A security issue and vulnerability have been reported in MySQL PLATFORM: MySQL 5.x ABSTRACT: An error when verifying authentication attempts can be exploited to bypass the authentication mechanism. Reference LINKS: Original Advisory CVE-2012-2122 Secunia Advisory 49409 IMPACT ASSESSMENT: High Discussion: Successful exploitation of this vulnerability requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc). NOTE: Vendor binaries are reportedly not affected. The security issue is reported in versions prior to 5.1.63 and 5.5.25.

322

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 7: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

323

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing 37: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability August 16, 2012 - 7:00am Addthis PROBLEM: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability PLATFORM: Version(s): Mozilla Firefox 6 - 12 ABSTRACT: To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI. REFERENCE LINKS: http://www.securityfocus.com/bid/54585 CVE-2012-1950 IMPACT ASSESSMENT: Medium Discussion: The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display

324

U-117: Potential security vulnerability has been identified with certain HP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Potential security vulnerability has been identified with 7: Potential security vulnerability has been identified with certain HP printers and HP digital senders U-117: Potential security vulnerability has been identified with certain HP printers and HP digital senders March 5, 2012 - 7:00am Addthis PROBLEM: The vulnerability could be exploited remotely to install unauthorized printer firmware. PLATFORM: Select HP printers and Digital Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. reference LINKS: Vendor Advisory CVE-2011-4161 Previous JC3 Advisory Bulletin IMPACT ASSESSMENT: High Discussion: The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx;

325

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

326

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

202: Apple QuickTime Multiple Stack Overflow Vulnerabilities 202: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

327

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apple QuickTime Multiple Stack Overflow Vulnerabilities 2: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities June 29, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities. PLATFORM: Version(s): prior to 7.7.2 ABSTRACT: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Reference links: Vendor Advisory Security Focus ID 53571 CVE-2012-0663 IMPACT ASSESSMENT: Medium Discussion: These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

328

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Apple Mac OS X Multiple Vulnerabilities 1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X PLATFORM: Apple Macintosh OS X ABSTRACT: The vulnerabilities are caused due to a bundled version of QuickTime REFERENCE LINKS: Secunia Advisory SA54049 APPLE-SA-2013-07-02-1 Security Update 2013-003 CVE-2013-1018 CVE-2013-1019 CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow A boundary error when handling "mvhd" atoms can be exploited to cause a

329

Title draft: Complexity and vulnerability of Smartgrid systems Elizaveta Kuznetsova1  

E-Print Network (OSTI)

1 Title draft: Complexity and vulnerability of Smartgrid systems Elizaveta Kuznetsova1 , Keith of Smartgrids. Typical characteristics of complex systems, such as self-organization, emergence, chaotic behavior and evolution, are considered with respect to Smartgrids as future energy infrastructures

330

Research on the Parallelism of Security Vulnerability Detection of Logic-Unknown PLD  

Science Conference Proceedings (OSTI)

As the development of integrated circuit, the algorithms of security vulnerability detection available are not suitable for encrypted PLD in large scale, which would bring inacceptable comsumption of memory and time. By analyzing the relation of input ...

Li Zhou; Qing-bao Li; Min Fan; Guang-en Zhou

2009-12-01T23:59:59.000Z

331

Minutes of the 7th Meeting of the Livermore Vulnerability Committee  

SciTech Connect

This memorandum provides the minutes of the 7th meeting of the Livermore Vulnerability Committee. The Laboratory commitments in the Tapestry experiment, with particular reference to those experiments proposed in the Polaris MK 2 and the Minuteman MK 2 programs.

Germain, L.

1965-05-26T23:59:59.000Z

332

Assessment of chemical vulnerabilities in the Hanford high-level waste tanks  

SciTech Connect

The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

Meacham, J.E. [and others

1996-02-15T23:59:59.000Z

333

U-171: DeltaV Products Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

71: DeltaV Products Multiple Vulnerabilities 71: DeltaV Products Multiple Vulnerabilities U-171: DeltaV Products Multiple Vulnerabilities May 17, 2012 - 7:00am Addthis PROBLEM: DeltaV Products Multiple Vulnerabilities PLATFORM: DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 DeltaV ProEssentials Scientific Graph version 5.0.0.6 ABSTRACT: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference LINKS: Secunia Advisory SA49210 CVE-2012-1814 CVE-2012-1815 CVE-2012-1816 CVE-2012-1817 CVE-2012-1818 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and

334

V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: GnuTLS TLS Record Decoding Denial of Service Vulnerability 7: GnuTLS TLS Record Decoding Denial of Service Vulnerability V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability May 30, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in GnuTLS PLATFORM: GnuTLS 2.x ABSTRACT: A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) REFERENCE LINKS: Secunia Advisory SA53600 GnuTLS Library GNUTLS-SA-2013-2 CVE-2013-2116 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an out-of-bounds read error within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c and can be exploited to cause a crash of the application using the library. IMPACT: Possible DoS SOLUTION: Vendor recommends applying Patch or upgrading to Version 3.x

335

V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP StoreOnce D2D Backup Systems Denial of Service 6: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability August 24, 2013 - 3:45am Addthis PROBLEM: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: HP StoreOnce D2D Backup Systems 1.x, HP StoreOnce D2D Backup Systems 2.x ABSTRACT: The vulnerability is reported in versions 2.2.18 and prior and 1.2.18 and prior. REFERENCE LINKS: Secunia Advisory SA54598 CVE-2013-2353 IMPACT ASSESSMENT: Moderate DISCUSSION: A vulnerability has been reported in HP StoreOnce D2D Backup Systems, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further

336

V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers  

Energy.gov (U.S. Department of Energy (DOE))

A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c

337

Princeton Professor Resolves Complex Puzzle | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Princeton Professor Resolves Complex Puzzle Princeton Professor Resolves Complex Puzzle Princeton Professor Resolves Complex Puzzle November 24, 2010 - 11:32am Addthis Andy Oare Andy Oare Former New Media Strategist, Office of Public Affairs What does this mean for me? Dr. Torquato's work -- in addition to detecting gravitational waves and improving understanding of low-temperature states of matter -- could have applications in areas ranging from wireless communications network layouts to data compression and coding and cryptography. A change in perspective can change everything. A complex jigsaw puzzle may suddenly be solved by stepping back ... Taking the dog for a walk ... Or going to the gym. Physicists and mathematicians often work in similar fashion: taking a step back, looking at a complex problem in a new way, and

338

Resolve to Save Energy This Year | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolve to Save Energy This Year Resolve to Save Energy This Year Resolve to Save Energy This Year January 2, 2013 - 10:52am Addthis Looking for ways to save energy? Check out these tips that every homeowner should try. | Infographic by Sarah Gerrity, Energy Department. Looking for ways to save energy? Check out these tips that every homeowner should try. | Infographic by Sarah Gerrity, Energy Department. Rebecca Matulka Rebecca Matulka Digital Communications Specialist, Office of Public Affairs Looking for more ways to save energy? Check out Energy Saver for tips that save energy and money. At the beginning of every new year, millions of Americans make New Year's resolutions, which inevitably are forgotten by the end of January. This year, forget making a New Year's resolution. Instead make a home energy

339

Resolve to Save Energy This Year | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolve to Save Energy This Year Resolve to Save Energy This Year Resolve to Save Energy This Year January 2, 2014 - 8:50am Addthis Looking for ways to save energy? Check out these tips that every homeowner should try. | Infographic by Sarah Gerrity, Energy Department. Updated January 2, 2014. Looking for ways to save energy? Check out these tips that every homeowner should try. | Infographic by Sarah Gerrity, Energy Department. Updated January 2, 2014. Rebecca Matulka Rebecca Matulka Digital Communications Specialist, Office of Public Affairs Looking for more ways to save energy? Check out Energy Saver for tips that save energy and money. Editor's Note: It's a new year, and that means new resolutions. Whether this is the first year you're looking for ways to save energy or you want to lower your energy bills even more than last year, check out our eight

340

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: eXtplorer "ext_find_user()" Authentication Bypass 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug. IMPACT: An error within the "ext_find_user()" function in users.php can be

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

V-080: Apple iOS Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apple iOS Multiple Vulnerabilities 0: Apple iOS Multiple Vulnerabilities V-080: Apple iOS Multiple Vulnerabilities January 30, 2013 - 12:56am Addthis PROBLEM: Apple iOS Multiple Vulnerabilities PLATFORM: Apple iOS 6.x for iPhone 3GS and later Apple iOS for iPad 6.x Apple iOS for iPod touch 6.x ABSTRACT: Two security issues and multiple vulnerabilities have been reported in Apple iOS REFERENCE LINKS: Article: HT5642 APPLE-SA-2013-01-28-1 iOS 6.1 Software Update Secunia Advisory SA52002 CVE-2011-3058 CVE-2012-2619 CVE-2012-2824 CVE-2012-2857 CVE-2012-2889 CVE-2012-3606 CVE-2012-3607 CVE-2012-3621 CVE-2012-3632 CVE-2012-3687 CVE-2012-3701 CVE-2013-0948 CVE-2013-0949 CVE-2013-0950 CVE-2013-0951 CVE-2013-0952 CVE-2013-0953 CVE-2013-0954 CVE-2013-0955 CVE-2013-0956 CVE-2013-0958 CVE-2013-0959 CVE-2013-0962 CVE-2013-0963 CVE-2013-0964

342

V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities May 17, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in BlackBerry Tablet OS PLATFORM: BlackBerry Tablet OS 2.x ABSTRACT: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53453 Blackberry Security Advisory KB34161 CVE-2012-5248 CVE-2012-5249 CVE-2012-5250 CVE-2012-5251 CVE-2012-5252 CVE-2012-5253 CVE-2012-5254 CVE-2012-5255 CVE-2012-5256 CVE-2012-5257 CVE-2012-5258 CVE-2012-5259 CVE-2012-5260 CVE-2012-5261 CVE-2012-5262 CVE-2012-5263 CVE-2012-5264 CVE-2012-5265

343

Time-Resolved Study of Bonding in Liquid Carbon  

NLE Websites -- All DOE Office Websites (Extended Search)

Time-Resolved Study of Bonding Time-Resolved Study of Bonding in Liquid Carbon Time-Resolved Study of Bonding in Liquid Carbon Print Wednesday, 28 September 2005 00:00 We are accustomed to observing carbon in its elemental form as a solid, ranging from the soft "lead" in pencils to the precious gemstone in diamond rings. While considerable attention has been focused on solid forms of carbon, the properties of liquid carbon are much more difficult to measure accurately. The very strong bonding between carbon atoms that gives diamonds their hardness also makes carbon very difficult to melt, requiring temperatures above 5000 K at pressures above 100 bar. Maintaining such conditions in a laboratory is a challenge that has hampered efforts to fully understand the chemical bonding properties of this biologically, industrially, and environmentally important element. At the ALS, researchers have found a way to rapidly heat a carbon sample and contain the resulting liquid long enough to perform picosecond time-resolved x-ray absorption spectroscopy. The technique provides a way to measure the bonding properties of liquid carbon at near-solid densities that can then be compared with results from molecular dynamics simulations.

344

Detectors for Energy-Resolved Fast Neutron Imaging  

E-Print Network (OSTI)

Two detectors for energy-resolved fast-neutron imaging in pulsed broad-energy neutron beams are presented. The first one is a neutron-counting detector based on a solid neutron converter coupled to a gaseous electron multiplier (GEM). The second is an integrating imaging technique, based on a scintillator for neutron conversion and an optical imaging system with fast framing capability.

V. Dangendorf; A. Breskin; R. Chechik; G. Feldman; M. B. Goldberg; O. Jagutzki; C. Kersten; G. Laczko; I. Mor; U. Spillman; D. Vartsky

2004-03-25T23:59:59.000Z

345

Local Implications of Globally Restricted Mobility: A study of Queenstowns vulnerability to peak oil and climate change.  

E-Print Network (OSTI)

??This thesis employs a case study approach to investigate local implications of globally restricted mobility by examining Queenstowns vulnerability to peak oil and climate change. (more)

Walsh, Tim

2011-01-01T23:59:59.000Z

346

V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

177: VMware vCenter Chargeback Manager File Upload Handling 177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability June 13, 2013 - 6:00am Addthis PROBLEM: vCenter Chargeback Manager Remote Code Execution PLATFORM: VMware vCenter Chargeback Manager 2.x ABSTRACT: The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution REFERENCE LINKS: Secunia Advisory SA53798 VMWare Security Advisory VMSA-2013-0008 CVE-2013-3520 IMPACT ASSESSMENT: Medium DISCUSSION: The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely. IMPACT: System Access SOLUTION: Vendor recommends updating to version 2.5.1

347

Department of Energy Plutonium ES&H Vulnerability Assessment Savannah River Site interim compensatory measures  

Science Conference Proceedings (OSTI)

The Savannah River Site (SRS) has recently completed a self-assessment of potential vulnerabilities associated with plutonium and other transuranic materials stored at the site. An independent Working Group Assessment Team (WGAT) appointed by DOE/ES&H also performed an independent assessment, and reviewed and validated the site self-assessment. The purpose of this report is to provide a status of interim compensatory measures at SRS to address hazards in advance of any corrective actions. ES&H has requested this status for all vulnerabilities ranked medium or higher with respect to potential consequences to workers, environment, and the public.

