National Library of Energy BETA

Sample records for vulnerabilities multiple vulnerabilities

  1. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  2. V-224: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in...

  3. V-121: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

  4. V-207: Wireshark Multiple Denial of Service Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

  5. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  6. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  7. V-097: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  8. V-126: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system

  9. V-111: Multiple vulnerabilities have been reported in Puppet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerable system. SOLUTION: Update to a fixed version. Addthis Related Articles V-090: Adobe Flash Player AIR Multiple Vulnerabilities V-083: Oracle Java Multiple...

  10. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-191: Oracle Java Multiple Vulnerabilities U-105:Oracle Java SE Critical Patch Update Advisory T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities...

  11. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  12. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  13. T-540: Sybase EAServer Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information.

  14. V-131: Adobe Shockwave Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system

  15. V-208: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system.

  16. V-094: IBM Multiple Products Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database

  17. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security...

  18. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X...

  19. U-169: Sympa Multiple Security Bypass Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    May 15, 2012 - 7:00am Addthis PROBLEM: Sympa Multiple Security Bypass Vulnerabilities PLATFORM: Sympa in versions prior to 6.1.11 ABSTRACT: Multiple vulnerabilities have been...

  20. U-013: HP Data Protector Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

  1. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 0: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin

  2. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

  3. U-198: IBM Lotus Expeditor Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

  4. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  5. U-179: IBM Java 7 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  6. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591

  7. V-187: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  8. U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player

  9. V-107: Wireshark Multiple Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  10. U-173: Symantec Web Gateway Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system.

  11. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  12. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  13. T-542: SAP Crystal Reports Server Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.

  14. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

  15. U-273: Multiple vulnerabilities have been reported in Wireshark

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  16. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT

  17. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

  18. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Reader/Acrobat Multiple Vulnerabilities U-146: Adobe Reader/Acrobat Multiple Vulnerabilities April 12, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat. PLATFORM: Adobe Acrobat 9.x Adobe Acrobat X 10.x Adobe Reader 9.x Adobe Reader X 10.x ABSTRACT: Vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive

  19. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

  20. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

  1. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

  2. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related

  3. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 9.0 or update to version 8.5.3 Fix Pack 4 when available Addthis Related Articles T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service...

  4. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions...

  5. V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager

  6. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  7. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Red Hat CloudForms Multiple Vulnerabilities V-041: Red Hat CloudForms Multiple Vulnerabilities December 6, 2012 - 4:01am Addthis PROBLEM: Red Hat CloudForms Multiple Vulnerabilities PLATFORM: CloudForms ABSTRACT: Multiple vulnerabilities have been reported in Red Hat CloudForms REFERENCE LINKS: RHSA-2012-1542-1 RHSA-2012-1543-1 Secunia Advisory SA51472 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-2139 CVE-2012-2140 CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695 CVE-2012-3424

  8. T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application.

  9. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  10. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Energy Savers [EERE]

    | Department of Energy 51: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities February 7, 2011 - 7:56am Addthis PROBLEM: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities. PLATFORM: Cisco WebEx recording players. Microsoft Windows, Apple Mac OS X, and Linux versions of the player are all affected. Affected versions of the players are those prior to client builds T27LC SP22 and

  11. U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system

  12. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  13. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  14. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  15. Lessons about vulnerability assessments.

    SciTech Connect (OSTI)

    Johnston, R. G.

    2004-01-01

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.

  16. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor facility and infrastructure drawings. The assessment team believes that the information, experience, and insight gained through FEVA will help in the planning and prioritization of ongoing efforts to resolve environmental vulnerabilities at UT-Battelle--managed ORNL facilities.

  17. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  18. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  19. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the control system processes and functions. With the detailed knowledge of how the control data functions, as well as what computers and devices communicate using this data, the attacker can use a well known Man-in-the-Middle attack to perform malicious operations virtually undetected. The control systems assessment teams have used this method to gather enough information about the system to craft an attack that intercepts and changes the information flow between the end devices (controllers) and the human machine interface (HMI and/or workstation). Using this attack, the cyber assessment team has been able to demonstrate complete manipulation of devices in control systems while simultaneously modifying the data flowing back to the operator's console to give false information of the state of the system (known as ''spoofing''). This is a very effective technique for a control system attack because it allows the attacker to manipulate the system and the operator's situational awareness of the perceived system status. The three main elements of this attack technique are: (1) network reconnaissance and data gathering, (2) reverse engineering, and (3) the Man-in-the-Middle attack. The details of this attack technique and the mitigation techniques are discussed.

  20. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management Programs

  1. Climate Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    Climate Vulnerabilities Climate Vulnerabilities The Energy Sector's Vulnerabilities to Climatic Conditions x Impacts Due to... Increasing Temperatures Decreasing Water Availability Increasing Storms, Flooding, and Sea Level Rise See All Impacts Map locations are approximate. Find out more about this data here. Click and drag the map to read about each location

  2. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Energy Savers [EERE]

    Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized...

  3. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future ...

  4. V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    source code repository Addthis Related Articles V-222: SUSE update for Filezilla V-157: Adobe Reader Acrobat Multiple Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws...

  5. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability...

  6. NSTB Summarizes Vulnerable Areas | Department of Energy

    Office of Environmental Management (EM)

    NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. PDF icon NSTB Summarizes Vulnerable Areas More Documents & Publications Lessons Learned from Cyber Security Assessments of SCADA and Energy

  7. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  8. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  9. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  10. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  11. U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior

  12. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendor’s) System replaces the name of the specific SCADA/EMS being tested.

  13. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  14. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier; Duarte, Oscar; Requena, Ignacio; Zamorano, Montserrat

    2012-01-15

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  15. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of ...

  16. OLADE-Central America Climate Change Vulnerability Program |...

    Open Energy Info (EERE)

    Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program AgencyCompany Organization Latin...

  17. India-Vulnerability Assessment and Enhancing Adaptive Capacities...

    Open Energy Info (EERE)

    Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

  18. Common Cyber Security Vulnerabilities Observed in Control System...

    Energy Savers [EERE]

    Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

  19. Top 10 Vulnerabilities of Control Systems and Their Associated...

    Energy Savers [EERE]

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document...

  20. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Energy Savers [EERE]

    TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides...

  1. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment AgencyCompany Organization Climate and Development...

  2. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment (Redirected from CDKN-Colombia-Cartagena Vulnerability Assessment) Jump to: navigation, search Name Colombia-CDKN-Cartagena...

  3. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  4. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  5. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  6. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  7. T-731:Symantec IM Manager Code Injection Vulnerability | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code...

  8. Regional Climate Vulnerabilities and Resilience Solutions | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Regional Climate Vulnerabilities and Resilience Solutions Regional Climate Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please view it in a modern browser.

  9. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

  10. Vulnerability Analysis of Energy Delivery Control Systems (September 2011)

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems (September 2011) The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides recommendations for vendors and owners of those systems to identify and reduce those risks. PDF icon Vulnerability Analysis of Energy Delivery Control Systems (September 2011) More

  11. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  12. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability

  13. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  14. T-564: Vulnerabilities in Citrix Licensing administration components

    Broader source: Energy.gov [DOE]

    The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

  15. V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system

  16. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 74: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT

  17. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  18. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  19. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Energy Savers [EERE]

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. PDF icon Guide to Critical Infrastructure

  20. COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS Jason Stamp, John Dillinger, and William Young Networked Systems Survivability and Assurance Department Jennifer DePoy Information Operations Red Team & Assessments Department Sandia National Laboratories Albuquerque, NM 87185-0785 22 May 2003 (2 nd edition, revised 11 November 2003) Copyright © 2003, Sandia Corporation. All rights reserved. Permission is granted to display, copy, publish, and distribute this document in its

  1. V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the

  2. Temperature-based Instanton Analysis: Identifying Vulnerability in Transmission Networks

    SciTech Connect (OSTI)

    Kersulis, Jonas; Hiskens, Ian; Chertkov, Michael; Backhaus, Scott N.; Bienstock, Daniel

    2015-04-08

    A time-coupled instanton method for characterizing transmission network vulnerability to wind generation fluctuation is presented. To extend prior instanton work to multiple-time-step analysis, line constraints are specified in terms of temperature rather than current. An optimization formulation is developed to express the minimum wind forecast deviation such that at least one line is driven to its thermal limit. Results are shown for an IEEE RTS-96 system with several wind-farms.

  3. T-550: Apache Denial of Service Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption).

  4. Vulnerability Analysis of Energy Delivery Control Systems

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the

  5. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G.; Pedretti, Kevin Thomas Tauke; Mueller, Frank; Fiala, David; Brightwell, Ronald Brian

    2012-05-01

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  6. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan

    2014-01-15

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: • This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. • Seventeen social vulnerability indicators are categorized into four dimensions. • This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. • 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. • This study provides a foundation for sustainable strategic planning to deal with environmental change. • Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

  7. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides practices that can help mitigate the potential risks that can occur to some electricity sector organizations. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. PDF icon TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR

  8. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of Indian Energy report assesses climate change and extreme weather vulnerabilities specific to tribal energy infrastructure and systems in the contiguous United States and Alaska. It includes information about the impacts from climate change and extreme weather events on both onsite and offsite

  9. T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

  10. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors

  11. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J; Fernandez, Steven J

    2014-01-01

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

  12. U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

  13. V-082: Novell GroupWise Client Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

  14. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    France) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country France Coordinates...

  15. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  16. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  17. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  18. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 Kathy Lee ... vulnerabilities include balancing the risk of system compromise by an intruder with ...

  19. U-172: OpenOffice.org Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

  20. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Energy Savers [EERE]

    Department of Energy 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct

  1. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

  2. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    :"","inlineLabel":"","visitedicon":"" Display map Period 2011-2014 References EU Smart Grid Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency...

  3. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton (Albuquerque, NM); Phillips, Cynthia A. (Albuquerque, NM)

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  4. MODELING UNDERGROUND STRUCTURE VULNERABILITY IN JOINTED ROCK

    SciTech Connect (OSTI)

    R. SWIFT; D. STEEDMAN

    2001-02-01

    The vulnerability of underground structures and openings in deep jointed rock to ground shock attack is of chief concern to military planning and security. Damage and/or loss of stability to a structure in jointed rock, often manifested as brittle failure and accompanied with block movement, can depend significantly on jointed properties, such as spacing, orientation, strength, and block character. We apply a hybrid Discrete Element Method combined with the Smooth Particle Hydrodynamics approach to simulate the MIGHTY NORTH event, a definitive high-explosive test performed on an aluminum lined cylindrical opening in jointed Salem limestone. Representing limestone with discrete elements having elastic-equivalence and explicit brittle tensile behavior and the liner as an elastic-plastic continuum provides good agreement with the experiment and damage obtained with finite-element simulations. Extending the approach to parameter variations shows damage is substantially altered by differences in joint geometry and liner properties.

  5. V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls U-226: Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability...

  6. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  7. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  8. T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

  9. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  10. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J; Pleszkoch, Mark G; Sayre, Kirk D; Linger, Richard C

    2012-01-01

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  11. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Energy Savers [EERE]

    | Department of Energy 14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis PROBLEM: Cisco Unified Communications Manager contains a vulnerability that could allow an authenticated, remote attacker to inject arbitrary script code on a targeted system. PLATFORM: Cisco Unified Communications Manager versions prior to 8.5(1), 8.0(3), 7.1(5)su1, and 6.1(5)su2 are

  12. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  13. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Energy Savers [EERE]

    Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions ...

  14. T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.

  15. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  16. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  17. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate...