Bickford, W.E.

1994-09-15T23:59:59.000Z

348

Argonne CNM News: Time-Resolved Measurements Show Colloidal Nanoplatelets  

NLE Websites -- All DOE Office Websites (Extended Search)

Time-Resolved Measurements Show Colloidal Nanoplatelets Act Like Quantum Wells Time-Resolved Measurements Show Colloidal Nanoplatelets Act Like Quantum Wells TEM image of CdSe nanoplatelets Schematic and transmission electron microscope (TEM) image of CdSe nanoplatelets with a thickness of 5 monolayers. The relaxation of high-energy carriers (electrons and holes) in colloidal nanoplatelets have been measured by researchers in the Nanophotonics Group at the Center for Nanoscale Materials, working with colleagues at the University of Chicago. The measurements show that the carriers behave like carriers in quantum wells. Quantum wells have found widespread application in optoelectronics, and the new results suggest that colloidal nanoplatelets should find similar applications, with the added advantage that they can be produced at low cost and in large quantities.

349

Manufacturers of Noncompliant Products Agree to Civil Penalties to Resolve  

NLE Websites -- All DOE Office Websites (Extended Search)

Manufacturers of Noncompliant Products Agree to Civil Penalties to Manufacturers of Noncompliant Products Agree to Civil Penalties to Resolve Enforcement Actions Manufacturers of Noncompliant Products Agree to Civil Penalties to Resolve Enforcement Actions July 1, 2013 - 11:17am Addthis The Department of Energy has settled civil penalty actions it initiated against nine companies for the manufacture and sale in the United States of products that fail to meet federal energy conservation standards. The covered consumer products and commercial/industrial equipment found in violation included automatic commercial ice makers, distribution transformers, external power supplies, showerheads and lighting products. The companies ceased all sales within the United States of the products that violated federal energy conservation standards.

350

Manufacturers of Noncompliant Products Agree to Civil Penalties to Resolve  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Manufacturers of Noncompliant Products Agree to Civil Penalties to Manufacturers of Noncompliant Products Agree to Civil Penalties to Resolve Enforcement Actions Manufacturers of Noncompliant Products Agree to Civil Penalties to Resolve Enforcement Actions July 1, 2013 - 11:17am Addthis The Department of Energy has settled civil penalty actions it initiated against nine companies for the manufacture and sale in the United States of products that fail to meet federal energy conservation standards. The covered consumer products and commercial/industrial equipment found in violation included automatic commercial ice makers, distribution transformers, external power supplies, showerheads and lighting products. The companies ceased all sales within the United States of the products that violated federal energy conservation standards.

351

A Close Binary Star Resolved from Occultation by 87 Sylvia  

E-Print Network (OSTI)

The star BD+29 1748 was resolved to be a close binary from its occultation by the asteroid 87 Sylvia on 2006 December 18 UT. Four telescopes were used to observe this event at two sites separated by some 80 km apart. Two flux drops were observed at one site, whereas only one flux drop was detected at the other. From the long-term variation of Sylvia, we inferred the probable shape of the shadow during the occultation, and this in turn constrains the binary parameters: the two components of BD+29 1748 have a projected separation of 0.097" to 0.110" on the sky with a position angle 104 deg to 107 deg. The asteroid was clearly resolved with a size scale ranging from 130 to 290 km, as projected onto the occultation direction. No occultation was detected for either of the two known moonlets of 87 Sylvia.

Lin, Chi-Long; Chen, W P; King, Sun-Kun; Lin, Hung-Chin; Bianco, F B; Lehner, M J; Coehlo, N K; Wang, J -H; Mondal, S; Alcock, C; Axelrod, T; Byun, Y -I; Cook, K H; Dav, R; De Pater, I; Porrata, R; Kim, D -W; Lee, T; Lissauer, J J; Marshall, S L; Rice, J A; Schwamb, M E; Wang, S -Y; Wen, C -Y

2009-01-01T23:59:59.000Z

352

Time-Resolved Study of Bonding in Liquid Carbon  

NLE Websites -- All DOE Office Websites (Extended Search)

Time-Resolved Study of Bonding in Liquid Carbon Print Time-Resolved Study of Bonding in Liquid Carbon Print We are accustomed to observing carbon in its elemental form as a solid, ranging from the soft "lead" in pencils to the precious gemstone in diamond rings. While considerable attention has been focused on solid forms of carbon, the properties of liquid carbon are much more difficult to measure accurately. The very strong bonding between carbon atoms that gives diamonds their hardness also makes carbon very difficult to melt, requiring temperatures above 5000 K at pressures above 100 bar. Maintaining such conditions in a laboratory is a challenge that has hampered efforts to fully understand the chemical bonding properties of this biologically, industrially, and environmentally important element. At the ALS, researchers have found a way to rapidly heat a carbon sample and contain the resulting liquid long enough to perform picosecond time-resolved x-ray absorption spectroscopy. The technique provides a way to measure the bonding properties of liquid carbon at near-solid densities that can then be compared with results from molecular dynamics simulations.

353

Time-Resolved Study of Bonding in Liquid Carbon  

NLE Websites -- All DOE Office Websites (Extended Search)

Time-Resolved Study of Bonding in Liquid Carbon Print Time-Resolved Study of Bonding in Liquid Carbon Print We are accustomed to observing carbon in its elemental form as a solid, ranging from the soft "lead" in pencils to the precious gemstone in diamond rings. While considerable attention has been focused on solid forms of carbon, the properties of liquid carbon are much more difficult to measure accurately. The very strong bonding between carbon atoms that gives diamonds their hardness also makes carbon very difficult to melt, requiring temperatures above 5000 K at pressures above 100 bar. Maintaining such conditions in a laboratory is a challenge that has hampered efforts to fully understand the chemical bonding properties of this biologically, industrially, and environmentally important element. At the ALS, researchers have found a way to rapidly heat a carbon sample and contain the resulting liquid long enough to perform picosecond time-resolved x-ray absorption spectroscopy. The technique provides a way to measure the bonding properties of liquid carbon at near-solid densities that can then be compared with results from molecular dynamics simulations.

354

Time-Resolved Study of Bonding in Liquid Carbon  

NLE Websites -- All DOE Office Websites (Extended Search)

Time-Resolved Study of Bonding in Liquid Carbon Print Time-Resolved Study of Bonding in Liquid Carbon Print We are accustomed to observing carbon in its elemental form as a solid, ranging from the soft "lead" in pencils to the precious gemstone in diamond rings. While considerable attention has been focused on solid forms of carbon, the properties of liquid carbon are much more difficult to measure accurately. The very strong bonding between carbon atoms that gives diamonds their hardness also makes carbon very difficult to melt, requiring temperatures above 5000 K at pressures above 100 bar. Maintaining such conditions in a laboratory is a challenge that has hampered efforts to fully understand the chemical bonding properties of this biologically, industrially, and environmentally important element. At the ALS, researchers have found a way to rapidly heat a carbon sample and contain the resulting liquid long enough to perform picosecond time-resolved x-ray absorption spectroscopy. The technique provides a way to measure the bonding properties of liquid carbon at near-solid densities that can then be compared with results from molecular dynamics simulations.

355

U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Cisco IOS IPSec IKE Unspecified Denial of Service 8: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability April 2, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco IOS XE 2.1.x Cisco IOS XE 2.2.x Cisco IOS XE 2.3.x Cisco IOS XE 2.4.x Cisco IOS XE 2.5.x Cisco IOS XE 2.6.x Cisco IOS XE 3.1.x Cisco IOS XE 3.3.x ABSTRACT: The IKEv1 feature of Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected device. REFERENCE LINKS: Vendor Advisory Secunia Advisory SA48607 CVE-2012-0381 iMPACT ASSESSMENT: High discussion: The March 28, 2012, Cisco IOS Software Security Advisory bundled

356

T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerability in the PDF distiller of the BlackBerry 4: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server January 13, 2011 - 2:30pm Addthis PROBLEM: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. PLATFORM: * BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange * BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino * BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Microsoft Exchange and IBM Lotus Domino * BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise * BlackBerry Professional Software version 4.1.4 for Microsoft Exchange and

357

Towards the protection of industrial control systems: conclusions of a vulnerability analysis of profinet IO  

Science Conference Proceedings (OSTI)

The trend of introducing common information and communication technologies into automation control systems induces besides many benefits new security risks to industrial plants and critical infrastructures. The increasing use of Internet protocols in ... Keywords: anomaly detection, industrial control systems, intrusion detection, profinet IO attacks, profinet IO vulnerabilities

Andreas Paul, Franka Schuster, Hartmut Knig

2013-07-01T23:59:59.000Z

358

Assessment of Groundwater Vulnerability to Contamination Using Capture Zone Delineation in Shenzhen City, China  

Science Conference Proceedings (OSTI)

As a result of the large risk associated with the contamination of aquifers, it becomes imperative to protect groundwater supply areas. One of the practical methods that is projected for the protection of aquifers is to zone a boundary around current ... Keywords: MODPATH, capture zones, delineation, groundwater contamination, vulnerability

Chiha Aida; Aiguo Zhou; Jianwei Zhou; ShaoGang Dong

2009-07-01T23:59:59.000Z

359

U-183: ISC BIND DNS Resource Records Handling Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: ISC BIND DNS Resource Records Handling Vulnerability 3: ISC BIND DNS Resource Records Handling Vulnerability U-183: ISC BIND DNS Resource Records Handling Vulnerability June 5, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). PLATFORM: Version(s): ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ISC BIND 9.9.x ABSTRACT: This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields. Reference List: Secunia Advisory 49338 CVE-2012-1667 Original Advisory IMPACT ASSESSMENT: High Discussion: Recursive servers may crash or disclose some portion of memory to the

360

Energy Sector Vulnerable to Climate Change, U.S. Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

Energy Sector Vulnerable to Climate Change, U.S. Department of Energy Report Says Print E-mail Energy Sector Vulnerable to Climate Change, U.S. Department of Energy Report Says Print E-mail President Obama Announces His Climate Action Plan Friday, July 26, 2013 Featured by DOE, a member of the U.S. Global Change Research Program In his speech at Georgetown University last month, President Obama referred to our nation's vulnerabilities to climate change, underscoring how Hurricane Sandy and other climate-related disasters serve as wake-up calls. These extreme weather events as well as changes in temperature and water availability - all related to our changing climate - are disrupting the ways we generate, distribute, and consume energy, according to a new report released by the US Department of Energy. The U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather report examines current and potential future impacts of these climate trends on the U.S. energy sector.

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

Vulnerability assessment of groundwater resources: A modelling-based approach to the Mancha Occidental aquifer, Spain  

Science Conference Proceedings (OSTI)

The semiarid Mancha Occidental aquifer represents a paradigmatic case of intensive groundwater use for agriculture. Irrigation has proven a catalyst for welfare in the area over the last three decades, if at a significant environmental cost and while ... Keywords: Aquifer, Groundwater, Mancha Occidental, Participatory modelling, Vulnerability, Water Framework Directive

Pedro Martnez-Santos; M. Ramn Llamas; Pedro E. Martnez-Alfaro

2008-09-01T23:59:59.000Z

362

Classifying soft error vulnerabilities in extreme-scale scientific applications using a binary instrumentation tool  

Science Conference Proceedings (OSTI)

Extreme-scale scientific applications are at a significant risk of being hit by soft errors on supercomputers as the scale of these systems and the component density continues to increase. In order to better understand the specific soft error vulnerabilities ...

Dong Li; Jeffrey S. Vetter; Weikuan Yu

2012-11-01T23:59:59.000Z

363

Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. To address the facility-specific and site-specific vulnerabilities, responsible DOE and site-contractor line organizations have developed initial site response plans. These plans, presented as Volume 2 of this Management Response Plan, describe the actions needed to mitigate or eliminate the facility- and site-specific vulnerabilities identified by the CSV Working Group field verification teams. Initial site response plans are described for: Brookhaven National Lab., Hanford Site, Idaho National Engineering Lab., Lawrence Livermore National Lab., Los Alamos National Lab., Oak Ridge Reservation, Rocky Flats Plant, Sandia National Laboratories, and Savannah River Site.