  18. V-173: Plesk 0-Day Vulnerability | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro...

  19. Potential Vulnerability of US Petroleum Refineries to Increasing Water

    Energy Savers [EERE]

    Temperature and/or Reduced Water Availability | Department of Energy Potential Vulnerability of US Petroleum Refineries to Increasing Water Temperature and/or Reduced Water Availability Potential Vulnerability of US Petroleum Refineries to Increasing Water Temperature and/or Reduced Water Availability This report discusses potential impacts of increased water temperature and reductions in water availability on petroleum refining and presents case studies related to refinery water use. Report

  20. Common Cyber Security Vulnerabilities Observed in Control System

    Energy Savers [EERE]

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  1. Mitigations for Security Vulnerabilities Found in Control System Networks |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the

  2. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Energy Savers [EERE]

    Department of Energy 96: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can

  3. U.S. Energy Sector Vulnerability Report | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support climate change preparedness and resilience planning -- and to advance the Energy Department's goal of promoting energy security -- the Department is assessing the threats of climate change and extreme weather to the Nation' energy system. Two reports have been released that examine the current and potential future impacts of climate change and extreme weather on the

  4. T-607: Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability.

  5. V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability

    Broader source: Energy.gov [DOE]

    The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution

  6. Climate variability and climate change vulnerability and adaptation. Workshop summary

    SciTech Connect (OSTI)

    Bhatti, N.; Cirillo, R.R.; Dixon, R.K.

    1995-12-31

    Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

  7. Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

  8. Energy Department Issues Tribal Energy System Vulnerabilities to Climate

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Change and Extreme Weather Report, $6M for Native American Clean Energy Projects | Department of Energy Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects Energy Department Issues Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects September 2, 2015 - 3:30pm Addthis NEWS MEDIA CONTACT 202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy

  9. Regulatory Guide on Conducting a Security Vulnerability Assessment

    SciTech Connect (OSTI)

    Ek, David R.

    2016-01-01

    This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

  10. Vulnerability of the US to future sea level rise

    SciTech Connect (OSTI)

    Gornitz, V. . Goddard Inst. for Space Studies); White, T.W.; Cushman, R.M. )

    1991-01-01

    The differential vulnerability of the conterminous United States to future sea level rise from greenhouse climate warming is assessed, using a coastal hazards data base. This data contains information on seven variables relating to inundation and erosion risks. High risk shorelines are characterized by low relief, erodible substrate, subsidence, shoreline retreat, and high wave/tide energies. Very high risk shorelines on the Atlantic Coast (Coastal Vulnerability Index {ge}33.0) include the outer coast of the Delmarva Peninsula, northern Cape Hatteras, and segments of New Jersey, Georgia and South Carolina. Louisiana and sections of Texas are potentially the most vulnerable, due to anomalously high relative sea level rise and erosion, coupled with low elevation and mobile sediments. Although the Pacific Coast is generally the least vulnerable, because of its rugged relief and erosion-resistant substrate, the high geographic variability leads to several exceptions, such as the San Joaquin-Sacramento Delta area, the barrier beaches of Oregon and Washington, and parts of the Puget Sound Lowlands. 31 refs., 2 figs., 3 tabs.

  11. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  12. GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |

    National Nuclear Security Administration (NNSA)

    National Nuclear Security Administration Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Countering Nuclear Terrorism About Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Library Bios Congressional Testimony Fact Sheets

  13. U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.

  14. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  15. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  16. V-200: Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    The vulnerabilities can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions

  17. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  18. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  19. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  20. Vulnerability, Sensitivity, and Coping/Adaptive Capacity Worldwide

    SciTech Connect (OSTI)

    Malone, Elizabeth L.; Brenkert, Antoinette L.

    2009-10-01

    Research and analyses have repeatedly shown that impacts of climate change will be unevenly distributed and will affect various societies in various ways. The severity of impacts will depend in part on ability to cope in the short term and adapt in the longer term. However, it has been difficult to find a comparative basis on which to assess differential impacts of climate change. This chapter describes the Vulnerability-Resilience Indicator Model that uses 18 proxy indicators, grouped into 8 elements, to assess on a quantitative basis the comparative potential vulnerability and resilience of countries to climate change. The model integrates socioeconomic and environmental information such as land use, crop production, water availability, per capita GDP, inequality, and health status. Comparative results for 160 countries are presented and analyzed.

  1. Agenda: Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  2. Vulnerability Analysis of Energy Delivery Control Systems - 2011 |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The

  3. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This report was prepared as an account of work sponsored by an agency of the United States government. Neither the United States government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use

  4. T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

  5. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  6. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Office of Environmental Management (EM)

    6 by ISA - The Instrumentation, Systems and Automation Society. Presented at 16th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference; http://www.isa.org Mitigations for Security Vulnerabilities Found in Control System Networks May Permann John Hammer Computer Security Researcher Computer Security Researcher Communications & Cyber Security Communications & Cyber Security Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 Kathy

  7. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  8. V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when

  9. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 | Princeton Plasma Physics Lab February 28, 2013, 4:15pm to 5:30pm Colloquia MBG Auditorium COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 Professor Nicholas K. Coch Queens College CUNY In the last two years. the

  10. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considered subject to demand concerns, supply concerns, or both demand and supply concerns.

  11. V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities

    Broader source: Energy.gov [DOE]

    This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

  12. U-191: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. This Critical Patch Update contains 14 new security fixes across Java SE products.

  13. T-657: Drupal Prepopulate- Multiple vulnerabilities

    Broader source: Energy.gov [DOE]

    The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances.

  14. U-100: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  15. V-214: Mozilla Firefox Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors....

  16. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  17. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  18. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  19. T-656: Microsoft Office Visio DXF File Handling Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Office Visio contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

  20. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  1. T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

  2. V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system

  3. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  4. U-225: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities in Citrix Access Gateway Plug-in for Windows can be exploited by malicious people to compromise a user's system.

  5. U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

  6. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 57: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  7. V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

  8. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  9. T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

    Broader source: Energy.gov [DOE]

    Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

  10. T-572: VMware ESX/ESXi SLPD denial of service vulnerability

    Broader source: Energy.gov [DOE]

    VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

  11. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory

  12. V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT:

  13. U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks.

  14. U-181: IBM WebSphere Application Server Information Disclosure Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to missing access controls in the Application Snoop Servlet when handling requests and can be exploited to disclose request and client information.

  15. U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in IBM Rational ClearQuest. A remote user can cause arbitrary code to be executed on the target user's system.

  16. V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system.

  17. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment...

    Broader source: Energy.gov (indexed) [DOE]

    PROBLEM: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. PLATFORM: * BlackBerry Enterprise Server Express version...

  18. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets

  19. V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

  20. U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 96: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure

  1. U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    The IKEv1 feature of Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected device.

  2. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.

  3. V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for

  4. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    SciTech Connect (OSTI)

    Suski, N; Wuest, C

    2011-02-04

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

  5. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilit...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Articles U-179: IBM Java 7 Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-094: IBM Multiple Products Multiple...

  6. T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

  7. T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected.

  8. Climate change and health: Indoor heat exposure in vulnerable populations

    SciTech Connect (OSTI)

    White-Newsome, Jalonne L.; Sanchez, Brisa N.; Jolliet, Olivier; Zhang, Zhenzhen; Parker, Edith A.; Timothy Dvonch, J.; O'Neill, Marie S.

    2012-01-15

    Introduction: Climate change is increasing the frequency of heat waves and hot weather in many urban environments. Older people are more vulnerable to heat exposure but spend most of their time indoors. Few published studies have addressed indoor heat exposure in residences occupied by an elderly population. The purpose of this study is to explore the relationship between outdoor and indoor temperatures in homes occupied by the elderly and determine other predictors of indoor temperature. Materials and methods: We collected hourly indoor temperature measurements of 30 different homes; outdoor temperature, dewpoint temperature, and solar radiation data during summer 2009 in Detroit, MI. We used mixed linear regression to model indoor temperatures' responsiveness to weather, housing and environmental characteristics, and evaluated our ability to predict indoor heat exposures based on outdoor conditions. Results: Average maximum indoor temperature for all locations was 34.85 Degree-Sign C, 13.8 Degree-Sign C higher than average maximum outdoor temperature. Indoor temperatures of single family homes constructed of vinyl paneling or wood siding were more sensitive than brick homes to outdoor temperature changes and internal heat gains. Outdoor temperature, solar radiation, and dewpoint temperature predicted 38% of the variability of indoor temperatures. Conclusions: Indoor exposures to heat in Detroit exceed the comfort range among elderly occupants, and can be predicted using outdoor temperatures, characteristics of the housing stock and surroundings to improve heat exposure assessment for epidemiological investigations. Weatherizing homes and modifying home surroundings could mitigate indoor heat exposure among the elderly.

  9. T-539: Adobe Acrobat, Reader, and Flash Player Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user. If the user holds elevated privileges, the attacker could execute arbitrary code that results in complete system compromise.

  10. U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address.

  11. T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    IBM and Oracle Java products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

  12. V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow.

  13. V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 2.3.0 or 1.2.19. Addthis Related Articles U-226: Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability V-062: Asterisk Two Denial of...

  14. V-007: McAfee Firewall Enterprise ISC BIND Record Handling Lockup Vulnerability

    Broader source: Energy.gov [DOE]

    McAfee has acknowledged a vulnerability in McAfee Firewall Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service).

  15. V-209:Cisco WAAS (Wide Area Application Services) Arbitrary Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.

  16. V-201: Cisco Intrusion Prevention System SSP Fragmented Traffic Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability in the implementation of the code that processes fragmented traffic could allow an unauthenticated, remote attacker to cause the Analysis Engine process to become unresponsive or cause the affected system to reload.

  17. T-555: Adobe Acrobat and Reader Image Parsing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

  18. Assessment of chemical vulnerabilities in the Hanford high-level waste tanks

    SciTech Connect (OSTI)

    Meacham, J.E.

    1996-02-15

    The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

  19. Vulnerability Assessments and Resilience Planning at Federal Facilities. Preliminary Synthesis of Project

    SciTech Connect (OSTI)

    Moss, R. H.; Delgado, A.; Malone, E L.

    2015-08-15

    U.S. government agencies are now directed to assess the vulnerability of their operations and facilities to climate change and to develop adaptation plans to increase their resilience. Specific guidance on methods is still evolving based on the many different available frameworks. Agencies have been experimenting with these frameworks and approaches. This technical paper synthesizes lessons and insights from a series of research case studies conducted by the investigators at facilities of the U.S. Department of Energy and the Department of Defense. The purpose of the paper is to solicit comments and feedback from interested program managers and analysts before final conclusions are published. The paper describes the characteristics of a systematic process for prioritizing needs for adaptation planning at individual facilities and examines requirements and methods needed. It then suggests a framework of steps for vulnerability assessments at Federal facilities and elaborates on three sets of methods required for assessments, regardless of the detailed framework used. In a concluding section, the paper suggests a roadmap to further develop methods to support agencies in preparing for climate change. The case studies point to several preliminary conclusions; (1) Vulnerability assessments are needed to translate potential changes in climate exposure to estimates of impacts and evaluation of their significance for operations and mission attainment, in other words into information that is related to and useful in ongoing planning, management, and decision-making processes; (2) To increase the relevance and utility of vulnerability assessments to site personnel, the assessment process needs to emphasize the characteristics of the site infrastructure, not just climate change; (3) A multi-tiered framework that includes screening, vulnerability assessments at the most vulnerable installations, and adaptation design will efficiently target high-risk sites and infrastructure; (4) Vulnerability assessments can be connected to efforts to improve facility resilience to motivate participation; and (5) Efficient, scalable methods for vulnerability assessment can be developed, but additional case studies and evaluation are required.

  20. U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather This report-part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process established under Executive Order 13514 and to advance the U.S. Department of Energy's goal of promoting energy

  1. V-145: IBM Tivoli Federated Identity Manager Products Java Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April ... Addthis Related Articles V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities ...

  2. V-132: IBM Tivoli System Automation Application Manager Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, ... T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities V-145: IBM ...

  3. V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-122: IBM Tivoli Application...

  4. V-125: Cisco Connected Grid Network Management System Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am...

  5. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilit...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis...

  6. Modeling Vulnerability and Resilience to Climate Change: A Case Study of India and Indian States

    SciTech Connect (OSTI)

    Brenkert, Antoinette L.; Malone, Elizabeth L.

    2005-09-01

    The vulnerability of India and Indian states to climate change was assessed using the Vulnerability-Resilience Indicator Prototype (VRIP). The model was adapted from the global/country version to account for Indian dietary practices and data availability with regard to freshwater resources. Results (scaled to world values) show nine Indian states to be moderately resilient to climate change, principally because of low sulfur emissions and a relatively large percentage of unmanaged land. Six states are more vulnerable than India as a whole, attributable largely to sensitivity to sea storm surges. Analyses of results at the state level (Orissa, and comparisons between Maharashtra and Kerala, and Andhra Pradesh and Himachal Pradesh) demonstrate the value of VRIP analyses used in conjunction with other socioeconomic information to address initial questions about the sources of vulnerability in particular places. The modeling framework allows analysts and stakeholders to systematically evaluate individual and sets of indicators and to indicate where the likely vulnerabilities are in the area being assessed.

  7. U-148: ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in GRScript18.dll and can be exploited to execute arbitrary Ruby commands.

  8. U-011: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco TelePresence Video Communication Server. A remote user can conduct cross-site scripting attacks.

  9. V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities August 29, ...

  10. V-028: Splunk Multiple Cross-Site Scripting and Denial of Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    28: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities V-028: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities November 20, 2012 -...

  11. Seismic Vulnerability Evaluations Within The Structural And Functional Survey Activities Of The COM Bases In Italy

    SciTech Connect (OSTI)

    Zuccaro, G.; Cacace, F.; Albanese, V.; Mercuri, C.; Papa, F.; Pizza, A. G.; Sergio, S.; Severino, M.

    2008-07-08

    The paper describes technical and functional surveys on COM buildings (Mixed Operative Centre). This activity started since 2005, with the contribution of both Italian Civil Protection Department and the Regions involved. The project aims to evaluate the efficiency of COM buildings, checking not only structural, architectonic and functional characteristics but also paying attention to surrounding real estate vulnerability, road network, railways, harbours, airports, area morphological and hydro-geological characteristics, hazardous activities, etc. The first survey was performed in eastern Sicily, before the European Civil Protection Exercise 'EUROSOT 2005'. Then, since 2006, a new survey campaign started in Abruzzo, Molise, Calabria and Puglia Regions. The more important issue of the activity was the vulnerability assessment. So this paper deals with a more refined vulnerability evaluation technique by means of the SAVE methodology, developed in the 1st task of SAVE project within the GNDT-DPC programme 2000-2002 (Zuccaro, 2005); the SAVE methodology has been already successfully employed in previous studies (i.e. school buildings intervention programme at national scale; list of strategic public buildings in Campania, Sicilia and Basilicata). In this paper, data elaborated by SAVE methodology are compared with expert evaluations derived from the direct inspections on COM buildings. This represents a useful exercise for the improvement either of the survey forms or of the methodology for the quick assessment of the vulnerability.

  12. U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability

    Broader source: Energy.gov [DOE]

    Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

  13. U-199: Drupal Drag & Drop Gallery Module Arbitrary File Upload Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to the sites/all/modules/dragdrop_gallery/upload.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.

  14. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. To address the facility-specific and site-specific vulnerabilities, responsible DOE and site-contractor line organizations have developed initial site response plans. These plans, presented as Volume 2 of this Management Response Plan, describe the actions needed to mitigate or eliminate the facility- and site-specific vulnerabilities identified by the CSV Working Group field verification teams. Initial site response plans are described for: Brookhaven National Lab., Hanford Site, Idaho National Engineering Lab., Lawrence Livermore National Lab., Los Alamos National Lab., Oak Ridge Reservation, Rocky Flats Plant, Sandia National Laboratories, and Savannah River Site.

  15. Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

    SciTech Connect (OSTI)

    Fesharaki, F.; Rizer, J.P.; Greer, L.S.

    1994-05-01

    The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

  16. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  17. T-636: Wireshark Multiple Flaws Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  18. Environmental Tracers for Determining Water Resource Vulnerability to Climate Change

    SciTech Connect (OSTI)

    Singleton, M

    2009-07-08

    Predicted changes in the climate will have profound impacts on water availability in the Western US, but large uncertainties exist in our ability to predict how natural and engineered hydrological systems will respond. Most predictions suggest that the impacts of climate change on California water resources are likely to include a decrease in the percentage of precipitation that falls as snow, earlier onset of snow-pack melting, and an increase in the number of rain on snow events. These processes will require changes in infrastructure for water storage and flood control, since much of our current water supply system is built around the storage of winter precipitation as mountain snow pack. Alpine aquifers play a critical role by storing and releasing snowmelt as baseflow to streams long after seasonal precipitation and the disappearance of the snow pack, and in this manner significantly impact the stream flow that drives our water distribution systems. Mountain groundwater recharge and, in particular, the contribution of snowmelt to recharge and baseflow, has been identified as a potentially significant effect missing from current climate change impact studies. The goal of this work is to understand the behavior of critical hydrologic systems, with an emphasis on providing ground truth for next generation models of climate-water system interactions by implementing LLNL capabilities in environmental tracer and isotopic science. We are using noble gas concentrations and multiple isotopic tracers ({sup 3}H/{sup 3}He, {sup 35}S, {sup 222}Rn, {sup 2}H/{sup 1}H, {sup 18}O/{sup 16}O, and {sup 13}C/{sup 12}C) in groundwater and stream water in a small alpine catchment to (1) provide a snapshot of temperature, altitude, and physical processes at the time of recharge, (2) determine subsurface residence times (over time scales ranging from months to decades) of different groundwater age components, and (3) deconvolve the contribution of these different groundwater components to alpine stream baseflow. This research is showing that groundwater in alpine areas spends between a few years to several decades in the saturated zone below the surface, before feeding into streams or being pumped for use. This lag time may act to reduce the impact on water resources from extreme wet or dry years. Furthermore, our measurements show that the temperature of water when it reaches the water table during recharge is 4 to 9 degrees higher than would be expected for direct influx of snowmelt, and that recharge likely occurs over diffuse vegetated areas, rather than along exposed rock faces and fractures. These discoveries have implications for how alpine basins will respond to climate effects that lead to more rain than snow and earlier snow pack melting.

  19. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions

    Broader source: Energy.gov (indexed) [DOE]

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions October 2015 U.S. Department of Energy Office of Energy Policy and Systems Analysis Acknowledgements This report was produced by the U.S. Department of Energy's Office of Energy Policy and Systems Analysis (DOE-EPSA) under the direction of Craig Zamuda. Matt Antes, C.W. Gillespie, Anna Mosby, and Beth Zotter of Energetics Incorporated provided analysis, drafting support, and technical editing.

  20. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2010-08-25

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future.

  1. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains a discussion of the chemical safety improvements planned or already underway at DOE sites to correct facility or site-specific vulnerabilities. The main part of the report is a discussion of each of the programmatic deficiencies; a description of the tasks to be accomplished; the specific actions to be taken; and the organizational responsibilities for implementation.

  2. Data management for geospatial vulnerability assessment of interdependencies in US power generation

    SciTech Connect (OSTI)

    Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S.

    2009-09-15

    Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

  3. Vulnerability and adaptation to severe weather events in the American southwest

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptationmore » to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.« less

  4. Vulnerability and adaptation to severe weather events in the American southwest

    SciTech Connect (OSTI)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptation to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.

  5. GRiP - A flexible approach for calculating risk as a function of consequence, vulnerability, and threat.

    SciTech Connect (OSTI)

    Whitfield, R. G.; Buehring, W. A.; Bassett, G. W.

    2011-04-08

    Get a GRiP (Gravitational Risk Procedure) on risk by using an approach inspired by the physics of gravitational forces between body masses! In April 2010, U.S. Department of Homeland Security Special Events staff (Protective Security Advisors [PSAs]) expressed concern about how to calculate risk given measures of consequence, vulnerability, and threat. The PSAs believed that it is not 'right' to assign zero risk, as a multiplicative formula would imply, to cases in which the threat is reported to be extremely small, and perhaps could even be assigned a value of zero, but for which consequences and vulnerability are potentially high. They needed a different way to aggregate the components into an overall measure of risk. To address these concerns, GRiP was proposed and developed. The inspiration for GRiP is Sir Isaac Newton's Universal Law of Gravitation: the attractive force between two bodies is directly proportional to the product of their masses and inversely proportional to the squares of the distance between them. The total force on one body is the sum of the forces from 'other bodies' that influence that body. In the case of risk, the 'other bodies' are the components of risk (R): consequence, vulnerability, and threat (which we denote as C, V, and T, respectively). GRiP treats risk as if it were a body within a cube. Each vertex (corner) of the cube represents one of the eight combinations of minimum and maximum 'values' for consequence, vulnerability, and threat. The risk at each of the vertices is a variable that can be set. Naturally, maximum risk occurs when consequence, vulnerability, and threat are at their maximum values; minimum risk occurs when they are at their minimum values. Analogous to gravitational forces among body masses, the GRiP formula for risk states that the risk at any interior point of the box depends on the squares of the distances from that point to each of the eight vertices. The risk value at an interior (movable) point will be dominated by the value of one vertex as that point moves closer and closer to that one vertex. GRiP is a visualization tool that helps analysts better understand risk and its relationship to consequence, vulnerability, and threat. Estimates of consequence, vulnerability, and threat are external to GRiP; however, the GRiP approach can be linked to models or data that provide estimates of consequence, vulnerability, and threat. For example, the Enhanced Critical Infrastructure Program/Infrastructure Survey Tool produces a vulnerability index (scaled from 0 to 100) that can be used for the vulnerability component of GRiP. We recognize that the values used for risk components can be point estimates and that, in fact, there is uncertainty regarding the exact values of C, V, and T. When we use T = t{sub o} (where t{sub o} is a value of threat in its range), we mean that threat is believed to be in an interval around t{sub o}. Hence, a value of t{sub o} = 0 indicates a 'best estimate' that the threat level is equal to zero, but still allows that it is not impossible for the threat to occur. When t{sub o} = 0 but is potentially small and not exactly zero, there will be little impact on the overall risk value as long as the C and V components are not large. However, when C and/or V have large values, there can be large differences in risk given t{sub o} = 0, and t{sub o} = epsilon (where epsilon is small but greater than a value of zero). We believe this scenario explains the PSA's intuition that risk is not equal to zero when t{sub o} = 0 and C and/or V have large values. (They may also be thinking that if C has an extremely large value, it is unlikely that T is equal to 0; in the terrorist context, T would likely be dependent on C when C is extremely large.) The PSAs are implicitly recognizing the potential that t{sub o} = epsilon. One way to take this possible scenario into account is to replace point estimates for risk with interval values that reflect the uncertainty in the risk components. In fact, one could argue that T never equals zero for a man-made hazard. This

  6. U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.

  7. V-132: IBM Tivoli System Automation Application Manager Multiple

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 2: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security

  8. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  9. T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583)

  10. T-597: WordPress Multiple Security Vulnerabilities

    Broader source: Energy.gov [DOE]

    Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks.

  11. V-105: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    navigation handling. 3) An error in Web Audio can be exploited to cause memory corruption. 4) A use-after-free error exists in SVG animations. 5) An error in Indexed DB can...

  12. V-081: Wireshark Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to...

  13. U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

  14. U-022: Apple QuickTime Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  15. U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  16. Optimization Strategies for the Vulnerability Analysis of the Electric Power Grid

    SciTech Connect (OSTI)

    Pinar, A.; Meza, J.; Donde, V.; Lesieutre, B.

    2007-11-13

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (MINLP) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  17. Optimization strategies for the vulnerability analysis of the electric power grid.

    SciTech Connect (OSTI)

    Meza, Juan C.; Pinar, Ali; Lesieutre, Bernard; Donde, Vaibhav

    2009-03-01

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (minlp) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  18. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2008-12-30

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarán et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

  19. A Climate Change Vulnerability Assessment Report for the National Renewable Energy Laboratory: May 23, 2014 -- June 5, 2015

    SciTech Connect (OSTI)

    Vogel, J.; O'Grady, M.; Renfrow, S.

    2015-09-03

    The U.S. Department of Energy's (DOE's) National Renewable Energy Laboratory (NREL), in Golden, Colorado, focuses on renewable energy and energy efficiency research. Its portfolio includes advancing renewable energy technologies that can help meet the nation's energy and environmental goals. NREL seeks to better understand the potential effects of climate change on the laboratory--and therefore on its mission--to ensure its ongoing success. Planning today for a changing climate can reduce NREL's risks and improve its resiliency to climate-related vulnerabilities. This report presents a vulnerability assessment for NREL. The assessment was conducted in fall 2014 to identify NREL's climate change vulnerabilities and the aspects of NREL's mission or operations that may be affected by a changing climate.