Not Available

1994-09-01T23:59:59.000Z

364

Vulnerability Analysis of a Nuclear Power Plant Considering Detonations of Explosive Devices  

E-Print Network (OSTI)

Vulnerability Analysis of a Nuclear Power Plant Considering Detonations of Explosive Devices Marko threats to a nuclear power plant in the year 1991 and after the 9/11 events in 2001. The methodology which strength and injuries of human beings with nuclear power plant models used in probabilistic safety

Cizelj, Leon

365

Security Issues in Cloud Computing: A Survey of Risks, Threats and Vulnerabilities  

Science Conference Proceedings (OSTI)

Cloud Computing CC is revolutionizing the methodology by which IT services are being utilized. It is being introduced and marketed with many attractive promises that are enticing to many companies and managers, such as reduced capital costs and relief ... Keywords: Cloud Computing, Risks, Security, Threats, Vulnerabilities

Kamal Dahbur; Bassil Mohammad; Ahmad Bisher Tarakji

2011-07-01T23:59:59.000Z

366

A vulnerabilities analysis and corresponding middleware security extensions for securing NGN applications  

Science Conference Proceedings (OSTI)

International standard bodies such as the Parlay Group, 3GPP (Third Generation Partnership Project), and ETSI TISPAN describe an applications middleware in the form of open service access (OSA)/Parlay Application Programming Interfaces and Parlay X Web ... Keywords: Digital signature and encryption, Intrusion detection and prevention (IDP) system, Middleware vulnerabilities and security threats, SQL Injection attacks, Security assertion markup language (SAML)

Muhammad Sher; Thomas Magedanz

2007-11-01T23:59:59.000Z

367

Performance Assessment of a Heat Wave Vulnerability Index for Greater London, United Kingdom  

Science Conference Proceedings (OSTI)

This study reports on the assessment of a multivariate heat wave vulnerability index (HVI) developed for London in the United Kingdom. The HVI is assessed in terms of its ability to predict whether mortality and ambulance call-out attain above ...

Tanja Wolf; Glenn McGregor; Antonis Analitis

368

Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2  

SciTech Connect

The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

Fesharaki, F.; Rizer, J.P.; Greer, L.S.

1994-05-01T23:59:59.000Z

369

Time-resolved Hyperspectral Fluorescence Spectroscopy using Frequency Modulated Excitation  

SciTech Connect

An intensity-modulated excitation light source is used together with a micro channel plate intensified CCD (ICCD) detector gated at a slightly different frequency to generate a beat frequency from a fluorescent sample. The addition of a spectrograph produces a hyperspectral time-resolved data product where the resulting beat frequency is detected with a low frame rate camera. Measuring the beat frequency of the spectrum as a function of time allows separation of the excited fluorescence from ambient constant light sources. The excitation and detector repetition rates are varied over a range of discrete frequencies, and the phase shift of the beat wave maps out the emission decay rate(s).

,; Neill, M

2012-07-01T23:59:59.000Z

370

High intrinsic energy resolution photon number resolving detectors  

E-Print Network (OSTI)

Transition Edge Sensors (TESs) are characterized by the intrinsic figure of merit to resolve both the energy and the statistical distribution of the incident photons. These properties lead TES devices to become the best single photon detector for quantum technology experiments. For a TES based on titanium and gold has been reached, at telecommunication wavelength, an unprecedented intrinsic energy resolution (0.113 eV). The uncertainties analysis of both energy resolution and photon state assignment has been discussed. The thermal properties of the superconductive device have been studied by fitting the bias curve to evaluate theoretical limit of the energy resolution.

L. Lolli; E. Taralli; C. Portesi; E. Monticone; M. Rajteri

2013-06-23T23:59:59.000Z

371

Time-resolved fluorescence decay measurements for flowing particles  

DOE Patents (OSTI)

Time-resolved fluorescence decay measurements are disclosed for flowing particles. An apparatus and method for the measurement and analysis of fluorescence for individual cells and particles in flow are described, wherein the rapid measurement capabilities of flow cytometry and the robust measurement and analysis procedures of time-domain fluorescence lifetime spectroscopy are combined. A pulse-modulated CW laser is employed for excitation of the particles. The characteristics and the repetition rate of the excitation pulses can be readily adjusted to accommodate for fluorescence decays having a wide range of lifetimes. 12 figs.

Deka, C.; Steinkamp, J.A.

1999-06-01T23:59:59.000Z

372

Spatially Resolved Observations of the Galactic Center Source, IRS 21  

E-Print Network (OSTI)

We present diffraction-limited 2-25 micron images obtained with the W. M. Keck 10-m telescopes that spatially resolve the cool source, IRS 21, one of a small group of enigmatic objects in the central parsec of our Galaxy that have eluded classification. Modeled as a Gaussian, the azimuthally-averaged intensity profile of IRS 21 has a half-width half-maximum (HWHM) size of 650+/-80 AU at 2.2 microns and an average HWHM size of 1600+/-200 AU at mid-infrared wavelengths. These large apparent sizes imply an extended distribution of dust. The mid-infrared color map indicates that IRS 21 is a self-luminous source rather than an externally heated dust clump as originally suggested. The spectral energy distribution has distinct near- and mid-infrared components. A simple radiative transfer code, which simultaneously fits the near- and mid- infrared photometry and intensity profiles, supports a model in which the near-infrared radiation is scattered and extincted light from an embedded central source, while the mid-infrared emission is from thermally re-radiating silicate dust. We argue that IRS 21 (and by analogy the other luminous sources along the Northern Arm) is a massive star experiencing rapid mass loss and plowing through the Northern Arm, thereby generating a bow shock, which is spatially resolved in our observations.

A. Tanner; A. M. Ghez; M. Morris; E. E. Becklin; A. Cotera; M. Ressler; M. Werner; P. Wizinowich

2002-04-22T23:59:59.000Z

373

Stochastic Backscatter for Cloud-Resolving Models. Part I: Implementation and Testing in a Dry Convective Boundary Layer  

Science Conference Proceedings (OSTI)

In simulations of deep convection with cloud-resolving models the turbulence is often rather poorly resolved, and the influence of the subfilter-scale parameterization used in such circumstances is probably greater than in better-resolved ...

Sonja Weinbrecht; Paul J. Mason

2008-01-01T23:59:59.000Z

374

Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 1  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains a discussion of the chemical safety improvements planned or already underway at DOE sites to correct facility or site-specific vulnerabilities. The main part of the report is a discussion of each of the programmatic deficiencies; a description of the tasks to be accomplished; the specific actions to be taken; and the organizational responsibilities for implementation.

Not Available

1994-09-01T23:59:59.000Z

375

Data management for geospatial vulnerability assessment of interdependencies in US power generation  

Science Conference Proceedings (OSTI)

Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S. [Carnegie Mellon University, Pittsburgh, PA (United States). Dept. of Civil & Environmental Engineering

2009-09-15T23:59:59.000Z

376

The Vulnerability of Mobile Home Residents in Tornado Disasters: The 2008 Super Tuesday Tornado in Macon County, Tennessee  

Science Conference Proceedings (OSTI)

Mobile home residents are known to be highly vulnerable to tornadoes and account for a considerable portion of tornado-related fatalities. The problem is partially related to the limited protection provided by the structure; however, shortcomings ...

Philip L. Chaney; Greg S. Weaver

2010-07-01T23:59:59.000Z

377

Quantum receivers with squeezing and photon-number-resolving detectors  

E-Print Network (OSTI)

We propose quantum receivers with optical squeezing and photon-number-resolving detector (PNRD) for the near-optimal discrimination of quaternary phase-shift-keyed coherent state signals. The basic scheme is similar to the previous proposals (e.g. Phys. Rev. A 84, 042328 (2012)) in which displacement operations, on-off detectors, and electrical feedforward operations were used. Here we study two types of receivers where one installs optical squeezings and the other uses PNRDs instead of on-off detectors. We show that both receivers can attain lower error rates than that by the previous scheme and in particular, the PNRD based receiver has a significant gain under the fixed number of feedfoward steps. Moreover, we show that the PNRD based receiver can suppress the errors due to dark counts, which is not possible by the on-off detector based receiver with a limited number of feedforwards.

Shuro Izumi; Masahiro Takeoka; Kazuhiro Ema; Masahide Sasaki

2013-02-12T23:59:59.000Z

378

Chemistry Resolved Kinetic Flow Modeling of TATB Based Explosives  

SciTech Connect

Detonation waves in insensitive, TATB based explosives are believed to have multi-time scale regimes. The initial burn rate of such explosives has a sub-microsecond time scale. However, significant late-time slow release in energy is believed to occur due to diffusion limited growth of carbon. In the intermediate time scale concentrations of product species likely change from being in equilibrium to being kinetic rate controlled. They use the thermo-chemical code CHEETAH linked to an ALE hydrodynamics code to model detonations. They term their model chemistry resolved kinetic flow as CHEETAH tracks the time dependent concentrations of individual species in the detonation wave and calculates EOS values based on the concentrations. A HE-validation suite of model simulations compared to experiments at ambient, hot, and cold temperatures has been developed. They present here a new rate model and comparison with experimental data.

Vitello, P A; Fried, L E; Howard, W M; Levesque, G; Souers, P C

2011-07-21T23:59:59.000Z

379

The role of aging in resolving the ferrocyanide safety issue  

Science Conference Proceedings (OSTI)

A chemical process called aging, in which stored ferrocyanide waste could be dissolved and dispersed among waste tanks, or destroyed by radiolysis and hydrolysis, has been proposed at the Hanford Site. This paper summarizes the results of applied research, characterization, and modeling activities on Hanford Site ferrocyanide waste material that support the existence of a chemical aging mechanism. Test results from waste simulants and actual waste tank materials are presented and compared with theoretical estimates. Chemical and energetic behavior of the materials are the key indicators of destruction or dispersion. Screening experiments on vendor-prepared sodium nickel ferrocyanide and the initial results from core sampling support the concept that aging of ferrocyanide is taking place in the waste tanks at the Hanford Site. This report defines the concept of waste aging and explains the role that aging could play in resolving the Hanford Site ferrocyanide safety issue.

Babad, H.; Meacham, J.E.; Simpson, B.C.; Cash, R.J.

1993-08-01T23:59:59.000Z

380

A prototype chopper for synchrotron time-resolved crystallographic measurements  

Science Conference Proceedings (OSTI)

A mechanical x-ray chopper has been designed to perform microsecond time-resolved crystallographic studies at the DIAMOND synchrotron I19 beamline. It consists of two asymmetric absorbers rotating synchronously at frequencies from 0 to 50 Hz in the same direction around a rotation axis that is parallel to the x-ray beam. The duration of the x-ray pulses produced by the chopper is determined by the relative phase between the two blades, which can be adjusted. The chopper system presented in this paper offers a time resolution suitable for conducting in situ experiments that afford the crystal structure of materials while in their transient (>10 {mu}s) photoactivated excited states.

Husheer, S. L. G. [Department of Chemistry, University of Cambridge, Lensfield Road, Cambridge CB2 1EW (United Kingdom); Synchrotron Radiation Source, Daresbury Laboratory, Warrington WA4 4AD (United Kingdom); Cole, J. M. [Department of Chemistry, University of Cambridge, Lensfield Road, Cambridge CB2 1EW (United Kingdom); Department of Physics, Cavendish Laboratory, University of Cambridge, J. J. Thomson Avenue, Cambridge CB3 0HE (United Kingdom); Department of Chemistry, University of New Brunswick, P.O. Box 4400, Fredericton, New Brunswick E3B 5A3 (Canada); Department of Physics, University of New Brunswick, P.O. Box 4400, Fredericton, New Brunswick E3B 5A3 (Canada); D'Almeida, T. [Department of Physics, Cavendish Laboratory, University of Cambridge, J. J. Thomson Avenue, Cambridge CB3 0HE (United Kingdom); Teat, S. J. [Synchrotron Radiation Source, Daresbury Laboratory, Warrington WA4 4AD (United Kingdom)

2010-04-15T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

Evaluation study of building-resolved urban dispersion models  

SciTech Connect

For effective emergency response and recovery planning, it is critically important that building-resolved urban dispersion models be evaluated using field data. Several full-physics computational fluid dynamics (CFD) models and semi-empirical building-resolved (SEB) models are being advanced and applied to simulating flow and dispersion in urban areas. To obtain an estimate of the current state-of-readiness of these classes of models, the Department of Homeland Security (DHS) funded a study to compare five CFD models and one SEB model with tracer data from the extensive Midtown Manhattan field study (MID05) conducted during August 2005 as part of the DHS Urban Dispersion Program (UDP; Allwine and Flaherty 2007). Six days of tracer and meteorological experiments were conducted over an approximately 2-km-by-2-km area in Midtown Manhattan just south of Central Park in New York City. A subset of these data was used for model evaluations. The study was conducted such that an evaluation team, independent of the six modeling teams, provided all the input data (e.g., building data, meteorological data and tracer release rates) and run conditions for each of four experimental periods simulated. Tracer concentration data for two of the four experimental periods were provided to the modeling teams for their own evaluation of their respective models to ensure proper setup and operation. Tracer data were not provided for the second two experimental periods to provide for an independent evaluation of the models. The tracer concentrations resulting from the model simulations were provided to the evaluation team in a standard format for consistency in inter-comparing model results. An overview of the model evaluation approach will be given followed by a discussion on the qualitative comparison of the respective models with the field data. Future model developments efforts needed to address modeling gaps identified from this study will also be discussed.

Flaherty, Julia E.; Allwine, K Jerry; Brown, Mike J.; Coirier, WIlliam J.; Ericson, Shawn C.; Hansen, Olav R.; Huber, Alan H.; Kim, Sura; Leach, Martin J.; Mirocha, Jeff D.; Newsom, Rob K.; Patnaik, Gopal; Senocak, Inanc

2007-09-10T23:59:59.000Z

382

Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.  

Science Conference Proceedings (OSTI)

The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

Dawson, Lon Andrew; Stinebaugh, Jennifer A.

2010-04-01T23:59:59.000Z

383

Characterizing LED with Time-Resolved Photo-Luminescence and Optical Beam Induced Current Imaging.  