  20. Groundwaters of Florence (Italy): Trace element distribution and vulnerability of the aquifers

    SciTech Connect (OSTI)

    Bencini, A.; Ercolanelli, R.; Sbaragli, A.

    1993-11-01

    Geochemical and hydrogeological research has been carried out in Florence, to evaluate conductivity and main chemistry of groundwaters, the pattern of some possible pollutant chemical species (Fe, Mn, Cr, Cu, Pb, Zn, NO{sub 2}, NO{sub 3}), and the vulnerability of the aquifers. The plain is made up of Plio-Quaternary alluvial and lacustrine sediments for a maximum thickness of 600 m. Silts and clays, sometimes with lenses of sandy gravels, are dominant, while considerable deposits of sands, pebbles, and gravels occur along the course of the Arno river and its tributary streams, and represent the most important aquifer of the plain. Most waters show conductivity values around 1000-1200 {mu}S, and almost all of them have an alkaline-earth-bicarbonate chemical character. In western areas higher salt content of the groundwaters is evident. Heavy metal and NO{sub 2}, NO{sub 3} analyses point out that no important pollution phenomena affect the groundwaters; all mean values are below the maximum admissible concentration (MAC) for drinkable waters. Some anomalies of NO{sub 2}, NO{sub 3}, Fe, Mn, and Zn are present. The most plausible causes can be recognized in losses of the sewage system; use of nitrate compounds in agriculture; oxidation of well pipes. All the observations of Cr, Cu, and Pb are below the MAC; the median values of <3, 3.9, and 1.1 {mu}g/l, respectively, could be considered reference concentrations for groundwaters in calcareous lithotypes, under undisturbed natural conditions. Finally, a map of vulnerability shows that the areas near the Arno river are highly vulnerable, for the minimum thickness (or lacking) of sediments covering the aquifer. On the other hand, in the case of pollution, several factors not considered could significantly increase the self-purification capacity of the aquifer, such asdilution of groundwaters, bacteria oxidation of nitrogenous species, and sorption capacity of clay minerals and organic matter. 31 refs., 6 figs., 5 tabs.

  1. Vulnerability of Karangkates dams area by means of zero crossing analysis of data magnetic

    SciTech Connect (OSTI)

    Sunaryo, E-mail: sunaryo.geofis.ub@gmail.com; Susilo, Adi

    2015-04-24

    Study with entitled Vulnerability Karangkates Dam Area By Means of Zero Crossing Analysis of Data Magnetic has been done. The study was aimed to obtain information on the vulnerability of two parts area of Karangkates dams, i.e. Lahor dam which was inaugurated in 1977 and Sutami dam inaugurated in 1981. Three important things reasons for this study are: 1). The dam age was 36 years old for Lahor dam and 32 years old for Sutami dam, 2). Geologically, the location of the dams are closed together to the Pohgajih local shear fault, Selorejo local fault, and Selorejo limestone-andesite rocks contact plane, and 3). Karangkates dams is one of the important Hydro Power Plant PLTA with the generating power of about 400 million KWH per year from a total of about 29.373MW installed in Indonesia. Geographically, the magnetic data acquisition was conducted at coordinates (112.4149oE;-8.2028oS) to (112.4839oE;-8.0989oS) by using Proton Precession Magnetometer G-856. Magnetic Data acquisition was conducted in the radial direction from the dams with diameter of about 10 km and the distance between the measurements about 500m. The magnetic data acquisition obtained the distribution of total magnetic field value in the range of 45800 nT to 44450 nT. Residual anomalies obtained by doing some corrections, including diurnal correction, International Geomagnetic Reference Field (IGRF) correction, and reductions so carried out the distribution of the total magnetic field value in the range of -650 nT to 700 nT. Based on the residual anomalies, indicate the presence of 2 zones of closed closures dipole pairs at located in the west of the Sutami dam and the northwest of the Lahor dam from 5 total zones. Overlapping on the local geological map indicated the lineament of zero crossing patterns in the contour of residual anomaly contour with the Pohgajih shear fault where located at about 4 km to the west of the Sutami dam approximately and andesite-limestone rocks contact where located at about 6 km to the west of the Lahor dam approximately. These shown a possible of vulnerability on geohazards at the west zone of the Karangkates (Lahor-Sutami) dams area if there are triggers by the vibration (earthquake) on the Pohgajih shear fault, andesite-limestone contact plane, and instability rocks on two zones of closed closure dipole pairs area. Reality, on the location of the study shown some local landslide at the several locations and the main road that need considering for disaster mitigation.

  2. Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling

    SciTech Connect (OSTI)

    McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

    2009-03-26

    Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

  3. V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 0: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities August 29, 2013 - 4:10am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM TRIRIGA Application Platform, which can be exploited by malicious people to conduct cross-site scripting attacks. PLATFORM: IBM TRIRIGA Application Platform 2.x ABSTRACT: The vulnerabilities are

  4. Extended defense systems :I. adversary-defender modeling grammar for vulnerability analysis and threat assessment.

    SciTech Connect (OSTI)

    Merkle, Peter Benedict

    2006-03-01

    Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenarios possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.

  5. Next-generation Algorithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience

    SciTech Connect (OSTI)

    Burchett, Deon L.; Chen, Richard Li-Yang; Phillips, Cynthia A.; Richard, Jean-Philippe

    2015-05-01

    This report summarizes the work performed under the project project Next-Generation Algo- rithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience. The goal of the project was to improve mathematical programming-based optimization technology for in- frastructure protection. In general, the owner of a network wishes to design a network a network that can perform well when certain transportation channels are inhibited (e.g. destroyed) by an adversary. These are typically bi-level problems where the owner designs a system, an adversary optimally attacks it, and then the owner can recover by optimally using the remaining network. This project funded three years of Deon Burchett's graduate research. Deon's graduate advisor, Professor Jean-Philippe Richard, and his Sandia advisors, Richard Chen and Cynthia Phillips, supported Deon on other funds or volunteer time. This report is, therefore. essentially a replication of the Ph.D. dissertation it funded [12] in a format required for project documentation. The thesis had some general polyhedral research. This is the study of the structure of the feasi- ble region of mathematical programs, such as integer programs. For example, an integer program optimizes a linear objective function subject to linear constraints, and (nonlinear) integrality con- straints on the variables. The feasible region without the integrality constraints is a convex polygon. Careful study of additional valid constraints can significantly improve computational performance. Here is the abstract from the dissertation: We perform a polyhedral study of a multi-commodity generalization of variable upper bound flow models. In particular, we establish some relations between facets of single- and multi- commodity models. We then introduce a new family of inequalities, which generalizes traditional flow cover inequalities to the multi-commodity context. We present encouraging numerical results. We also consider the directed edge-failure resilient network design problem (DRNDP). This problem entails the design of a directed multi-commodity flow network that is capable of fulfilling a specified percentage of demands in the event that any G arcs are destroyed, where G is a constant parameter. We present a formulation of DRNDP and solve it in a branch-column-cut framework. We present computational results.

  6. V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities January 15, 2013 -...

  7. Development of a novel technique to assess the vulnerability of micro-mechanical system components to environmentally assisted cracking.

    SciTech Connect (OSTI)

    Enos, David George; Goods, Steven Howard

    2006-11-01

    Microelectromechanical systems (MEMS) will play an important functional role in future DOE weapon and Homeland Security applications. If these emerging technologies are to be applied successfully, it is imperative that the long-term degradation of the materials of construction be understood. Unlike electrical devices, MEMS devices have a mechanical aspect to their function. Some components (e.g., springs) will be subjected to stresses beyond whatever residual stresses exist from fabrication. These stresses, combined with possible abnormal exposure environments (e.g., humidity, contamination), introduce a vulnerability to environmentally assisted cracking (EAC). EAC is manifested as the nucleation and propagation of a stable crack at mechanical loads/stresses far below what would be expected based solely upon the materials mechanical properties. If not addressed, EAC can lead to sudden, catastrophic failure. Considering the materials of construction and the very small feature size, EAC represents a high-risk environmentally induced degradation mode for MEMS devices. Currently, the lack of applicable characterization techniques is preventing the needed vulnerability assessment. The objective of this work is to address this deficiency by developing techniques to detect and quantify EAC in MEMS materials and structures. Such techniques will allow real-time detection of crack initiation and propagation. The information gained will establish the appropriate combinations of environment (defining packaging requirements), local stress levels, and metallurgical factors (composition, grain size and orientation) that must be achieved to prevent EAC.

  8. Integrated Vulnerability and Impacts Assessment for Natural and Engineered Water-Energy Systems in the Southwest and Southern Rocky Mountain Region

    SciTech Connect (OSTI)

    Tidwell, Vincent C.; Wolfsberg, Andrew; Macknick, Jordan; Middleton, Richard

    2015-01-01

    In the Southwest and Southern Rocky Mountains (SWSRM), energy production, energy resource extraction, and other high volume uses depend on water supply from systems that are highly vulnerable to extreme, coupled hydro-ecosystem-climate events including prolonged drought, flooding, degrading snow cover, forest die off, and wildfire. These vulnerabilities, which increase under climate change, present a challenge for energy and resource planners in the region with the highest population growth rate in the nation. Currently, analytical tools are designed to address individual aspects of these regional energy and water vulnerabilities. Further, these tools are not linked, severely limiting the effectiveness of each individual tool. Linking established tools, which have varying degrees of spatial and temporal resolution as well as modeling objectives, and developing next-generation capabilities where needed would provide a unique and replicable platform for regional analyses of climate-water-ecosystem-energy interactions, while leveraging prior investments and current expertise (both within DOE and across other Federal agencies).

  9. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

    Broader source: Energy.gov [DOE]

    BlackBerry advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

  10. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    SciTech Connect (OSTI)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grasses (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.

  11. Hawaii Energy Strategy: Program guide. [Contains special sections on analytical energy forecasting, renewable energy resource assessment, demand-side energy management, energy vulnerability assessment, and energy strategy integration

    SciTech Connect (OSTI)

    Not Available

    1992-09-01

    The Hawaii Energy Strategy program, or HES, is a set of seven projects which will produce an integrated energy strategy for the State of Hawaii. It will include a comprehensive energy vulnerability assessment with recommended courses of action to decrease Hawaii's energy vulnerability and to better prepare for an effective response to any energy emergency or supply disruption. The seven projects are designed to increase understanding of Hawaii's energy situation and to produce recommendations to achieve the State energy objectives of: Dependable, efficient, and economical state-wide energy systems capable of supporting the needs of the people, and increased energy self-sufficiency. The seven projects under the Hawaii Energy Strategy program include: Project 1: Develop Analytical Energy Forecasting Model for the State of Hawaii. Project 2: Fossil Energy Review and Analysis. Project 3: Renewable Energy Resource Assessment and Development Program. Project 4: Demand-Side Management Program. Project 5: Transportation Energy Strategy. Project 6: Energy Vulnerability Assessment Report and Contingency Planning. Project 7: Energy Strategy Integration and Evaluation System.

  12. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grassesmore » (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.« less

  13. Cognitive decision errors and organization vulnerabilities in nuclear power plant safety management: Modeling using the TOGA meta-theory framework

    SciTech Connect (OSTI)

    Cappelli, M.; Gadomski, A. M.; Sepiellis, M.; Wronikowska, M. W.

    2012-07-01

    In the field of nuclear power plant (NPP) safety modeling, the perception of the role of socio-cognitive engineering (SCE) is continuously increasing. Today, the focus is especially on the identification of human and organization decisional errors caused by operators and managers under high-risk conditions, as evident by analyzing reports on nuclear incidents occurred in the past. At present, the engineering and social safety requirements need to enlarge their domain of interest in such a way to include all possible losses generating events that could be the consequences of an abnormal state of a NPP. Socio-cognitive modeling of Integrated Nuclear Safety Management (INSM) using the TOGA meta-theory has been discussed during the ICCAP 2011 Conference. In this paper, more detailed aspects of the cognitive decision-making and its possible human errors and organizational vulnerability are presented. The formal TOGA-based network model for cognitive decision-making enables to indicate and analyze nodes and arcs in which plant operators and managers errors may appear. The TOGA's multi-level IPK (Information, Preferences, Knowledge) model of abstract intelligent agents (AIAs) is applied. In the NPP context, super-safety approach is also discussed, by taking under consideration unexpected events and managing them from a systemic perspective. As the nature of human errors depends on the specific properties of the decision-maker and the decisional context of operation, a classification of decision-making using IPK is suggested. Several types of initial situations of decision-making useful for the diagnosis of NPP operators and managers errors are considered. The developed models can be used as a basis for applications to NPP educational or engineering simulators to be used for training the NPP executive staff. (authors)

  14. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... SCADA Images Since 1999, Sandia has conducted numerous assessments of SCADA and process control systems in hydroelectric dams; water treatment systems; electric power transmission, ...

  15. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... unauthorized DER connection or operational settings changes, maliciously using demand-response capabilities, gaining unauthorized access to cloud-based PMU information to ...

  16. Nuclear Fuel Cycle & Vulnerabilities

    SciTech Connect (OSTI)

    Boyer, Brian D.

    2012-06-18

    The objective of safeguards is the timely detection of diversion of significant quantities of nuclear material from peaceful nuclear activities to the manufacture of nuclear weapons or of other nuclear explosive devices or for purposes unknown, and deterrence of such diversion by the risk of early detection. The safeguards system should be designed to provide credible assurances that there has been no diversion of declared nuclear material and no undeclared nuclear material and activities.

  17. U-277: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were...

  18. V-145: IBM Tivoli Federated Identity Manager Products Java Multiple

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 45: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 - 12:09am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities PLATFORM: IBM Tivoli Federated Identity Manager versions 6.1, 6.2.0, 6.2.1, and 6.2.2. IBM Tivoli Federated Identity Manager Business Gateway versions 6.1.1, 6.2.0, 6.2.1

  19. T-697: Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities

    Broader source: Energy.gov [DOE]

    Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible.

  20. Approach for assessing coastal vulnerability to oil spills for prevention and readiness using GIS and the Blowout and Spill Occurrence Model

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Nelson, J. R.; Grubesic, T. H.; Sim, L.; Rose, K.; Graham, J.

    2015-08-01

    Increasing interest in offshore hydrocarbon exploration has pushed the operational fronts associated with exploration efforts further offshore into deeper waters and more uncertain subsurface settings. This has become particularly common in the U.S. Gulf of Mexico. In this study we develop a spatial vulnerability approach and example assessment to support future spill prevention and improve future response readiness. This effort, which is part of a larger integrated assessment modeling spill prevention effort, incorporated economic and environmental data, and utilized a novel new oil spill simulation model from the U.S. Department of Energy’s National Energy Technology Laboratory, the Blowout and Spillmore » Occurrence Model (BLOSOM). Specifically, this study demonstrated a novel approach to evaluate potential impacts of hypothetical spill simulations at varying depths and locations in the northern Gulf of Mexico. The simulations are analyzed to assess spatial and temporal trends associated with the oil spill. The approach itself demonstrates how these data, tools and techniques can be used to evaluate potential spatial vulnerability of Gulf communities for various spill scenarios. Results of the hypothetical scenarios evaluated in this study suggest that under conditions like those simulated, a strong westward push by ocean currents and tides may increase the impacts of deep water spills along the Texas coastline, amplifying the vulnerability of communities on the local barrier islands. Ultimately, this approach can be used further to assess a range of conditions and scenarios to better understand potential risks and improve informed decision making for operators, responders, and stakeholders to support spill prevention as well as response readiness.« less

  1. Approach for assessing coastal vulnerability to oil spills for prevention and readiness using GIS and the Blowout and Spill Occurrence Model

    SciTech Connect (OSTI)

    Nelson, J. R.; Grubesic, T. H.; Sim, L.; Rose, K.; Graham, J.

    2015-08-01

    Increasing interest in offshore hydrocarbon exploration has pushed the operational fronts associated with exploration efforts further offshore into deeper waters and more uncertain subsurface settings. This has become particularly common in the U.S. Gulf of Mexico. In this study we develop a spatial vulnerability approach and example assessment to support future spill prevention and improve future response readiness. This effort, which is part of a larger integrated assessment modeling spill prevention effort, incorporated economic and environmental data, and utilized a novel new oil spill simulation model from the U.S. Department of Energy’s National Energy Technology Laboratory, the Blowout and Spill Occurrence Model (BLOSOM). Specifically, this study demonstrated a novel approach to evaluate potential impacts of hypothetical spill simulations at varying depths and locations in the northern Gulf of Mexico. The simulations are analyzed to assess spatial and temporal trends associated with the oil spill. The approach itself demonstrates how these data, tools and techniques can be used to evaluate potential spatial vulnerability of Gulf communities for various spill scenarios. Results of the hypothetical scenarios evaluated in this study suggest that under conditions like those simulated, a strong westward push by ocean currents and tides may increase the impacts of deep water spills along the Texas coastline, amplifying the vulnerability of communities on the local barrier islands. Ultimately, this approach can be used further to assess a range of conditions and scenarios to better understand potential risks and improve informed decision making for operators, responders, and stakeholders to support spill prevention as well as response readiness.

  2. Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 2, Working Group Assessment Team reports; Vulnerability development forms; Working group documents

    SciTech Connect (OSTI)

    Not Available

    1993-11-01

    The Secretary of Energy`s memorandum of August 19, 1993, established an initiative for a Department-wide assessment of the vulnerabilities of stored spent nuclear fuel and other reactor irradiated nuclear materials. A Project Plan to accomplish this study was issued on September 20, 1993 by US Department of Energy, Office of Environment, Health and Safety (EH) which established responsibilities for personnel essential to the study. The DOE Spent Fuel Working Group, which was formed for this purpose and produced the Project Plan, will manage the assessment and produce a report for the Secretary by November 20, 1993. This report was prepared by the Working Group Assessment Team assigned to the Hanford Site facilities. Results contained in this report will be reviewed, along with similar reports from all other selected DOE storage sites, by a working group review panel which will assemble the final summary report to the Secretary on spent nuclear fuel storage inventory and vulnerability.

  3. U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  4. U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  5. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.

  6. Plutonium working group report on environmental, safety and health vulnerabilities associated with the department`s plutonium storage. Volume II, Appendix B, Part 9: Oak Ridge site site team report

    SciTech Connect (OSTI)

    1994-09-01

    This report provides the input to and results of the Department of Energy (DOE) - Oak Ridge Operations (ORO) DOE Plutonium Environment, Safety and Health (ES & H) Vulnerability Assessment (VA) self-assessment performed by the Site Assessment Team (SAT) for the Oak Ridge National Laboratory (ORNL or X-10) and the Oak Ridge Y-12 Plant (Y-12) sites that are managed by Martin Marietta Energy Systems, Inc. (MMES). As initiated (March 15, 1994) by the Secretary of Energy, the objective of the VA is to identify and rank-order DOE-ES&H vulnerabilities associated for the purpose of decision making on the interim safe management and ultimate disposition of fissile materials. This assessment is directed at plutonium and other co-located transuranics in various forms.

  7. Vulnerability to closing of Hormuz

    SciTech Connect (OSTI)

    Not Available

    1984-03-07

    Tankers carrying roughly 8-million barrels per day (mmb/d) of crude oil, or some 16% of the non-communist world's oil supply, pass through the Strait of Hormuz. Experts agree that just 3-mmb/d of that could be exported through alternate routes. If the war between Iran and Iraq should result in their completely halting each other's production, this relatively limited supply curtailment would reduce world oil production by over 3.4-mmb/d. Since the two have not caused such mutual disaster during four years of war, many observers believe there has been a deliberate avoidance of the jugular squeeze. Nevertheless, the two combatants appear capable not only of cutting off their oil production, but escalating fighting to the point where Gulf traffic would be impeded. Potential results from a prolonged Iran-Iraq crisis are viewed in three scenarios. Also included in this issue are brief summaries of: (1) Mexico's new energy plan, internationalism, and OPEC; (2) update on Argentina's energy resource developments; (3) Venezuela: belt tightening; (4) Western Hemisphere oil production declines; (5) (6) days of oil supply for Canada, USA, Japan, France, Italy, and UK; and (6) US Department of Defense fuel consumption. The Energy Detente fuel price/tax series and principal industrial fuel prices are included for March for countries of the Eastern Hemisphere.

  8. FUEL CASK IMPACT LIMITER VULNERABILITIES

    SciTech Connect (OSTI)

    Leduc, D; Jeffery England, J; Roy Rothermel, R

    2009-02-09

    Cylindrical fuel casks often have impact limiters surrounding just the ends of the cask shaft in a typical 'dumbbell' arrangement. The primary purpose of these impact limiters is to absorb energy to reduce loads on the cask structure during impacts associated with a severe accident. Impact limiters are also credited in many packages with protecting closure seals and maintaining lower peak temperatures during fire events. For this credit to be taken in safety analyses, the impact limiter attachment system must be shown to retain the impact limiter following Normal Conditions of Transport (NCT) and Hypothetical Accident Conditions (HAC) impacts. Large casks are often certified by analysis only because of the costs associated with testing. Therefore, some cask impact limiter attachment systems have not been tested in real impacts. A recent structural analysis of the T-3 Spent Fuel Containment Cask found problems with the design of the impact limiter attachment system. Assumptions in the original Safety Analysis for Packaging (SARP) concerning the loading in the attachment bolts were found to be inaccurate in certain drop orientations. This paper documents the lessons learned and their applicability to impact limiter attachment system designs.

  9. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Multiple Cisco WebEx Player Vulnerabilities. PLATFORM: Cisco WebEx recording players. Microsoft Windows, Apple Mac OS X, and Linux versions of the player are all affected....

  10. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  11. Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 3, Site team reports

    SciTech Connect (OSTI)

    Not Available

    1993-11-01

    A self assessment was conducted of those Hanford facilities that are utilized to store Reactor Irradiated Nuclear Material, (RINM). The objective of the assessment is to identify the Hanford inventories of RINM and the ES & H concerns associated with such storage. The assessment was performed as proscribed by the Project Plan issued by the DOE Spent Fuel Working Group. The Project Plan is the plan of execution intended to complete the Secretary`s request for information relevant to the inventories and vulnerabilities of DOE storage of spent nuclear fuel. The Hanford RINM inventory, the facilities involved and the nature of the fuel stored are summarized. This table succinctly reveals the variety of the Hanford facilities involved, the variety of the types of RINM involved, and the wide range of the quantities of material involved in Hanford`s RINM storage circumstances. ES & H concerns are defined as those circumstances that have the potential, now or in the future, to lead to a criticality event, to a worker radiation exposure event, to an environmental release event, or to public announcements of such circumstances and the sensationalized reporting of the inherent risks.

  12. U-176: Wireshark Multiple Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  13. Vulnerability Analysis of Energy Delivery Control Systems

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    its endorsement, recommendation, or favoring by the ... to manipulate or disrupt system operations. iii The ... and proposes a metrics-based approach to evaluate the ...

  14. Introduction to SCADA Protection and Vulnerabilities

    SciTech Connect (OSTI)

    Ken Barnes; Briam Johnson; Reva Nickelson

    2004-03-01

    Even though deregulation has changed the landscape of the electric utility industry to some extent, a typical large electric utility still owns power generation facilities, power transmission and distribution lines, and substations. Transmission and distribution lines form the segments or spokes of a utility’s grid. Power flow may change through these lines, but control of the system occurs at the nodes of the grid, the generation facilities, and substations. This section discusses each of these node types in more detail as well as how each is controlled.

  15. Energy Department Issues Tribal Energy System Vulnerabilities...

    Broader source: Energy.gov (indexed) [DOE]

    202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy issued a report today showing that threats to tribal energy infrastructure are expected to increase as climate change ...