E-Print Network (OSTI)

??With rapid development of light emitting device, the detection techniques of semiconductor are more and more important, which include time-resolved photoluminescence (TRPL) and optical beam (more)

Wu, Shang-jie

2011-01-01T23:59:59.000Z

384

Time-resolved double-slit experiment with entangled photons  

E-Print Network (OSTI)

The double-slit experiment strikingly demonstrates the wave-particle duality of quantum objects. In this famous experiment, particles pass one-by-one through a pair of slits and are detected on a distant screen. A distinct wave-like pattern emerges after many discrete particle impacts as if each particle is passing through both slits and interfering with itself. While the direct event-by-event buildup of this interference pattern has been observed for massive particles such as electrons, neutrons, atoms and molecules, it has not yet been measured for massless particles like photons. Here we present a temporally- and spatially-resolved measurement of the double-slit interference pattern using single photons. We send single photons through a birefringent double-slit apparatus and use a linear array of single-photon detectors to observe the developing interference pattern. The analysis of the buildup allows us to compare quantum mechanics and the corpuscular model, which aims to explain the mystery of single-particle interference. Finally, we send one photon from an entangled pair through our double-slit setup and show the dependence of the resulting interference pattern on the twin photon's measured state. Our results provide new insight into the dynamics of the buildup process in the double-slit experiment, and can be used as a valuable resource in quantum information applications.

Piotr Kolenderski; Carmelo Scarcella; Kelsey D. Johnsen; Deny R. Hamel; Catherine Holloway; Lynden K. Shalm; Simone Tisa; Alberto Tosi; Kevin J. Resch; Thomas Jennewein

2013-04-17T23:59:59.000Z

385

Corrective Action Plan for INEL low-level waste management ES&H vulnerabilities  

SciTech Connect

Low-level waste (LLW) activities at INEL include numerous waste generators, storage facilities, three treatment facilities, and one disposal facility. The Working Group Assessment Team (WGAT) conducted an assessment of the LLW management program in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-2 (Conformance with Safety Standards at Department of Energy Low-Level Nuclear Waste and Disposal Facilities). Assessment included review of waste generators, liquid effluent treatment, storage facilities and practices, and a disposal facility with vaults and a shallow subsurface burial site. WGAT reviewed relevant documents and conducted tours concerning these LLW operations. The vulnerabilities identified by WGAT were similar to those self-identified by INEL (storage and disposal of LLW). This assessment resulted in the documentation of 8 vulnerabilities and 3 conditions. WGAT assessed the overall LLW/mixed low-level waste (MLLW) management program at INEL as being generally effective. As recommended by DNFSB, a site-specific Corrective Action Plan has been prepared and constitutes the initial site improvement activities.

1996-07-01T23:59:59.000Z

386

Time resolved neutron spectrum measurements at the Mirror Fusion Test Facility  

SciTech Connect

An advanced neutron diagnostic system has been developed for spectrum measurements on MFTF. Its collimated field of view allows spatially resolved neutron spectrum measurements. The 10 Mhz pulse height analysis and particle identification capability allow spectrum measurements in intervals as short as 10 ms. These capabilities will be used for space and time resolved determinations of ion energy from measurements of neutron Doppler width.

Slaughter, D.

1985-10-01T23:59:59.000Z

387

Existence of resolvable H-designs with group sizes 2, 3, 4 and 6  

Science Conference Proceedings (OSTI)

In 1987, Hartman showed that the necessary condition v 4 or 8 (mod 12) for the existence of a resolvable SQS(v) is also sufficient for all values of v, with 23 possible exceptions. These last 23 undecided orders were removed ... Keywords: 05B05, B4-pairings, Candelabra systems, G-designs, H-designs, H-frames, Resolvable, Steiner quadruple systems

Xiande Zhang; Gennian Ge

2010-04-01T23:59:59.000Z

388

A Lagrangian VOF tensorial penalty method for the DNS of resolved particle-laden flows  

Science Conference Proceedings (OSTI)

The direct numerical simulation of particle flows is investigated by a Lagrangian VOF approach and penalty methods of second order convergence in space for incompressible flows interacting with resolved particles on a fixed structured grid. A specific ... Keywords: Collision and lubrication models, DNS of particle flows, Fluidized beds, Lagrangian VOF, Resolved scale particles, Viscous penalty method

Stphane Vincent, Jorge Csar Brndle De Motta, Arthur Sarthou, Jean-Luc Estivalezes, Olivier Simonin, Eric Climent

2014-01-01T23:59:59.000Z

389

Efficient data IO for a Parallel Global Cloud Resolving Model  

Science Conference Proceedings (OSTI)

Execution of a Global Cloud Resolving Model (GCRM) at target resolutions of 2-4 km will generate, at a minimum, 10s of Gigabytes of data per variable per snapshot. Writing this data to disk without creating a serious bottleneck in the execution of the GCRM code while also supporting efficient post-execution data analysis is a significant challenge. This paper discusses an Input/Output (IO) application programmer interface (API) for the GCRM that efficiently moves data from the model to disk while maintaining support for community standard formats, avoiding the creation of very large numbers of files, and supporting efficient analysis. Several aspects of the API will be discussed in detail. First, we discuss the output data layout which linearizes the data in a consistent way that is independent of the number of processors used to run the simulation and provides a convenient format for subsequent analyses of the data. Second, we discuss the flexible API interface that enables modelers to easily add variables to the output stream by specifying where in the GCRM code these variables are located and to flexibly configure the choice of outputs and distribution of data across files. The flexibility of the API is designed to allow model developers to add new data fields to the output as the model develops and new physics is added and also provides a mechanism for allowing users of the GCRM code itself to adjust the output frequency and the number of fields written depending on the needs of individual calculations. Third, we describe the mapping to the NetCDF data model with an emphasis on the grid description. Fourth, we describe our messaging algorithms and IO aggregation strategies that are used to achieve high bandwidth while simultaneously writing concurrently from many processors to shared files. We conclude with initial performance results.

Palmer, Bruce J.; Koontz, Annette S.; Schuchardt, Karen L.; Heikes, Ross P.; Randall, David A.

2011-11-26T23:59:59.000Z

390

Time resolved studies of bond activation by organometallic complexes  

DOE Green Energy (OSTI)

In 1971, Jetz and Graham discovered that the silicon-hydrogen bond in silanes could be broken under mild photochemical conditions in the presence of certain transition metal carbonyls. Such reactions fall within the class of oxidative addition. A decade later, similar reactivity was discovered in alkanes. In these cases a C-H bond in non-functionalized alkanes was broken through the oxidative addition of Cp*Ir(H){sub 2}L (Cp* = (CH{sub 3}){sub 5}C{sub 5}, L = PPh{sub 3}, Ph = C{sub 6}H{sub 5}) to form Cp*ML(R)(H) or of Cp*Ir(CO){sub 2} to form Cp*Ir(CO)(R)(H). These discoveries opened an entirely new field of research, one which naturally included mechanistic studies aimed at elucidating the various paths involved in these and related reactions. Much was learned from these experiments but they shared the disadvantage of studying under highly non-standard conditions a system which is of interest largely because of its characteristics under standard conditions. Ultrafast time-resolved IR spectroscopy provides an ideal solution to this problem; because it allows the resolution of chemical events taking place on the femto-through picosecond time scale, it is possible to study this important class of reactions under the ambient conditions which are most of interest to the practicing synthetic chemist. Certain of the molecules in question are particularly well-suited to study using the ultrafast IR spectrophotometer described in the experimental section because they contain one or more carbonyl ligands.

Wilkens, M.J. [Univ. of California, Berkeley, CA (United States). Dept. of Chemistry]|[Lawrence Berkeley National Lab., CA (United States). Chemical Sciences Div.

1998-05-01T23:59:59.000Z

391

RESOLVING THE RADIO SOURCE BACKGROUND: DEEPER UNDERSTANDING THROUGH CONFUSION  

SciTech Connect

We used the Karl G. Jansky Very Large Array to image one primary beam area at 3 GHz with 8'' FWHM resolution and 1.0 {mu}Jy beam{sup -1} rms noise near the pointing center. The P(D) distribution from the central 10 arcmin of this confusion-limited image constrains the count of discrete sources in the 1 < S({mu}Jy) < 10 range. At this level, the brightness-weighted differential count S {sup 2} n(S) is converging rapidly, as predicted by evolutionary models in which the faintest radio sources are star-forming galaxies; and Almost-Equal-To 96% of the background originating in galaxies has been resolved into discrete sources. About 63% of the radio background is produced by active galactic nuclei (AGNs), and the remaining 37% comes from star-forming galaxies that obey the far-infrared (FIR)/radio correlation and account for most of the FIR background at {lambda} Almost-Equal-To 160 {mu}m. Our new data confirm that radio sources powered by AGNs and star formation evolve at about the same rate, a result consistent with AGN feedback and the rough correlation of black hole and stellar masses. The confusion at centimeter wavelengths is low enough that neither the planned Square Kilometre Array nor its pathfinder ASKAP EMU survey should be confusion limited, and the ultimate source detection limit imposed by 'natural' confusion is {<=}0.01 {mu}Jy at {nu} = 1.4 GHz. If discrete sources dominate the bright extragalactic background reported by ARCADE 2 at 3.3 GHz, they cannot be located in or near galaxies and most are {<=}0.03 {mu}Jy at 1.4 GHz.

Condon, J. J.; Cotton, W. D.; Fomalont, E. B.; Kellermann, K. I. [National Radio Astronomy Observatory, 520 Edgemont Road, Charlottesville, VA 22903 (United States); Miller, N. [Department of Astronomy, University of Maryland, College Park, MD 20742-2421 (United States); Perley, R. A. [National Radio Astronomy Observatory, P.O. Box 0, Socorro, NM 87801 (United States); Scott, D.; Vernstrom, T.; Wall, J. V. [Department of Physics and Astronomy, University of British Columbia, Vancouver, BC V6T 1C1 (Canada)

2012-10-10T23:59:59.000Z

392

Methodology for designing the fuzzy resolver for a radial distribution system fault locator  

E-Print Network (OSTI)

The Power System Automation Lab at Texas A&M University developed a fault location scheme that can be used for radial distribution systems. When a fault occurs, the scheme executes three stages. In the first stage, all data measurements and system information is gathered and processed into suitable formats. In the second stage, three fault location methods are used to assign possibility values to each line section of a feeder. In the last stage, a fuzzy resolver is used to aggregate the outputs of the three fault location methods and assign a final possibility value to each line section of a feeder. By aggregating the outputs of the three fault location methods, the fuzzy resolver aims to obtain a smaller subset of line sections as potential faulted sections than the individual fault location methods. Fuzzy aggregation operators are used to implement fuzzy resolvers. This dissertation reports on a methodology that was developed utilizing fuzzy aggregation operators in the fuzzy resolver. Three fuzzy aggregation operators, the min, OWA, and uninorm, and two objective functions were used to design the fuzzy resolver. The methodologies to design fuzzy resolvers with respect to a single objective function and with respect to two objective functions were presented. A detailed illustration of the design process was presented. Performance studies of designed fuzzy resolvers were also performed. In order to design and validate the fuzzy resolver methodology, data were needed. Due to the lack of real field data, simulating a distribution feeder was a feasible alternative to generate data. The IEEE 34 node test feeder was modeled. Time current characteristics (TCC) based protective devices were added to this feeder. Faults were simulated on this feeder to generate data. Based on the performance studies of designed fuzzy resolvers, the fuzzy resolver designed using the uninorm operator without weights is the first choice. For this fuzzy resolver, no optimal weights are needed. In addition, fuzzy resolvers using the min operator and OWA operator can be used to design fuzzy resolvers. For these two operators, the methodology for designing fuzzy resolvers with respect to two objective functions was the appropriate choice.

Li, Jun

2005-12-01T23:59:59.000Z

393

DOE Resolves Nearly One-Third of 27 Recently Filed Civil Penalty Cases |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolves Nearly One-Third of 27 Recently Filed Civil Penalty Resolves Nearly One-Third of 27 Recently Filed Civil Penalty Cases DOE Resolves Nearly One-Third of 27 Recently Filed Civil Penalty Cases September 23, 2010 - 5:14pm Addthis The Department has successfully resolved eight of the 27 enforcement cases brought just two weeks ago against companies for selling products without properly certifying their compliance with the Department's conservation standards. The swift resolution of nearly one-third of these cases reflects the central goal of the Department's enforcement effort - compliance with all aspects of the Department's regulations to ensure that consumers have the information they need to buy energy and cost saving products. Each of the eight companies responded promptly to the Department's notice, cooperated fully to resolve all issues, and committed to certifying

394

Hydraulic properties of the vadose zone at two typical sites in the Western Cape for the assessment of groundwater vulnerability to pollution.  

E-Print Network (OSTI)

?? Aquifer vulnerability assessment is increasingly becoming a very significant basis in order to fulfill the water demands in South Africa. Knowledge of soil hydraulic (more)

Samuels, Donovan.