  16. Protection of Use Control Vulnerabilities and Design

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-03-11

    This manual establishes a general process and provides direction for controlling access to and disseminating Sigma 14 and 15 nuclear weapon data (NWD) at the Department of Energy (DOE). It supplements DOE O 452.4A, Security and Control of Nuclear Explosives and Nuclear Weapons, dated 12-17-01, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and nuclear weapons. Cancels DOE M 452.4-1. Canceled by DOE O 452.7, 5-14-2010

  17. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-07-01

    This Manual establishes a general process and provides direction for controlling access and dissemination of Sigma 14 and 15 Weapon Data at the Department of Energy (DOE). It supplements DOE O 452.4, SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND NUCLEAR WEAPONS, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and U.S. nuclear weapons. Canceled by DOE M 452.4-1A. Does not cancel other directives.

  18. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    .......................... 1 Figure 2. Climate change implications for the energy sector ..................................................................................................................... 4 Figure 3. Rate of warming in the United States by region, 1901-2011 .................................................................................................... 8 Figure 4. Wildfire disrupting electricity transmission

  19. Vulnerability and Mitigation Studies for Infrastructure

    SciTech Connect (OSTI)

    Glascoe, L; Noble, C; Morris, J

    2007-08-02

    The summary of this presentation is that: (1) We do end-to-end systems analysis for infrastructure protection; (2) LLNL brings interdisciplinary subject matter expertise to infrastructure and explosive analysis; (3) LLNL brings high-fidelity modeling capabilities to infrastructure analysis for use on high performance platforms; and (4) LLNL analysis of infrastructure provides information that customers and stakeholders act on.

  20. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    This is because of the region's unique topographic, oceanographic, geologic, and demographic factors. In addition, hurricanes become more dangerous as they increase their...

  1. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    .......................... 1 Figure 2. Climate change implications for the energy sector ..................................................................................................................... 4 Figure 3. Rate of warming in the United States by region, 1901-2011 .................................................................................................... 8 Figure 4. Wildfire disrupting electricity transmission

  2. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... in weather in the US." American Economic Journal: ... Development, and Environmental and Public Health Risks. ... Longview News-Journal. July 27, 2011. Groisman, P.Y., ...

  3. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-05-14

    The order establishes the policy, process and procedures for control of sensitive use control information in nuclear weapon data (NWD) categories Sigma 14 and Sigma 15 to ensure that dissemination of the information must be restricted to individuals with valid need to know. Supersedes DOE M 452.4-1A

  4. V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected

  5. JC3 Bulletin Archive | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    Service A vulnerability was reported in McAfee Email Gateway. August 22, 2013 V-224: Google Chrome Multiple Vulnerabilities Multiple vulnerabilities have been reported in Google...

  6. V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2044373) Addthis Related Articles U-128: VMware ESXESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges T-552: Cisco Nexus 1000V...

  7. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC)

  8. T-619: Skype for Mac Message Processing Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A remote user can send a specially crafted message to a Skype user to execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

  9. Locating Climate Insecurity: Where Are the Most Vulnerable Places...

    Open Energy Info (EERE)

    in Africa? AgencyCompany Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.o...

  10. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Retrieved from "http:en.openei.orgwindex.php?titleAFTERAFrameworkforelectricalpowersysTemsvulnerabilityidentification,dEfenseandRestoration(SmartGridProject)(...

  11. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Retrieved from "http:en.openei.orgwindex.php?titleAFTERAFrameworkforelectricalpowersysTemsvulnerabilityidentification,dEfenseandRestoration(SmartGridProject)&o...

  12. U-109: Bugzilla Cross-Site Request Forgery Vulnerability

    Broader source: Energy.gov [DOE]

    The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change certain bug data or execute certain administrative tasks by tricking a logged in user into visiting a malicious web site.

  13. U-151: Bugzilla Cross-Site Request Forgery Vulnerability

    Broader source: Energy.gov [DOE]

    The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

  14. T-547: Microsoft Windows Human Interface Device (HID) Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a Smartphone that the user connected to the computer.

  15. A Climate Change Vulnerability Assessment Report for the National...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... This robust, recurring pattern of ocean-atmosphere climate variability is centered over the midlatitude Pacific basin. * The Atlantic Multidecadal Oscillation. This ocean current ...

  16. U-183: ISC BIND DNS Resource Records Handling Vulnerability

    Broader source: Energy.gov [DOE]

    This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields.

  17. V-062: Asterisk Two Denial of Service Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    user can also exploit this via HTTP and XMPP. IMPACT: An error when handling TCP sessions can be exploited to cause a stack overflow and crash the service. An error...

  18. U-117: Potential security vulnerability has been identified with...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. reference LINKS: Vendor Advisory...

  19. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    or usefulness of any information, apparatus, product, or ... DOEIE-xxxx * September 2015 Cover photos Background: ... Figure 2-4. Most major electricity generation, ...

  20. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    and contingency planning of the energy grids and energy plants considering also the ICT systems used in protection and control. Main addressed problems concern high impact,...

  1. T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability

    Broader source: Energy.gov [DOE]

    It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code).

  2. Power System Extreme Event Detection: The VulnerabilityFrontier

    SciTech Connect (OSTI)

    Lesieutre, Bernard C.; Pinar, Ali; Roy, Sandip

    2007-10-17

    In this work we apply graph theoretic tools to provide aclose bound on a frontier relating the number of line outages in a gridto the power disrupted by the outages. This frontier describes theboundary of a space relating the possible severity of a disturbance interms of power disruption, from zero to some maximum on the boundary, tothe number line outages involved in the event. We present the usefulnessof this analysis with a complete analysis of a 30 bus system, and presentresults for larger systems.

  3. Reducing the Vulnerability of Electric Power Grids to Terrorist Attacks

    SciTech Connect (OSTI)

    Ross Baldick; Thekla Boutsika; Jin Hur; Manho Joung; Yin Wu; Minqi Zhong

    2009-01-31

    This report describes the development of a cascading outage analyzer that, given an initial disturbance on an electric power system, checks for thermal overloads, under-frequency and over-frequency conditions, and under-voltage conditions that would result in removal of elements from the system. The analyzer simulates the successive tripping of elements due to protective actions until a post-event steady state or a system blackout is reached.

  4. V-215: NetworkMiner Directory Traversal and Insecure Library...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis Related Articles U-198: IBM Lotus Expeditor Multiple Vulnerabilities U-146: Adobe ReaderAcrobat Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple...

  5. U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system

  6. U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact

    Broader source: Energy.gov [DOE]

    A number of security vulnerabilities have been identified in the management web interface of Citrix XenServer Web Self Service.

  7. V-122: IBM Tivoli Application Dependency Discovery Manager Java...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities T-694: IBM Tivoli Federated Identity...

  8. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    "blue screen of death" after installation. April 12, 2013 V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities Multiple security vulnerabilities exist...

  9. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    "blue screen of death" after installation. April 12, 2013 V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities Multiple security vulnerabilities exist...

  10. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ESX and ESXi March 29, 2013 V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities Multiple security vulnerabilities exist in the Java Runtime...

  11. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ESX and ESXi March 29, 2013 V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities Multiple security vulnerabilities exist in the Java Runtime...

  12. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    16, 2013 V-157: Adobe Reader Acrobat Multiple Vulnerabilities These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of...

  13. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    have been reported in Puppet Puppet Multiple Vulnerabilities March 13, 2013 V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code Several vulnerabilities were...

  14. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    have been reported in Puppet Puppet Multiple Vulnerabilities March 13, 2013 V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code Several vulnerabilities were...

  15. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    16, 2013 V-157: Adobe Reader Acrobat Multiple Vulnerabilities These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of...

  16. V-186: Drupal Login Security Module Security Bypass and Denial...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability ... Related Articles U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass ...

  17. Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems

    SciTech Connect (OSTI)

    Abercrombie, Robert K; Sheldon, Federick T.; Schlicher, Bob G

    2015-01-01

    There are many influencing economic factors to weigh from the defender-practitioner stakeholder point-of-view that involve cost combined with development/deployment models. Some examples include the cost of countermeasures themselves, the cost of training and the cost of maintenance. Meanwhile, we must better anticipate the total cost from a compromise. The return on investment in countermeasures is essentially impact costs (i.e., the costs from violating availability, integrity and confidentiality / privacy requirements). The natural question arises about choosing the main risks that must be mitigated/controlled and monitored in deciding where to focus security investments. To answer this question, we have investigated the cost/benefits to the attacker/defender to better estimate risk exposure. In doing so, it s important to develop a sound basis for estimating the factors that derive risk exposure, such as likelihood that a threat will emerge and whether it will be thwarted. This impact assessment framework can provide key information for ranking cybersecurity threats and managing risk.

  18. A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer

    Broader source: Energy.gov [DOE]

    NNSA assisted in reclaiming highly enriched uranium from the Ukraine to a secure facility in Russia.

  19. Vulnerability reduction study. Coal and synthetics (Section III a). Technical Appendix

    SciTech Connect (OSTI)

    Not Available

    1980-08-01

    This Appendix supports and explains key statements made in the chapter on Coal and Synthetics. The reader will find information and documentation on points that lend themselves to quantification. Evidence is presented that coal supply will not be constrained by production or transportation factors through the 1980s. Any program to increase the direct use of coal in the industrial sector must take into account a number of identifiable difficulties. A deployment schedule for 10 oil shale projects has been developed by the Office of Technology Assessment. This schedule, if adhered to, would result in an initial deployment of an oil shale industry of 400,000 bpd oil equivalent by 1990. In addition, the Appendix provides descriptions of those major elements of Federal legislation that bear directly on coal, notably portions of the Powerplant and Industrial Fuel Use Act of 1978, the Energy Tax Act of 1978, the Energy Security Act of 1980, and the Clean Air Act.

  20. U.S. Energy Sector Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    This report-part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic...

  1. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Broader source: Energy.gov (indexed) [DOE]

    it in a modern browser. This report examines the current and potential future impacts of climate change and extreme weather on the U.S. energy sector at the regional level. It...

  2. U-117: Potential security vulnerability has been identified with certain HP printers and HP digital senders

    Broader source: Energy.gov [DOE]

    Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

  3. Northeast Climate Science Center: Transposing Extreme Rainfall to Assess Climate Vulnerability

    Broader source: Energy.gov [DOE]

    Climate models predict significant increases in the magnitude and frequency of extreme rainfalls.  However, climate model projections of precipitation vary greatly across models.  For communities...

  4. T-529: Apple Mac OS PackageKit Distribution Script Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A format string issue exists in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts. This issue does not affect systems prior to Mac OS X v10.6.

  5. Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006)

    Broader source: Energy.gov [DOE]

    This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks. Each organization decides for itself the...

  6. U-188: MySQL User Login Security Bypass and Unspecified Vulnerability

    Broader source: Energy.gov [DOE]

    An error when verifying authentication attempts can be exploited to bypass the authentication mechanism.

  7. U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability

    Broader source: Energy.gov [DOE]

    If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password.

  8. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions

    Broader source: Energy.gov [DOE]

    This report examines current and potential future impacts of these climate trends on the U.S. energy sector by region, and explores possible resilience solutions.

  9. V-039: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability

    Broader source: Energy.gov [DOE]

    Samsung has issued a security advisory and an optional firmware update for all current Samsung networked laser printers and multifunction devices to enhance Simple Network Management Protocol (SNMP) security.

  10. Secretary Moniz's Remarks at the QER Stakeholders Meeting, Infrastructure Resilience and Vulnerabilities

    Broader source: Energy.gov [DOE]

    Secretary Ernest Moniz joins Dr. John P. Holdren, Assistant to the President for Science and Technology, and Representative Henry Waxman for the first Quadrennial Energy Review (QER) public meeting.

  11. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... 3: 749-754. http:www.nature.comnclimatejournalv3n8fullnclimate1890.html. ... private and public infrastructure, ... take steps to help American communities ...

  12. U-062: Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.

  13. Northeast Climate Science Center Webinar- Making Decision in Complex Landscapes: Headwater Stream Management Across Multiple Agencies Using Structured Decision Making

    Broader source: Energy.gov [DOE]

    There is growing evidence that headwater stream ecosystems are vulnerable to changing climate and land use, but their conservation is challenged by the need to address the threats at a landscape...