2007-01-01T23:59:59.000Z

395

APSIDAL MOTION OF THE ECLIPSING BINARY AS CAMELOPARDALIS: DISCREPANCY RESOLVED  

SciTech Connect

We present a spectroscopic study of the eclipsing binary system AS Camelopardalis, the first such study based on phase-resolved CCD echelle spectra. Via a spectral disentangling analysis we measure the minimum masses of the stars to be M{sub A}sin {sup 3} i = 3.213 {+-} 0.032 M{sub sun} and M{sub B}sin {sup 3} i = 2.323 {+-} 0.032 M{sub sun}, their effective temperatures to be T{sub eff}(A) = 12, 840 {+-} 120 K and T{sub eff}(B) = 10, 580 {+-} 240 K, and their projected rotational velocities to be v{sub A}sin i{sub A} = 14.5 {+-} 0.1 km s{sup -1} and v{sub B}sin i{sub B} {<=} 4.6 {+-} 0.1 km s{sup -1}. These projected rotational velocities appear to be much lower than the synchronous values. We show that measurements of the apsidal motion of the system suffer from a degeneracy between orbital eccentricity and apsidal motion rate. We use our spectroscopically measured e = 0.164 {+-} 0.004 to break this degeneracy and measure {omega}-dot{sub obs} = 0{sup 0}.133{+-}0{sup 0}.010 yr{sup -1}. Subtracting the relativistic contribution of {omega}-dot{sub GR} = 0{sup 0}.0963{+-}0{sup 0}0002 yr{sup -1} yields the contribution due to tidal torques: {omega}-dot{sub cl} = 0{sup 0}.037{+-}0{sup 0}.010 yr{sup -1}. This value is much smaller than the rate predicted by stellar theory, 0.{sup 0}40-0.{sup 0}87 yr{sup -1}. We interpret this as a misalignment between the orbital axis of the close binary and the rotational axes of its component stars, which also explains their apparently low rotational velocities. The observed and predicted apsidal motion rates could be brought into agreement if the stars were rotating three times faster than synchronous about axes perpendicular to the orbital axis. Measurement of the Rossiter-McLaughlin effect can be used to confirm this interpretation.

Pavlovski, K.; Kolbas, V. [Department of Physics, Faculty of Sciences, University of Zagreb, Zagreb (Croatia); Southworth, J. [Astrophysics Group, Keele University, Staffordshire, ST5 5BG (United Kingdom)

2011-06-20T23:59:59.000Z

396

February 13, 1995, Board announcement of a Public Meeting on the DOE Plutonium Vulnerability Study  

NLE Websites -- All DOE Office Websites (Extended Search)

§552b), §552b), notice is hereby given of the following Board meeting and staff briefing: FEDERAL REGISTER CITATION OF PREVIOUS ANNOUNCEMENT: Previously announced in the February 14, 1995, Federal Register. PREVIOUSLY ANNOUNCED TIME AND DATE OF THE MEETING: 2:00 p.m., February 21, 1995. CHANGES IN THE MEETING: The Board is broadening the scope of matters to be considered by adding the following information: The Board will also convene a panel of nationally-recognized experts to discuss the DOE Plutonium Vulnerability Study and to address questions that may arise from the results of this study. CONTACT PERSON FOR MORE INFORMATION: Robert M. Andersen, General Counsel, Defense Nuclear Facilities Safety Board, 625 Indiana Avenue, N.W., Suite 700, Washington, D.C. 20004, (202) 208-6387.

397

GAO-06-838R Contract Management: DOD Vulnerabilities to Contracting Fraud, Waste, and Abuse  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Accountability Office Accountability Office ington, DC 20548 Wash July 7, 2006 The Honorable John Warner Chairman The Honorable Carl Levin Ranking Member Committee on Armed Services United States Senate The Honorable Duncan Hunter Chairman The Honorable Ike Skelton Ranking Member Committee on Armed Services House of Representatives Subject: Contract Management: DOD Vulnerabilities to Contracting Fraud, Waste, and Abuse In recent years, the Department of Defense (DOD) has increasingly relied on goods and services provided by the private sector under contract. Since fiscal year 2000, DOD's contracting for goods and services has nearly doubled, and this trend is expected to continue. In fiscal year 2005 alone, DOD obligated nearly $270 billion on contracts for goods and services. Given the

398

Modeling s-t Path Availability to Support Disaster Vulnerability Assessment of Network Infrastructure  

E-Print Network (OSTI)

The maintenance of system flow is critical for effective network operation. Any type of disruption to network facilities (arcs/nodes) potentially risks loss of service, leaving users without access to important resources. It is therefore an important goal of planners to assess infrastructures for vulnerabilities, identifying those vital nodes/arcs whose debilitation would compromise the most source-sink (s-t) interaction or system flow. Due to the budgetary limitations of disaster management agencies, protection/fortification and planning for the recovery of these vital infrastructure facilities is a logical and efficient proactive approach to reducing worst-case risk of service disruption. Given damage to a network, evaluating the potential for flow between s-t pairs requires assessing the availability of an operational s-t path. Recent models proposed for identifying infrastructure vital to system flow have relied on enumeration of all s-t paths to support this task. This paper proposes an alternative model...

Matisziw, Timothy C

2010-01-01T23:59:59.000Z

399

Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling  

Science Conference Proceedings (OSTI)

Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

2009-03-26T23:59:59.000Z

400

A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis  

Science Conference Proceedings (OSTI)

With the increasing organizational dependence on information systems, information systems security has become a very critical issue in enterprise risk management. In information systems, security risks are caused by various interrelated internal and ... Keywords: Ant colony optimization, Bayesian networks, Information systems, Security risk, Vulnerability propagation

Nan Feng, Harry Jiannan Wang, Minqiang Li

2014-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

Linear modeling and simulation of low-voltage electric system for single-point vulnerability assessment of military installation  

Science Conference Proceedings (OSTI)

This paper describes the formulation and development of a linear model to support the single-point vulnerability assessment of electric distribution systems at existing and future U.S. Department of Defense (DoD) military sites. The model uses flow sensitivity ...

Edgar C. Portante; Thomas N. Taxon; James A. Kavicky; Tarek Abdallah; Timothy K. Perkins

2008-12-01T23:59:59.000Z

402

Model of the Regional Coupled Earth system (MORCE): Application to process and climate studies in vulnerable regions  

Science Conference Proceedings (OSTI)

The vulnerability of human populations and natural systems and their ability to adapt to extreme events and climate change vary with geographic regions and populations. Regional climate models (RCM), composed by an atmospheric component coupled to a ... Keywords: CORDEX, ChArMeX, Climate modeling, HyMeX, Impact studies, MORCE platform, MerMeX, Mesoscale process, Regional Earth system

Philippe Drobinski; Alesandro Anav; Cindy Lebeaupin Brossier; Guillaume Samson; Marc Stfanon; Sophie Bastin; Mlika Baklouti; Karine Branger; Jonathan Beuvier; Romain Bourdall-Badie; Laure Coquart; Fabio D'Andrea; Nathalie de Noblet-Ducoudr; Frdric Diaz; Jean-Claude Dutay; Christian Ethe; Marie-Alice Foujols; Dmitry Khvorostyanov; Gurvan Madec; Martial Mancip; Sbastien Masson; Laurent Menut; Julien Palmieri; Jan Polcher; Solne Turquety; Sophie Valcke; Nicolas Viovy

2012-07-01T23:59:59.000Z

403

Sending the Right Bill to the Right People: Climate Change, Environmental Degradation, and Social Vulnerabilities in Central Vietnam  

Science Conference Proceedings (OSTI)

In a range of international reports Vietnam is pointed out as among the 5 to 10 most climate-vulnerable countries, which are taking center stage in global climate change assistance and thus attracting huge amounts of foreign aid for research, ...

Ole Bruun

2012-10-01T23:59:59.000Z

404

U-039: ISC Update: BIND 9 Resolver crashes after logging an error in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: ISC Update: BIND 9 Resolver crashes after logging an error 9: ISC Update: BIND 9 Resolver crashes after logging an error in query.c U-039: ISC Update: BIND 9 Resolver crashes after logging an error in query.c November 16, 2011 - 2:30pm Addthis PROBLEM: ISC Update: BIND 9 Resolver crashes after logging an error in query.c. PLATFORM: Versions of BIND, 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x ABSTRACT: A remote server can cause the target connected client to crash. Organizations across the Internet are reporting crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crash after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions are reported as being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and

405

An Idealized Cloud-Resolving Framework for the Study of Midlatitude Diurnal Convection over Land  

Science Conference Proceedings (OSTI)

This paper introduces an idealized cloud-resolving modeling (CRM) framework for the study of midlatitude diurnal convection over land. The framework is used to study the feedbacks among soil, boundary layer, and diurnal convection. It includes a ...

Linda Schlemmer; Cathy Hohenegger; Jrg Schmidli; Christopher S. Bretherton; Christoph Schr

2011-05-01T23:59:59.000Z

406

Validation of Cloud-Resolving Model Background Data for Cloud Data Assimilation  

Science Conference Proceedings (OSTI)

Results from a cloud-resolving model are systematically compared with a variety of observations, both ground based and satellite, in order to better understand the mean background errors and their correlations. This is a step in the direction of ...

Rosanne Polkinghorne; Tomislava Vukicevic; K. Franklin Evans

2010-03-01T23:59:59.000Z

407

U-038: BIND 9 Resolver crashes after logging an error in query.c |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BIND 9 Resolver crashes after logging an error in query.c 8: BIND 9 Resolver crashes after logging an error in query.c U-038: BIND 9 Resolver crashes after logging an error in query.c November 16, 2011 - 8:37am Addthis PROBLEM: BIND 9 Resolver crashes after logging an error in query.c. PLATFORM: Multiple version of BIND 9. Specific versions under investigation ABSTRACT: A remote server can cause the target connected client to crash. Organizations across the Internet are reporting crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crash after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions are reported as being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and

408

Westinghouse Pays $50,000 Civil Penalty to Resolve Light Bulb Efficiency  

NLE Websites -- All DOE Office Websites (Extended Search)

Westinghouse Pays $50,000 Civil Penalty to Resolve Light Bulb Westinghouse Pays $50,000 Civil Penalty to Resolve Light Bulb Efficiency Violations Westinghouse Pays $50,000 Civil Penalty to Resolve Light Bulb Efficiency Violations December 13, 2010 - 2:12pm Addthis The Department of Energy has successfully resolved the enforcement case against Westinghouse Lighting Corporation for failure to certify its light bulbs as compliant with DOE's federal efficiency requirements and for the sale of at least 29,000 general service fluorescent and medium base compact fluorescent lamps that used more energy than permitted by law. This case reflects DOE's renewed commitment to enforce the federal efficiency requirements systematically and fairly to level the competitive playing field and to ensure that American consumers are buying products that

409

Particle Dispersion and Mixing of Conservative Properties in an Eddy-Resolving Model  

Science Conference Proceedings (OSTI)

We examine the diffusive behavior of the flow field in an eddy-resolving, primitive equation circulation model. Analysis of fluid particle trajectories illustrates the transport mechanisms, which are leading to uniform tracer and potential ...

Claus W. Bning; Michael D. Cox

1988-02-01T23:59:59.000Z

410

Micrometeorological Modeling of Radiative and Convective Effects with a Building-Resolving Code  

Science Conference Proceedings (OSTI)

In many micrometeorological studies with computational fluid dynamics, building-resolving models usually assume a neutral atmosphere. Nevertheless, urban radiative transfers play an important role because of their influence on the energy budget. ...

Yongfeng Qu; Maya Milliez; Luc Musson-Genon; Bertrand Carissimo

2011-08-01T23:59:59.000Z

411

Effective Eddy Diffusivities Inferred from a Point Release Tracer in an Eddy-Resolving Ocean Model  

Science Conference Proceedings (OSTI)

This study uses tracer experiments in a global eddy-resolving ocean model to examine two diagnostic methods for inferring effective eddy isopycnic diffusivity from point release tracers. The first method is based on the growth rate of the area ...

Mei-Man Lee; A. J. George Nurser; Andrew C. Coward; Beverly A. de Cuevas

2009-04-01T23:59:59.000Z

412

An Eddy-Resolving Numerical Model of the Ventilated Thermocline: Time Dependence  

Science Conference Proceedings (OSTI)

A primitive equation, eddy-resolving numerical model is used to study the inherent time scales of variability in the subtropical ocean, assuming temporally constant surface forcing. Three primary scales arise: mesoscale variability of roughly 50-...

Michael D. Cox

1987-07-01T23:59:59.000Z

413

Cloud-Resolving Model Simulations and a Simple Model of an Idealized Walker Cell  

Science Conference Proceedings (OSTI)

An idealized Walker cell with prescribed sea surface temperature (SST) and prescribed radiative cooling is studied using both a two-dimensional cloud-resolving model (CRM) and a simple conceptual model. In the CRM, for the same SST distribution, ...

Jonathan Wofsy; Zhiming Kuang

2012-12-01T23:59:59.000Z

414

Cloud-Resolving Simulations of Deep Convection over a Heated Mountain  

Science Conference Proceedings (OSTI)

Cloud-resolving numerical simulations of airflow over a diurnally heated mountain ridge are conducted to explore the mechanisms and sensitivities of convective initiation under high pressure conditions. The simulations are based on a well-...