  14. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 2: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December 21, 2012 - 12:15am Addthis PROBLEM: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities PLATFORM: Drupal 6.x versions prior to 6.27 Drupal 7.x versions prior to 7.18 ABSTRACT: Drupal Core Multiple vulnerabilities REFERENCE LINKS: SA-CORE-2012-004 - Drupal core

  15. U-116: IBM Tivoli Provisioning Manager Express for Software Distributi...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    for the affected ActiveX control Addthis Related Articles V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-094: IBM Multiple Products Multiple...

  16. Multiplicity Counting

    SciTech Connect (OSTI)

    Geist, William H.

    2015-12-01

    This set of slides begins by giving background and a review of neutron counting; three attributes of a verification item are discussed: 240Pueff mass; α, the ratio of (α,n) neutrons to spontaneous fission neutrons; and leakage multiplication. It then takes up neutron detector systems – theory & concepts (coincidence counting, moderation, die-away time); detector systems – some important details (deadtime, corrections); introduction to multiplicity counting; multiplicity electronics and example distributions; singles, doubles, and triples from measured multiplicity distributions; and the point model: multiplicity mathematics.

  17. U-009:Microsoft Security Bulletin Summary for October 2011

    Broader source: Energy.gov [DOE]

    Microsoft released 8 bulletins to address vulnerabilities. This Microsoft bulletin contains 2 critical vulnerabilities.

  18. V-201: Cisco Intrusion Prevention System SSP Fragmented Traffic...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-201: Cisco Intrusion Prevention System SSP Fragmented Traffic Denial of Service ... Adapters Interface Processor Vulnerability V-135: Cisco ASA Multiple Bugs Let Remote ...

  19. U-087: HP-UX update for Java

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information.

  20. U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.

  1. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    were reported in HP Service Manager April 30, 2013 V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities IBM Tivoli Federated Identity Manager...

  2. T-686: IBM Tivoli Integrated Portal Java Double Literal Denial...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    this November 2011 IBM Downloads Addthis Related Articles V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities T-694: IBM Tivoli Federated Identity...

  3. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    were reported in HP Service Manager April 30, 2013 V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities IBM Tivoli Federated Identity Manager...

  4. U-105:Oracle Java SE Critical Patch Update Advisory

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

  5. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code Apple QuickTime Multiple Vulnerabilities May 24, 2013 V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass The...

  6. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code Apple QuickTime Multiple Vulnerabilities May 24, 2013 V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass The...

  7. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    have been reported in Apache HTTP Server July 29, 2013 V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities The weakness and the...

  8. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    have been reported in Apache HTTP Server July 29, 2013 V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities The weakness and the...

  9. Illicit Trafficking in Radiological and Nuclear Materials. Lack of Regulations and Attainable Disposal for Radioactive Materials Make Them More Vulnerable than Nuclear Materials

    SciTech Connect (OSTI)

    Balatsky, G.I.; Severe, W.R.; Leonard, L.

    2007-07-01

    Illicit trafficking in nuclear and radioactive materials is far from a new issue. Reports of nuclear materials offered for sale as well as mythical materials such as red mercury date back to the 1960's. While such reports were primarily scams, it illustrates the fact that from an early date there were criminal elements willing to sell nuclear materials, albeit mythical ones, to turn a quick profit. In that same time frame, information related to lost and abandoned radioactive sources began to be reported. Unlike reports on nuclear material of that era, these reports on abandoned sources were based in fact - occasionally associated with resulting injury and death. With the collapse of the Former Soviet Union, illicit trafficking turned from a relatively unnoticed issue to one of global concern. Reports of unsecured nuclear and radiological material in the states of the Former Soviet Union, along with actual seizures of such material in transit, gave the clear message that illicit trafficking was now a real and urgent problem. In 1995, the IAEA established an Illicit Trafficking Data Base to keep track of confirmed instances. Illicit Trafficking is deemed to include not only radioactive materials that have been offered for sale or crossed international boarders, but also such materials that are no longer under appropriate regulatory control. As an outcome of 9/11, the United States took a closer look at illicit nuclear trafficking as well as a reassessment of the safety and security of nuclear and other radioactive materials both in the United States and Globally. This reassessment launched heightened controls and security domestically and increased our efforts internationally to prevent illicit nuclear trafficking. This reassessment also brought about the Global Threat Reduction Initiative which aims to further reduce the threats of weapons usable nuclear materials as well those of radioactive sealed sources. This paper will focus on the issues related to a subset of the materials involved in illicit trafficking in nuclear and radioactive materials, that of radioactive sealed sources. The focus on radioactive sealed sources is based on our belief that insufficient attention has been paid to trafficking incidents involving such sources which constitute the majority of trafficking cases. According to the IAEA's Illicit Trafficking Data Base, as of December 31 2005 there were 827 confirmed cases reporting by the participating states, including 250 incidents (or 30%) involved nuclear and other radioactive materials and 566 (or 68%) involved other radioactive materials, mostly radioactive sources, and radioactively contaminated materials. Experts in the Lugar Survey on Proliferation Threat and Response (June 2005) agreed that an attack with a Radiological Dispersion Device (RDD) was the most probable form of nuclear terrorism the world could expect over the next decade. At the same time radiological materials are used in wide a variety of applications, located in virtually every country and in general, radiological materials are far easier to access than nuclear materials. It has become increasingly obvious that the lack of a cradle-to-grave approach for sealed radioactive sources that have reached the end of their useful life is the main reason that sources are abandoned. It appears that the questions will ultimately become whether industry will impose additional regulations upon itself and become self-regulating with respect to repatriating radioactive material at the end of service life, or whether national authorities at some point will take actions and regulate the industry. Argentina, which is one of the most advanced countries regarding control of radiological sources adopted additional measures to safeguard its radiological materials to a level comparable to that proscribed for nuclear materials. This approach, while highly successful, has led to some minor unforeseen consequences, namely insufficient funds to implement all regulations in full and a lack of inspectors and appropriate equipment to assure compliance This

  10. Antioch University and EPA Webinar: Assessing Vulnerability of Water Conveyance Infrastructure from a Changing Climate in the Context of a Changing Landscape

    Broader source: Energy.gov [DOE]

    Presenter: Michael Simpson, Co-Director, Antioch Center for Climate Preparedness and Community Resilience; Chair, Department of Environmental Studies

  11. U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems.

  12. Multiple density layered insulator

    DOE Patents [OSTI]

    Alger, T.W.

    1994-09-06

    A multiple density layered insulator for use with a laser is disclosed which provides at least two different insulation materials for a laser discharge tube, where the two insulation materials have different thermoconductivities. The multiple layer insulation materials provide for improved thermoconductivity capability for improved laser operation. 4 figs.

  13. Multiple density layered insulator

    DOE Patents [OSTI]

    Alger, Terry W. (Tracy, CA)

    1994-01-01

    A multiple density layered insulator for use with a laser is disclosed wh provides at least two different insulation materials for a laser discharge tube, where the two insulation materials have different thermoconductivities. The multiple layer insulation materials provide for improved thermoconductivity capability for improved laser operation.

  14. Photovoltaics: Separating Multiple Excitons

    SciTech Connect (OSTI)

    Nozik, A. J.

    2012-05-01

    Scientists have demonstrated an efficient process for generating multiple excitons in adjacent silicon nanocrystals from a single high-energy photon. Their findings could prove useful for a wide range of photovoltaic applications.

  15. V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain ... AnyConnect VPN Client Two Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws ...

  16. V-229: IBM Lotus iNotes Input Validation Flaws Permit Cross-Site...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-229: IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks August ... Addthis Related Articles V-211: IBM iNotes Multiple Vulnerabilities U-198: IBM Lotus ...

  17. T-537: Oracle Critical Patch Update Advisory- January 2011

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative.

  18. T-605: Oracle Critical Patch Update Advisory- April 2011

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative.

  19. T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases.

  20. Multiple stage multiple filter hydrate store

    DOE Patents [OSTI]

    Bjorkman, H.K. Jr.

    1983-05-31

    An improved hydrate store for a metal halogen battery system is disclosed which employs a multiple stage, multiple filter means for separating the halogen hydrate from the liquid used in forming the hydrate. The filter means is constructed in the form of three separate sections which combine to substantially cover the interior surface of the store container. Exit conduit means is provided in association with the filter means for transmitting liquid passing through the filter means to a hydrate former subsystem. The hydrate former subsystem combines the halogen gas generated during the charging of the battery system with the liquid to form the hydrate in association with the store. Relief valve means is interposed in the exit conduit means for controlling the operation of the separate sections of the filter means, such that the liquid flow through the exit conduit means from each of the separate sections is controlled in a predetermined sequence. The three separate sections of the filter means operate in three discrete stages to provide a substantially uniform liquid flow to the hydrate former subsystem during the charging of the battery system. The separation of the liquid from the hydrate causes an increase in the density of the hydrate by concentrating the hydrate along the filter means. 7 figs.

  1. Multiple stage multiple filter hydrate store

    DOE Patents [OSTI]

    Bjorkman, Jr., Harry K.

    1983-05-31

    An improved hydrate store for a metal halogen battery system is disclosed which employs a multiple stage, multiple filter means or separating the halogen hydrate from the liquid used in forming the hydrate. The filter means is constructed in the form of three separate sections which combine to substantially cover the interior surface of the store container. Exit conduit means is provided in association with the filter means for transmitting liquid passing through the filter means to a hydrate former subsystem. The hydrate former subsystem combines the halogen gas generated during the charging of the battery system with the liquid to form the hydrate in association with the store. Relief valve means is interposed in the exit conduit means for controlling the operation of the separate sections of the filter means, such that the liquid flow through the exit conduit means from each of the separate sections is controlled in a predetermined sequence. The three separate sections of the filter means operate in three discrete stages to provide a substantially uniform liquid flow to the hydrate former subsystem during the charging of the battery system. The separation of the liquid from the hydrate causes an increase in the density of the hydrate by concentrating the hydrate along the filter means.

  2. Comparison with Carrier Multiplication

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Complete Theory of Down-Conversion, and a Comparison with Carrier Multiplication 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 22 24 26 28 30 32 34 Measured Quantum Efficiency (QE) Efficiency [%] with Down-Conversion Single- Junction Threshold Solar Cell 1 2 3 4 5 6 7 8 9 10 20 30 40 50 60 70 80 90 Peak Efficiency [%] Splitting Multiplicity (M) C=max C=1000 C=100 C=1 C=10 Down Conversion Carrier Multiplication Ze'ev R. Abrams, Avi Niv, Majid Gharghi, Chris Gladden & Xiang Zhang Materials Science

  3. Multiple sort flow cytometer

    DOE Patents [OSTI]

    Engh, G. van den; Esposito, R.J.

    1996-01-09

    A flow cytometer utilizes multiple lasers for excitation and respective fluorescence of identified dyes bonded to specific cells or events to identify and verify multiple events to be sorted from a sheath flow and droplet stream. Once identified, verified and timed in the sheath flow, each event is independently tagged upon separation from the flow by an electrical charge of +60, +120, or +180 volts and passed through oppositely charged deflection plates with ground planes to yield a focused six way deflection of at least six events in a narrow plane. 8 figs.

  4. Multiple sort flow cytometer

    DOE Patents [OSTI]

    Van den Engh, Ger (Seattle, WA); Esposito, Richard J. (Seattle, WA)

    1996-01-01

    A flow cytometer utilizes multiple lasers for excitation and respective fluorescence of identified dyes bonded to specific cells or events to identify and verify multiple events to be sorted from a sheath flow and droplet stream. Once identified, verified and timed in the sheath flow, each event is independently tagged upon separation from the flow by an electrical charge of +60, +120, or +180 volts and passed through oppositely charged deflection plates with ground planes to yield a focused six way deflection of at least six events in a narrow plane.

  5. Multiple gap photovoltaic device

    DOE Patents [OSTI]

    Dalal, Vikram L. (Newark, DE)

    1981-01-01

    A multiple gap photovoltaic device having a transparent electrical contact adjacent a first cell which in turn is adjacent a second cell on an opaque electrical contact, includes utilizing an amorphous semiconductor as the first cell and a crystalline semiconductor as the second cell.