Daniel J. Kirshbaum

2011-02-01T23:59:59.000Z

415

Cloud-Resolving Simulation of Low-Cloud Feedback to an Increase in Sea Surface Temperature  

Science Conference Proceedings (OSTI)

This study investigates the physical mechanisms of the low cloud feedback through cloud-resolving simulations of cloud-radiative equilibrium response to an increase in sea surface temperature (SST). Six pairs of perturbed and control simulations ...

Kuan-Man Xu; Anning Cheng; Minghua Zhang

2010-03-01T23:59:59.000Z

416

HIRS-AMTS Satellite Sounding System TestTheoretical and Empirical Vertical Resolving Power  

Science Conference Proceedings (OSTI)

Theoretical and empirical analyses of the vertical resolving power of the High resolution Infrared Radiation Sounder (HIRS) and the Advanced Moisture and Temperature Sounder (AMTS) is carried out. First, the infrared transmittance weighting ...

Owen E. Thompson

1982-10-01T23:59:59.000Z

417

Proceedings of the Fourteenth International Conference on Time-Resolved Vibrational Spectroscopy (TRVS XIV)  

E-Print Network (OSTI)

Abstracts of presentations made at the Fourteenth International Conference on Time-Resolved Vibrational Spectroscopy (TRVS XIV) held May 9-14, 2009 in Meredith, New Hampshire. TRVS is a series of biennial conferences ...

Tokmakoff, Andrei

2011-08-31T23:59:59.000Z

418

Moist Thermodynamics of the MaddenJulian Oscillation in a Cloud-Resolving Simulation  

Science Conference Proceedings (OSTI)

The moist thermodynamic processes that determine the time scale and energy of the MaddenJulian oscillation (MJO) are investigated using moisture and eddy available potential energy budget analyses on a cloud-resolving simulation. Two MJO episodes ...

Samson Hagos; L. Ruby Leung

2011-11-01T23:59:59.000Z

419

GRR/Elements/14-CA-b.12 - Were all EPA objections resolved |...  

Open Energy Info (EERE)

Were all EPA objections resolved < GRR | Elements Jump to: navigation, search GRR-logo.png GEOTHERMAL REGULATORY ROADMAP Roadmap Home Roadmap Help List of Sections 14-CA-b.12 -...

420

Cirrus Cloud Properties from a Cloud-Resolving Model Simulation Compared to Cloud Radar Observations  

Science Conference Proceedings (OSTI)

Cloud radar data collected at the Atmospheric Radiation Measurement (ARM) Program's Southern Great Plains site were used to evaluate the properties of cirrus clouds that occurred in a cloud-resolving model (CRM) simulation of the 29-day summer ...

Yali Luo; Steven K. Krueger; Gerald G. Mace; Kuan-Man Xu

2003-02-01T23:59:59.000Z

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

Compensation between resolved and unresolved wave driving in the Stratosphere: Implications for downward control  

Science Conference Proceedings (OSTI)

Perturbations to the orographic gravity wave parameterization scheme in an idealized general circulation model reveal a remarkable degree of compensation between the parameterized and the resolved wave driving: when the orographic gravity wave ...

Naftali Y. Cohen; Edwin P. Gerber; Oliver Bhler

422

Fine-Resolved, Near-Coastal Spatiotemporal Variation of Temperature in Response to Insolation  

Science Conference Proceedings (OSTI)

This study uses GIS-based modeling of incoming solar radiation to quantify fine-resolved spatiotemporal responses of monthly average temperature, and diurnal temperature variation, at different times and locations within a field study area located ...

Nikki Vercauteren; Georgia Destouni; Carl Johan Dahlberg; Kristoffer Hylander

2013-05-01T23:59:59.000Z

423

Energy-resolved annihilation studies : vibrational Feshbach resonances and positron- molecule bound states  

E-Print Network (OSTI)

Z e? for butane . . . . . . . . . . . . . . . . . . Figure2,2-di?uoropropane . . . Figure 5.9: Z e? for butane and 1-?resolved Z e? spectrum for butane (C 4 H 10 ). This spectrum

Young, Jason Asher

2007-01-01T23:59:59.000Z

424

Convective Forcing Fluctuations in a Cloud-Resolving Model: Relevance to the Stochastic Parameterization Problem  

Science Conference Proceedings (OSTI)

Idealized cloud-resolving model (CRM) simulations spanning a large part of the tropical atmosphere are used to evaluate the extent to which deterministic convective parameterizations fail to capture the statistical fluctuations in deep-convective ...

G. J. Shutts; T. N. Palmer

2007-01-01T23:59:59.000Z

425

A Cloud-Resolving Model with an Adaptive Vertical Grid for Boundary Layer Clouds  

Science Conference Proceedings (OSTI)

Accurate cloud-resolving model simulations of cloud cover and cloud water content for boundary layer clouds are difficult to achieve without vertical grid spacing well below 100 m, especially for inversion-topped stratocumulus. The need for fine ...

Roger Marchand; Thomas Ackerman

2011-05-01T23:59:59.000Z

426

Resolving Cancer Heterogeneity by Single Cell Sequencing (7th Annual SFAF Meeting, 2012)  

Science Conference Proceedings (OSTI)

Xun Xu on "Resolving Cancer Heterogeneity by Single Cell Sequencing" at the 2012 Sequencing, Finishing, Analysis in the Future Meeting held June 5-7, 2012 in Santa Fe, New Mexico.

Xu, Xun [BGI

2012-06-01T23:59:59.000Z

427

Cloud-Resolving Satellite Data Assimilation: Information Content of IR Window Observations and Uncertainties in Estimation  

Science Conference Proceedings (OSTI)

This study addresses the problem of four-dimensional (4D) estimation of a cloudy atmosphere on cloud-resolving scales using satellite remote sensing measurements. The motivation is to develop a methodology for accurate estimation of cloud ...

T. Vukicevic; M. Sengupta; A. S. Jones; T. Vonder Haar

2006-03-01T23:59:59.000Z

428

3D Atmospheric Radiative Transfer for Cloud System-Resolving Models: Forward Modelling and Observations  

SciTech Connect

Utilization of cloud-resolving models and multi-dimensional radiative transfer models to investigate the importance of 3D radiation effects on the numerical simulation of cloud fields and their properties.

Howard Barker; Jason Cole

2012-05-17T23:59:59.000Z

429

Temperature and TimeResolved XRay Powder Diffraction X14A EERE sponsored PRT beamline  

E-Print Network (OSTI)

Temperature and TimeResolved XRay Powder Diffraction X14A EERE sponsored PRT beamline Objective, in ambience or with gas flow Capabilities: X14A, EERE-sponsored PRT beamline · High photon flux: typically 9x

Homes, Christopher C.

430

Laser wavelength effects on the charge state resolved ion energy distributions from laser-produced Sn plasma  

E-Print Network (OSTI)

Laser wavelength effects on the charge state resolved ion energy distributions from laser of laser wavelength on the charge state resolved ion energy distributions from laser-produced Sn plasma channel electron multiplier are used to record the charge state resolved ion energy distributions 100 cm

Najmabadi, Farrokh

431

Heterogeneous mixtures of elliptical particles: Directly resolving local and global properties and responses  

Science Conference Proceedings (OSTI)

In our earlier papers, Prosperetti's seminal Physalis method for fluid flows was extended to directly resolve electric fields in finite-sized particles and to investigate accurately the mutual fluid-particle, particle-particle, and particle-boundary ... Keywords: Directly resolving particles, Discontinuous interface condition, Elliptical particles, Elongated rod-like particle, Force and torque on particles, Heterogeneous functional materials, Interactions, Local charge distribution, Orientation and anisotropy, Singularity in elliptic coordinates

Qianlong Liu; Kenneth L. Reifsnider

2013-02-01T23:59:59.000Z

432

Temporally resolved plasma composition measurements by collective Thomson scattering in TEXTOR (invited)  

SciTech Connect

Fusion plasma composition measurements by collective Thomson scattering (CTS) were demonstrated in recent proof-of-principle measurements in TEXTOR [S. B. Korsholm et al., Phys. Rev. Lett. 106, 165004 (2011)]. Such measurements rely on the ability to resolve and interpret ion cyclotron structure in CTS spectra. Here, we extend these techniques to enable temporally resolved plasma composition measurements by CTS in TEXTOR, and we discuss the prospect for such measurements with newly installed hardware upgrades for the CTS system on ASDEX Upgrade.

Stejner, M.; Korsholm, S. B.; Nielsen, S. K.; Salewski, M.; Leipold, F.; Michelsen, P. K.; Meo, F. [Association EURATOM-DTU, Department of Physics, Technical University of Denmark, Riso Campus, DK-4000 Roskilde (Denmark); Bindslev, H. [Aarhus University, Faculty of Science and Technology, DK-8000 Aarhus C (Denmark); Moseev, D. [Association EURATOM-DTU, Department of Physics, Technical University of Denmark, Riso Campus, DK-4000 Roskilde (Denmark); FOM Institute DIFFER, Dutch Institute for Fundamental Energy Research, Association EURATOM-FOM, Trilateral Euregio Cluster, Nieuwegein (Netherlands); Buerger, A. [Association EURATOM-FZJ, D-52425 Juelich (Germany); Kantor, M. [FOM Institute DIFFER, Dutch Institute for Fundamental Energy Research, Association EURATOM-FOM, Trilateral Euregio Cluster, Nieuwegein (Netherlands); Ioffe Institute, RAS, Saint Petersburg 194021 (Russian Federation); Baar, M. de [FOM Institute DIFFER, Dutch Institute for Fundamental Energy Research, Association EURATOM-FOM, Trilateral Euregio Cluster, Nieuwegein (Netherlands)

2012-10-15T23:59:59.000Z

433

Resolving to Make Earth Day Last All Year | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolving to Make Earth Day Last All Year Resolving to Make Earth Day Last All Year Resolving to Make Earth Day Last All Year March 21, 2011 - 1:31pm Addthis Amy Foster Parish What was your New Year's resolution this year? Maybe you resolved to get back into the gym and finally lose those last pesky pounds. Maybe, like me, you resolved to finally break down and buy that new furnace. Or maybe you liked Chris' idea, and you resolved do whatever you could to save energy and money this year. When we talk about saving energy throughout the year, it's easy to forget that we're not just energy users when we're at home. Many of us spend a large part of our days at work, and the energy we use there is significant. According to ENERGY STAR®, the energy needed to support just one office worker for a day produces twice as much greenhouse gas emissions as that

434

Resolving to Make Earth Day Last All Year | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolving to Make Earth Day Last All Year Resolving to Make Earth Day Last All Year Resolving to Make Earth Day Last All Year March 21, 2011 - 4:49pm Addthis Amy Foster Parish What was your New Year's resolution this year? Maybe you resolved to get back into the gym and finally lose those last pesky pounds. Maybe, like me, you resolved to finally break down and buy that new furnace. Or maybe you liked Chris' idea, and you resolved do whatever you could to save energy and money this year. When we talk about saving energy throughout the year, it's easy to forget that we're not just energy users when we're at home. Many of us spend a large part of our days at work, and the energy we use there is significant. According to ENERGY STAR, the energy needed to support just one office worker for a day produces twice as much greenhouse gas emissions as that

435

Resolving to Make Earth Day Last All Year | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolving to Make Earth Day Last All Year Resolving to Make Earth Day Last All Year Resolving to Make Earth Day Last All Year March 21, 2011 - 1:31pm Addthis Amy Foster Parish What was your New Year's resolution this year? Maybe you resolved to get back into the gym and finally lose those last pesky pounds. Maybe, like me, you resolved to finally break down and buy that new furnace. Or maybe you liked Chris' idea, and you resolved do whatever you could to save energy and money this year. When we talk about saving energy throughout the year, it's easy to forget that we're not just energy users when we're at home. Many of us spend a large part of our days at work, and the energy we use there is significant. According to ENERGY STAR®, the energy needed to support just one office worker for a day produces twice as much greenhouse gas emissions as that

436

Vulnerability And Risk Assessment Using The Homeland-Defense Operational Planning System (HOPS)  

DOE Green Energy (OSTI)

For over ten years, the Counterproliferation Analysis and Planning System (CAPS) at Lawrence Livermore National Laboratory (LLNL) has been a planning tool used by U.S. combatant commands for mission support planning against foreign programs engaged in the manufacture of weapons of mass destruction (WMD). CAPS is endorsed by the Secretary of Defense as the preferred counterproliferation tool to be used by the nation's armed services. A sister system, the Homeland-Defense Operational Planning System (HOPS), is a new operational planning tool leveraging CAPS expertise designed to support the defense of the U.S. homeland. HOPS provides planners with a basis to make decisions to protect against acts of terrorism, focusing on the defense of facilities critical to U.S. infrastructure. Criticality of facilities, structures, and systems is evaluated on a composite matrix of specific projected casualty, economic, and sociopolitical impact bins. Based on these criteria, significant unidentified vulnerabilities are identified and secured. To provide insight into potential successes by malevolent actors, HOPS analysts strive to base their efforts mainly on unclassified open-source data. However, more cooperation is needed between HOPS analysts and facility representatives to provide an advantage to those whose task is to defend these facilities. Evaluated facilities include: refineries, major ports, nuclear power plants and other nuclear licensees, dams, government installations, convention centers, sports stadiums, tourist venues, and public and freight transportation systems. A generalized summary of analyses of U.S. infrastructure facilities is presented.

Durling, Jr., R L; Price, D E; Spero, K K

2005-01-03T23:59:59.000Z

437

Plutonium working group report on environmental, safety and health vulnerabilities associated with the Department`s plutonium storage. Volume II, part 7: Mound working group assessment team report  

Science Conference Proceedings (OSTI)

This is the report of a visit to the Mound site by the Working Group Assessment Team (WGAT) to assess plutonium vulnerabilities. Purposes of the visit were: to review results of the site`s self assessment of current practices for handling and storing plutonium; to conduct an independent assessment of these practices; to reconcile differences and assemble a final list of vulnerabilities; to calculate consequences and probability for each vulnerability; and to issue a report to the Working Group. This report, representing completion of the Mound visit, will be compiled along with those from all other sites with plutonium inventories as part of a final report to the Secretary of Energy.

NONE

1994-09-01T23:59:59.000Z

438

Climate change vulnerability assessments as catalysts for social learning: four case studies in south-eastern Australia  

SciTech Connect

Technical assessments of vulnerability and/or risk are increasingly being undertaken to assess the impacts of climate change. Underlying this is the belief that they will bring clarity to questions regarding the scale of institutional investments required, plausible adaptation policies and measures, and the timing of their implementation. Despite the perceived importance of technical assessments in 'evidence-based' decision environments, assessments cannot be undertaken independent of values and politics, nor are they capable of eliminating the uncertainty that clouds decision-making on climate adaptation As such, assessments can trigger as many questions as they answer, leaving practitioners and stakeholders to question their value. This paper explores the value of vulnerability/risk assessments in climate change adaptation planning processes as a catalyst for learning in four case studies in Southeastern Australia. Data were collected using qualitative interviews with stakeholders involved in the assessments and analysed using a social learning framework. This analysis revealed that detailed and tangible strategies or actions often do not emerge directly from technical assessments. However, it also revealed that the assessments became important platforms for social learning. In providing these platforms, assessments present opportunities to question initial assumptions, explore multiple framings of an issue, generate new information, and galvanise support for collective actions. This study highlights the need for more explicit recognition and understanding of the important role social learning plays in climate change vulnerability assessments and adaptation planning more broadly.

Preston, Benjamin L [ORNL

2012-01-01T23:59:59.000Z

439

Extended defense systems :I. adversary-defender modeling grammar for vulnerability analysis and threat assessment.  

SciTech Connect

Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenarios possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.

Merkle, Peter Benedict

2006-03-01T23:59:59.000Z

440

Resolve to Save Energy in the New Year | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolve to Save Energy in the New Year Resolve to Save Energy in the New Year Resolve to Save Energy in the New Year December 30, 2008 - 4:00am Addthis Allison Casey Senior Communicator, NREL What are your New Year's Resolutions? It's that time again to make your list and decide how January 1st will be the day you start your new and improved life! [end the infomercial voiceover] In all seriousness, it seems that most New Year's Resolutions are abandoned sometime around mid-February, in spite of our best intentions. But it doesn't have to be that way. I know and you know that your resolutions are important, as shown by USA.gov's list of popular New Year's resolutions. My guess is that one of the most popular resolutions this year will be to save money. If saving money is one of your resolutions, have you considered

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

DOE Resolves Nearly One-Third of 27 Recently Filed Civil Penalty Cases |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

One-Third of 27 Recently Filed Civil Penalty One-Third of 27 Recently Filed Civil Penalty Cases DOE Resolves Nearly One-Third of 27 Recently Filed Civil Penalty Cases September 23, 2010 - 5:14pm Addthis The Department has successfully resolved eight of the 27 enforcement cases brought just two weeks ago against companies for selling products without properly certifying their compliance with the Department's conservation standards. The swift resolution of nearly one-third of these cases reflects the central goal of the Department's enforcement effort - compliance with all aspects of the Department's regulations to ensure that consumers have the information they need to buy energy and cost saving products. Each of the eight companies responded promptly to the Department's notice, cooperated fully to resolve all issues, and committed to certifying

442

Cloud-Resolving Model Simulation and Mosaic Treatment of Subgrid Cloud-Radiation Interaction  

NLE Websites -- All DOE Office Websites (Extended Search)

Cloud-Resolving Model Simulation and Mosaic Treatment Cloud-Resolving Model Simulation and Mosaic Treatment of Subgrid Cloud-Radiation Interaction X. Wu Department of Geological and Atmospheric Sciences Iowa State University Ames, Iowa X.-Z. Liang Illinois State Water Survey University of Illinois at Urbana-Champaign Champaign, Illinois Introduction Improving the representation of cloud-radiation interaction is a major challenge for the global climate simulation. The development of cloud-resolving models (CRMs) and the extensive Atmospheric Radiation Measurements (ARMs) provide a unique opportunity for shading some lights on this problem. Current general circulation models (GCMs) predict cloud cover fractions and hydrometeor concentra- tions only in individual model layers, where clouds are assumed to be horizontally homogeneous in a

443

Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action |  

NLE Websites -- All DOE Office Websites (Extended Search)

Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action November 23, 2010 - 6:34pm Addthis The Department of Energy has settled the civil penalty action it initiated against Air-Con International for Air-Con's sale of air conditioners in the United States that used more energy than allowed by federal law. On September 20, 2010, based on Air-Con's responses to a DOE subpoena, DOE ordered Air-Con to stop selling noncompliant air conditioners in the United States and proposed civil penalties for the noncompliant units sold by the company. Air-Con promptly ceased U.S. sales of the noncompliant models. In the settlement announced today, DOE agreed to accept a civil penalty of $10,000, after considering factors set forth in DOE's penalty guidance,

444

Resolve to Save Energy in the New Year | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Resolve to Save Energy in the New Year Resolve to Save Energy in the New Year Resolve to Save Energy in the New Year December 30, 2008 - 4:00am Addthis Allison Casey Senior Communicator, NREL What are your New Year's Resolutions? It's that time again to make your list and decide how January 1st will be the day you start your new and improved life! [end the infomercial voiceover] In all seriousness, it seems that most New Year's Resolutions are abandoned sometime around mid-February, in spite of our best intentions. But it doesn't have to be that way. I know and you know that your resolutions are important, as shown by USA.gov's list of popular New Year's resolutions. My guess is that one of the most popular resolutions this year will be to save money. If saving money is one of your resolutions, have you considered

445

Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action Air-Con Agrees to Pay Civil Penalty to Resolve Enforcement Action November 23, 2010 - 6:34pm Addthis The Department of Energy has settled the civil penalty action it initiated against Air-Con International for Air-Con's sale of air conditioners in the United States that used more energy than allowed by federal law. On September 20, 2010, based on Air-Con's responses to a DOE subpoena, DOE ordered Air-Con to stop selling noncompliant air conditioners in the United States and proposed civil penalties for the noncompliant units sold by the company. Air-Con promptly ceased U.S. sales of the noncompliant models. In the settlement announced today, DOE agreed to accept a civil penalty of $10,000, after considering factors set forth in DOE's penalty guidance,

446

HST resolved image and spectra of z=2 QSO 1345+584  

E-Print Network (OSTI)

The QSO 1345+584 has been spatially resolved by direct images and in spectral images, and has extended flux asymmetrically to the W, where its inner radio structure is seen. The brightest knots in the resolved flux correspond closely with knots in the curved radio jet, and the brightest knot has velocity of approach of some 3000 km/s with respect to the nucleus. Other parts of the line-emitting material appear to follow a systematic velocity field with values up to 1000 km/s with respect to the nucleus. The signal from the resolved continuum is not detected spectroscopically but accounts for 2/3 of the (rest UV) flux, so that it is likely to originate in hot stars. The QSO lies in or behind a compact group of galaxies of comparable brightness and irregular and knotty morphology, which probably form a dense physical group with very young stellar populations.

J. B. Hutchings

1998-04-07T23:59:59.000Z

447

Efficient spin resolved spectroscopy observation machine at Hiroshima Synchrotron Radiation Center  

SciTech Connect

Highly efficient spin- and angle-resolved photoelectron spectrometer named ESPRESSO (Efficient SPin REsolved SpectroScopy Observation) machine has been developed at the beamline BL-9B in Hiroshima Synchrotron Radiation Center. Combination of high-resolution hemispherical electron analyzer and the high-efficient spin detector based on very low energy electron diffraction by the ferromagnetic target makes the high-energy resolution and angular resolution compatible with spin- and angle-resolved photoemission (SARPES) measurement. 7.5 meV in energy and {+-}0.18 deg. in angular resolution have been achieved with spin resolution. The ESPRESSO machine, combination of quick energy-band dispersion measurement and Fermi surface mapping by two-dimensional electron detector for the spin integrated ARPES and the high-efficient spin analysis by the efficient spin detector realizes the comprehensive investigation of spin electronic structure of materials.

Okuda, Taichi; Miyamaoto, Koji; Namatame, Hirofumi [Hiroshima Synchrotron Radiation Center (HSRC), Hiroshima University, 2-313 Kagamiyama, Higashi-Hiroshima 739-0046 (Japan); Miyahara, Hirokazu; Kuroda, Kenta; Kimura, Akio [Graduate School of Science, Hiroshima University, 1-3-1 Kagamiyama, Higashi-Hiroshima 739-8526 (Japan); Taniguchi, Masaki [Hiroshima Synchrotron Radiation Center (HSRC), Hiroshima University, 2-313 Kagamiyama, Higashi-Hiroshima 739-0046 (Japan); Graduate School of Science, Hiroshima University, 1-3-1 Kagamiyama, Higashi-Hiroshima 739-8526 (Japan)

2011-10-15T23:59:59.000Z

448

Time-resolved studies of particle effects in laser ablation inductively coupled plasma-mass spectrometry  

Science Conference Proceedings (OSTI)

Time resolved signals in laser ablation inductively coupled plasma mass spectrometry (LA-ICP-MS) are studied to determine the influence of experimental parameters on ICP-induced fractionation effects. Differences in sample composition and morphology, i.e., ablating brass, glass, or dust pellets, have a profound effect on the time resolved signal. Helium transport gas significantly decreases large positive signal spikes arising from large particles in the ICP. A binder for pellets also reduces the abundance and amplitude of spikes in the signal. MO{sup +} ions also yield signal spikes, but these MO{sup +} spikes generally occur at different times from their atomic ion counterparts.

Perdian, D.; Bajic, S.; Baldwin, D.; Houk, R.

2007-11-13T23:59:59.000Z

449

Time-Resolved Magnetic Flux and AC-Current Distributions in Superconducting YBCO Thin Films and  

E-Print Network (OSTI)

Time-Resolved Magnetic Flux and AC-Current Distributions in Superconducting YBCO Thin Films magnetic field. We study the interaction behavior of YBCO thin films in an ac transport current and a dc the calibrated field profiles. The current density evolution in YBCO thin films is studied by TRMOI as a function

Lewis, Robert Michael

450

A strategy for verifying near-convection-resolving model forecasts at observing sites  

Science Conference Proceedings (OSTI)

Routine verification of deterministic Numerical Weather Prediction (NWP) forecasts from the convection-permitting 4 km (UK4) and near-convection-resolving 1.5 km (UKV) configurations of the Met Office Unified Model (MetUM) has shown that it is ...

Marion P. Mittermaier

451

Combining Cloud-Resolving Model with Satellite for Cloud Process Model Simulation Validation  

Science Conference Proceedings (OSTI)

Advances in computer power have made it possible to increase the spatial resolution of regional numerical models to a scale encompassing larger convective elements of less than 5 km in size. One goal of high resolution is to begin to resolve ...

Renato G. Negri; Luiz A. T. Machado; Stephen English; Mary Forsythe

452

Representation of Boundary Layer Moisture Transport in Cloud-Resolving Models  

Science Conference Proceedings (OSTI)

One of the important roles of the PBL is to transport moisture from the surface to the cloud layer. However, how this transport process can be accounted for in cloud-resolving models (CRMs) is not sufficiently clear and has rarely been examined. A ...

Chin-Hoh Moeng; Akio Arakawa

2012-11-01T23:59:59.000Z

453

Recent Changes in the Pacific Subtropical Cells Inferred from an Eddy-Resolving Ocean Circulation Model  

Science Conference Proceedings (OSTI)

In this study the subtropical cells (STC) in the Pacific Ocean are analyzed using an eddy-resolving ocean general circulation model driven by atmospheric forcing for the years 19922003. In particular, the authors seek to identify decadal changes ...

Wei Cheng; Michael J. McPhaden; Dongxiao Zhang; E. Joseph Metzger

2007-05-01T23:59:59.000Z

454

Thermohaline Structure of an Eddy-Resolving North Atlantic Model: The Influence of Boundary Conditions  

Science Conference Proceedings (OSTI)

A TS volumetric census, with a resolution of 0.2C and 0.1 psu, for years 20-25 of the World Ocean Circulation Experiment Community Modeling Effort eddy-resolving simulation of the equatorial and North Atlantic Ocean, reveals how the ...

John M. Klinck

1995-06-01T23:59:59.000Z

455

A Mixed Scheme for Subgrid-Scale Fluxes in Cloud-Resolving Models  

Science Conference Proceedings (OSTI)

A large-domain large-eddy simulation of a tropical deep convection system is used as a benchmark to derive and test a mixed subgrid-scale (SGS) scheme for scalar and momentum fluxes in cloud-resolving models (CRMs). The benchmark simulation ...

C.-H. Moeng; P. P. Sullivan; M. F. Khairoutdinov; D. A. Randall

2010-11-01T23:59:59.000Z

456

UNIVERSITY OF CALIFORNIA, Effects of Vertically-Resolved Solar Heating, Snow Aging, and Black  

E-Print Network (OSTI)

UNIVERSITY OF CALIFORNIA, IRVINE Effects of Vertically-Resolved Solar Heating, Snow Aging formats: Committee Chair University of California, Irvine 2007 ii #12;To my parents, John and Cindy. iii, albedo, snow grain size, and absorbing impurities. . 8 2.1 Solar absorption profiles prescribed by CLM

Zender, Charles

457

Testing the Fixed Anvil Temperature Hypothesis in a Cloud-Resolving Model  

Science Conference Proceedings (OSTI)

Using cloud-resolving simulations of tropical radiativeconvective equilibrium, it is shown that the anvil temperature changes by less than 0.5 K with a 2-K change in SST, lending support to the fixed anvil temperature (FAT) hypothesis. The ...

Zhiming Kuang; Dennis L. Hartmann

2007-05-01T23:59:59.000Z

458

Seasonal influence of insolation on fine-resolved air temperature variation and snowmelt  

Science Conference Proceedings (OSTI)

This study uses GIS-based modeling of incoming solar radiation to quantify fine-resolved spatiotemporal responses of year-round monthly average temperature within a field study area located on the eastern coast of Sweden. A network of temperature ...

Nikki Vercauteren; Steve W. Lyon; Georgia Destouni

459

Detecting Free Carriers in Organic Photovoltaic Systems: Time-Resolved Microwave Conductivity  

DOE Green Energy (OSTI)

In here we report on using flash photolysis, time-resolved microwave conductivity (fp-TRMC) as a tool for detecting the fate of mobile charge carriers. This spectroscopy does not require electrodes and can therefore focus attention on the active components of the donor- acceptor system and provide insight into the heart of OPV device functionality.

Rumbles, G.; Kopidakis, N.; Coffey, D.; Ferguson, A.; Dayal, S.; Reid, O.

2011-01-01T23:59:59.000Z

460

Analysis on Resolved and Parameterized Vertical Transports in Convective Boundary Layers at Gray-Zone Resolutions  

Science Conference Proceedings (OSTI)

The gray zone of a physical process in numerical models is defined as the range of model resolution in which the process is partly resolved by model dynamics and partly parameterized. In this study, we examine the grid-size dependencies of ...

Hyeyum Hailey Shin; Song-You Hong

Note: This page contains sample records for the topic "resolving vulnerability u-098" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

Very simple, carbuncle-free, boundary-layer-resolving, rotated-hybrid Riemann solvers  

Science Conference Proceedings (OSTI)

In this paper, we propose new Euler flux functions for use in a finite-volume Euler/Navier-Stokes code, which are very simple, carbuncle-free, yet have an excellent boundary-layer-resolving capability, by combining two different Riemann solvers into ... Keywords: Carbuncle, Hybrid schemes, Rotated Riemann solvers, Shock instability, Upwind schemes

Hiroaki Nishikawa; Keiichi Kitamura

2008-02-01T23:59:59.000Z

462

Time Resolved Shadowgraph Images of Silicon during Laser Ablation:Shockwaves and Particle Generation  

SciTech Connect

Time resolved shadowgraph images were recorded of shockwaves and particle ejection from silicon during laser ablation. Particle ejection and expansion were correlated to an internal shockwave resonating between the shockwave front and the target surface. The number of particles ablated increased with laser energy and was related to the crater volume.

Liu, C.Y.; Mao, X.L.; Greif, R.; Russo, R.E.

2006-05-06T23:59:59.000Z

463

Analysis of Resolved and Parameterized Vertical Transports in Convective Boundary Layers at Gray-Zone Resolutions  

Science Conference Proceedings (OSTI)

The gray zone of a physical process in numerical models is defined as the range of model resolution in which the process is partly resolved by model dynamics and partly parameterized. In this study, the authors examine the grid-size dependencies ...

Hyeyum Hailey Shin; Song-You Hong

2013-10-01T23:59:59.000Z

464

Vibrationally resolved transitions in ion-molecule and atom-molecular ion slow collisions  

DOE Data Explorer (OSTI)

The data tables and interactive graphs made available here contain theoretical integral cross sections for vibrational excitation and vibrationally resolved charge transfer from vibrationally excited states of H2 and H2+ with protons and hydrogen atoms, respectively. [From http://www-cfadc.phy.ornl.gov/h2mol/home.html] (Specialized Interface)

465

Decadal Variability of the Kuroshio Extension: Observations and an Eddy-Resolving Model Hindcast  

Science Conference Proceedings (OSTI)

Low-frequency variability of the Kuroshio Extension (KE) is studied using observations and a multidecadal (19502003) hindcast by a high-resolution (0.1), eddy-resolving, global ocean general circulation model for the Earth Simulator (OFES). In ...

Bunmei Taguchi; Shang-Ping Xie; Niklas Schneider; Masami Nonaka; Hideharu Sasaki; Yoshikazu Sasai

2007-06-01T23:59:59.000Z

466

Highly charged ions in Penning traps, a new tool for resolving low lying isomeric states  

E-Print Network (OSTI)

The use of highly charged ions increases the precision and resolving power, in particular for short-lived species produced at on-line radio-isotope beam facilities, achievable with Penning trap mass spectrometers. This increase in resolving power provides a new and unique access to resolving low-lying long-lived ($T_{1/2} > 50$ ms) nuclear isomers. Recently, the $111.19(22)$ keV (determined from $\\gamma$-ray spectroscopy) isomeric state in $^{78}$Rb has been resolved from the ground state, in a charge state of $q=8+$ with the TITAN Penning trap at the TRIUMF-ISAC facility. The excitation energy of the isomer was measured to be $108.7(6.4)$ keV above the ground state. The extracted masses for both the ground and isomeric states, and their difference, agree with the AME2003 and Nuclear Data Sheet values. This proof of principle measurement demonstrates the feasibility of using Penning trap mass spectrometers coupled to charge breeders to study nuclear isomers and opens a new route for isomer searches.

A. T. Gallant; M. Brodeur; T. Brunner; U. Chowdhury; S. Ettenauer; V. V. Simon; E. Man; M. C. Simon; C. Andreoiu; P. Delheij; G. Gwinner; M. R. Pearson; R. Ringle; J. Dilling

2011-12-03T23:59:59.000Z

467

Boundary Current Separation in a Quasigeostrophic, Eddy-resolving Ocean Circulation Model  

Science Conference Proceedings (OSTI)

The response of a rectangular, flat-bottom, eddy-resolving, quasigeostrophic ocean to a steady, double-gyre wind stress is studied to assess the sensitivity of the solutions to a partial-slip lateral boundary condition in which tangential stress ...

Dale B. Haidvogel; James C. McWilliams; Peter R. Gent

1992-08-01T23:59:59.000Z

468

Resolving Time  

Science Conference Proceedings (OSTI)

Mar 2, 2011 ... The proposed research exploits the unique features of the VULCAN diffractometer at SNS, ORNL, to perform in-situ neutron diffraction...

469

Institute for Research on Poverty Discussion Paper no. 1055-95 Vulnerability to Future Dependence among Former AFDC Mothers  

E-Print Network (OSTI)

This study analyzes short-run AFDC recidivism among mother-only families. Findings suggest that a sizable minority of former AFDC recipients return to AFDC rapidly. Those most likely to return to AFDC are those switching jobs, those moving to public housing, those adding children, and those not getting regular child support payments. The results also suggest that wages are better predictors of staying off AFDC than are alternative measures of success in the labor market. Vulnerability to Future Dependence among Former AFDC Mothers I.

Peter David Brandon; Robert Moffitt; Alberto Palloni; James Walker; Larry Wu

1995-01-01T23:59:59.000Z

470

In-Situ Observations of Phase Transformations During Welding of 1045 Steel using Spatially Resolved and Time Resolved X-Ray Diffraction  

SciTech Connect

Synchrotron-based methods have been developed at Lawrence Livermore National Laboratory (LLNL) for the direct observation of microstructure evolution during welding. These techniques, known as spatially resolved (SRXRD) and time resolved (TRXRD) x-ray diffraction, allow in-situ experiments to be performed during welding and provide direct observations of high temperature phases that form under the intense thermal cycles that occur. This paper presents observations of microstructural evolution that occur during the welding of a medium carbon AISI 1045 steel, using SRXRD to map the phases that are present during welding, and TRXRD to dynamically observe transformations during rapid heating and cooling. SRXRD was further used to determine the influence of welding heat input on the size of the high temperature austenite region, and the time required to completely homogenize this region during welding. These data can be used to determine the kinetics of phase transformations under the steep thermal gradients of welds, as well as benchmark and verify phase transformation models.

Elmer, J; Palmer, T; DebRoy, T

2005-10-28T23:59:59.000Z

471

Characterization of high-quality InGaN/GaN multiquantum wells with time-resolved photoluminescence  

E-Print Network (OSTI)

Characterization of high-quality InGaN/GaN multiquantum wells with time-resolved photoluminescence October 1997; accepted for publication 5 January 1998 Recombination in single quantum well and multiquantum well InGaN/GaN structures is studied using time-resolved photoluminescence and pulsed

Bowers, John

472

A closure for updraft-downdraft representation of subgrid-scale fluxes in cloud-resolving models  

Science Conference Proceedings (OSTI)

A closure relationship between subgrid-scale (SGS) updraft-downdraft differences and resolvable-scale (RS) variables is proposed and tested for cloud-resolving models (CRMs), based on a data analysis of a large-eddy simulation (LES) of deep ...

Chin-Hoh Moeng

473

A Global Eddy-Resolving Coupled Physical-Biological Model: Physical Influences on a Marine Ecosystem in the North Pacific  

Science Conference Proceedings (OSTI)

Physical influences on a marine ecosystem in the open ocean are investigated using a simplified four-component ecosystem model embedded in an eddy-resolving ocean general-circulation model (OGCM). The annual cycle of temperature, nitrate, and phytoplankton ... Keywords: Marine ecosystem, North Pacific, eddy-resolving OGCM, physical processes

Yoshikazu Sasai; Akio Ishida; Hideharu Sasaki; Shintaro Kawahara; Hitoshi Uehara; Yasuhiro Yamanaka

2006-07-01T23:59:59.000Z

474

The Resolving Power of a Single Exact-Repeat Altimetric Satellite or a Coordinated Constellation of Satellites  

Science Conference Proceedings (OSTI)

It is proved that the midpoint grid, which is composed of samples obtained at ground track locations midway between crossover points (thus a subset of the full sampling), has the same resolving power as the full set; that is, they resolve the ...

Chang-Kou Tai

2004-05-01T23:59:59.000Z

475

Development of a Fast Time-Resolved Aerosol Collector (Fast TRAC)  

NLE Websites -- All DOE Office Websites (Extended Search)

Yu Yu & James Cowin PNNL Fast Time-Resolved Aerosol Collector ......Fast TRAC...... Xiao-Ying Yu, Ali Hashim, Martin Iedema, and James Cowin Atmospheric Sciences, Chemical Sciences Pacific Northwest National Laboratory Richland, WA Research is supported by NOAA & DOE. *Patent Pending Xiao-Ying Yu & James Cowin PNNL Cloud Microstructures ≤ 1 m Want to know the aerosols at this resolution Aircraft flies at 150 m/s Need time resolution 1 m/150 m/s = 6 ms (!!!!!) Xiao-Ying Yu & James Cowin PNNL What is TRAC? - Time-Resolved Aerosol Collector * Uses an impactor * ~ 600 TEM samples * Flow rate: 1 l/min * Time resolution: ≥ 1 min* * Applications: Off-line analysis: - particle hygroscopicity, morphology, composition.. (6.5 in) 3 , 7 lb, 12 V, 8 W 0% 20% 40% 60%

476

Time-Resolved NMR: Extracting the Topology of Complex Enzyme Networks  

NLE Websites -- All DOE Office Websites (Extended Search)

Resolved Resolved NMR: Extracting the Topology of Complex Enzyme Networks Yingnan Jiang, † Tyler McKinnon, † Janani Varatharajan, † John Glushka, † James H. Prestegard, † Andrew T. Sornborger, ‡§ Heinz-Bernd Schu ¨ ttler, { and Maor Bar-Peled † * † Complex Carbohydrate Research Center, ‡ Department of Mathematics, § Faculty of Engineering, and { Department of Physics and Astronomy, University of Georgia, Athens, Georgia ABSTRACT The use of nondestructive NMR spectroscopy for enzymatic studies offers unique opportunities to identify nearly all enzymatic byproducts and detect unstable short-lived products or intermediates at the molecular level; however, numerous challenges must be overcome before it can become a widely used tool. The biosynthesis of acetyl-coenzyme A (acetyl-CoA) by acetyl-CoA synthetase is used here as a case study for the development of