  6. Portable multiplicity counter

    DOE Patents [OSTI]

    Newell, Matthew R. (Los Alamos, NM); Jones, David Carl (Los Alamos, NM)

    2009-09-01

    A portable multiplicity counter has signal input circuitry, processing circuitry and a user/computer interface disposed in a housing. The processing circuitry, which can comprise a microcontroller integrated circuit operably coupled to shift register circuitry implemented in a field programmable gate array, is configured to be operable via the user/computer interface to count input signal pluses receivable at said signal input circuitry and record time correlations thereof in a total counting mode, coincidence counting mode and/or a multiplicity counting mode. The user/computer interface can be for example an LCD display/keypad and/or a USB interface. The counter can include a battery pack for powering the counter and low/high voltage power supplies for biasing external detectors so that the counter can be configured as a hand-held device for counting neutron events.

  7. Multiple capillary biochemical analyzer

    DOE Patents [OSTI]

    Dovichi, Norman J. (Edmonton, CA); Zhang, Jian Z. (Edmonton, CA)

    1995-01-01

    A multiple capillary analyzer allows detection of light from multiple capillaries with a reduced number of interfaces through which light must pass in detecting light emitted from a sample being analyzed, using a modified sheath flow cuvette. A linear or rectangular array of capillaries is introduced into a rectangular flow chamber. Sheath fluid draws individual sample streams through the cuvette. The capillaries are closely and evenly spaced and held by a transparent retainer in a fixed position in relation to an optical detection system. Collimated sample excitation radiation is applied simultaneously across the ends of the capillaries in the retainer. Light emitted from the excited sample is detected by the optical detection system. The retainer is provided by a transparent chamber having inward slanting end walls. The capillaries are wedged into the chamber. One sideways dimension of the chamber is equal to the diameter of the capillaries and one end to end dimension varies from, at the top of the chamber, slightly greater than the sum of the diameters of the capillaries to, at the bottom of the chamber, slightly smaller than the sum of the diameters of the capillaries. The optical system utilizes optic fibres to deliver light to individual photodetectors, one for each capillary tube. A filter or wavelength division demultiplexer may be used for isolating fluorescence at particular bands.

  8. Multiple capillary biochemical analyzer

    DOE Patents [OSTI]

    Dovichi, N.J.; Zhang, J.Z.

    1995-08-08

    A multiple capillary analyzer allows detection of light from multiple capillaries with a reduced number of interfaces through which light must pass in detecting light emitted from a sample being analyzed, using a modified sheath flow cuvette. A linear or rectangular array of capillaries is introduced into a rectangular flow chamber. Sheath fluid draws individual sample streams through the cuvette. The capillaries are closely and evenly spaced and held by a transparent retainer in a fixed position in relation to an optical detection system. Collimated sample excitation radiation is applied simultaneously across the ends of the capillaries in the retainer. Light emitted from the excited sample is detected by the optical detection system. The retainer is provided by a transparent chamber having inward slanting end walls. The capillaries are wedged into the chamber. One sideways dimension of the chamber is equal to the diameter of the capillaries and one end to end dimension varies from, at the top of the chamber, slightly greater than the sum of the diameters of the capillaries to, at the bottom of the chamber, slightly smaller than the sum of the diameters of the capillaries. The optical system utilizes optic fibers to deliver light to individual photodetectors, one for each capillary tube. A filter or wavelength division demultiplexer may be used for isolating fluorescence at particular bands. 21 figs.

  9. Multiple layer insulation cover

    DOE Patents [OSTI]

    Farrell, James J.; Donohoe, Anthony J.

    1981-11-03

    A multiple layer insulation cover for preventing heat loss in, for example, a greenhouse, is disclosed. The cover is comprised of spaced layers of thin foil covered fabric separated from each other by air spaces. The spacing is accomplished by the inflation of spaced air bladders which are integrally formed in the cover and to which the layers of the cover are secured. The bladders are inflated after the cover has been deployed in its intended use to separate the layers of the foil material. The sizes of the material layers are selected to compensate for sagging across the width of the cover so that the desired spacing is uniformly maintained when the cover has been deployed. The bladders are deflated as the cover is stored thereby expediting the storage process and reducing the amount of storage space required.

  10. Multiple-port valve

    DOE Patents [OSTI]

    Doody, Thomas J.

    1978-08-22

    A multiple-port valve assembly is designed to direct flow from a primary conduit into any one of a plurality of secondary conduits as well as to direct a reverse flow. The valve includes two mating hemispherical sockets that rotatably receive a spherical valve plug. The valve plug is attached to the primary conduit and includes diverging passageways from that conduit to a plurality of ports. Each of the ports is alignable wih one or more of a plurality of secondary conduits fitted into one of the hemispherical sockets. The other hemispherical socket includes a slot for the primary conduit such that the conduit's motion along that slot with rotation of the spherical plug about various axes will position the valve-plug ports in respect to the secondary conduits.

  11. Multiple stage railgun

    DOE Patents [OSTI]

    Hawke, Ronald S. (Livermore, CA); Scudder, Jonathan K. (Pleasanton, CA); Aaland, Kristian (Livermore, CA)

    1982-01-01

    A multiple stage magnetic railgun accelerator (10) for accelerating a projectile (15) by movement of a plasma arc (13) along the rails (11,12). The railgun (10) is divided into a plurality of successive rail stages (10a-n) which are sequentially energized by separate energy sources (14a-n) as the projectile (15) moves through the bore (17) of the railgun (10). Propagation of energy from an energized rail stage back towards the breech end (29) of the railgun (10) can be prevented by connection of the energy sources (14a-n) to the rails (11,12) through isolation diodes (34a-n). Propagation of energy from an energized rail stage back towards the breech end of the railgun can also be prevented by dividing the rails (11,12) into electrically isolated rail sections (11a-n, 12a-n). In such case means (55a-n) are used to extinguish the arc at the end of each energized stage and a fuse (31) or laser device (61) is used to initiate a new plasma arc in the next energized rail stage.

  12. Supporting Multiple Workloads, Batch Systems,

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Multiple Workloads, Batch Systems, and Computing Environments on a Single Linux Cluster Larry Pezzaglia National Energy Research Scientific Computing Center Lawrence...

  13. Sigmund and WInterbon Multiple Scattering

    Energy Science and Technology Software Center (OSTI)

    1985-03-01

    SWIMS calculates the angular dispersion of ion beams that undergo small-angle, incoherent multiple scattering by gaseous or solid media.

  14. T-590: HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Diagnostics. The vulnerability could be exploited remotely resulting in cross site scripting (XSS).

  15. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    14, 2013 V-217: Microsoft Windows NAT Driver ICMP Packet Handling Denial of Service Vulnerability This security update resolves a vulnerability in the Windows NAT Driver in...

  16. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    14, 2013 V-217: Microsoft Windows NAT Driver ICMP Packet Handling Denial of Service Vulnerability This security update resolves a vulnerability in the Windows NAT Driver in...

  17. U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  18. U-137: HP Performance Manager Unspecified Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute...

  19. V-232: Cisco ASA Software TFTP Protocol Inspection Denial of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-232: Cisco ASA Software TFTP Protocol Inspection Denial of Service Vulnerability August ... U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability V-071: Cisco ASA ...

  20. V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data.

  1. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December 21, 2012 - ...

  2. V-170: Apache Subversion Hook Scripts Arbitrary Command Injection...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability V-170: Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability June 4, 2013 - 12:17am...

  3. V-217: Microsoft Windows NAT Driver ICMP Packet Handling Denial...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Microsoft Windows NAT Driver ICMP Packet Handling Denial of Service Vulnerability V-217: Microsoft Windows NAT Driver ICMP Packet Handling Denial of Service Vulnerability August...

  4. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis...

  5. V-188: Apache XML Security XPointer Expressions Processing Buffer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability June...

  6. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis...

  7. U-200: Red Hat Directory Server Information Disclosure Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability June 27,...

  8. U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    PROBLEM: Pidgin 'mxitshowmessage()' Function Stack-Based Buffer Overflow Vulnerability. PLATFORM: Versions prior to Pidgin 2.10.5 vulnerable. ABSTRACT: Pidgin is prone to a...

  9. U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.

  10. V-206: Apache HTTP Server mod_rewrite and "httpOnly" Cookie Disclosure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Apache HTTP Server modrewrite and "httpOnly" Cookie Disclosure Vulnerabilities V-206: Apache HTTP Server modrewrite and "httpOnly" Cookie Disclosure Vulnerabilities July 30,...

  11. T-588: HP Virtual SAN Appliance Stack Overflow

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.

  12. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  13. Multiple Motivations Institutional Change Principle

    Broader source: Energy.gov [DOE]

    The multiple motivations principle suggests that a portfolio approach—rather than a single strategy—may be required to achieve change. Research demonstrates that people and institutions adopt new...

  14. Multiple resonant railgun power supply

    DOE Patents [OSTI]

    Honig, Emanuel M. (Los Alamos, NM); Nunnally, William C. (Los Alamos, NM)

    1988-01-01

    A multiple repetitive resonant railgun power supply provides energy for repetitively propelling projectiles from a pair of parallel rails. A plurality of serially connected paired parallel rails are powered by similar power supplies. Each supply comprises an energy storage capacitor, a storage inductor to form a resonant circuit with the energy storage capacitor and a magnetic switch to transfer energy between the resonant circuit and the pair of parallel rails for the propelling of projectiles. The multiple serial operation permits relatively small energy components to deliver overall relatively large amounts of energy to the projectiles being propelled.

  15. Multiple resonant railgun power supply

    DOE Patents [OSTI]

    Honig, E.M.; Nunnally, W.C.

    1985-06-19

    A multiple repetitive resonant railgun power supply provides energy for repetitively propelling projectiles from a pair of parallel rails. A plurality of serially connected paired parallel rails are powered by similar power supplies. Each supply comprises an energy storage capacitor, a storage inductor to form a resonant circuit with the energy storage capacitor and a magnetic switch to transfer energy between the resonant circuit and the pair of parallel rails for the propelling of projectiles. The multiple serial operation permits relatively small energy components to deliver overall relatively large amounts of energy to the projectiles being propelled.

  16. Multiple Mechanisms of Uranium Immobilization by Cellulomonas...

    Office of Scientific and Technical Information (OSTI)

    Journal Article: Multiple Mechanisms of Uranium Immobilization by Cellulomonas sp. Strain ES6 Citation Details In-Document Search Title: Multiple Mechanisms of Uranium ...

  17. Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.

    SciTech Connect (OSTI)

    Herron, Kerry Gale; Jenkins-Smith, Hank C.

    2008-01-01

    We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support for domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.

  18. U-203: HP Photosmart Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions.

  19. U-073: Bugzilla Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Bugzilla. A remote user can conduct cross-site scripting attacks.

  20. U-190: Microsoft Security Bulletin MS12-037- Critical

    Broader source: Energy.gov [DOE]

    This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer.

  1. Multiple Exciton Generation Solar Cells

    SciTech Connect (OSTI)

    Luther, J. M.; Semonin, O. E.; Beard, M. C.; Gao, J.; Nozik, A. J.

    2012-01-01

    Heat loss is the major factor limiting traditional single junction solar cells to a theoretical efficiency of 32%. Multiple Exciton Generation (MEG) enables efficient use of the solar spectrum yielding a theoretical power conversion efficiency of 44% in solar cells under 1-sun conditions. Quantum-confined semiconductors have demonstrated the ability to generate multiple carriers but present-day materials deliver efficiencies far below the SQ limit of 32%. Semiconductor quantum dots of PbSe and PbS provide an active testbed for developing high-efficiency, inexpensive solar cells benefitting from quantum confinement effects. Here, we will present recent work of solar cells employing MEG to yield external quantum efficiencies exceeding 100%.

  2. Multiple target laser ablation system

    DOE Patents [OSTI]

    Mashburn, Douglas N. (Knoxville, TN)

    1996-01-01

    A laser ablation apparatus and method are provided in which multiple targets consisting of material to be ablated are mounted on a movable support. The material transfer rate is determined for each target material, and these rates are stored in a controller. A position detector determines which target material is in a position to be ablated, and then the controller controls the beam trigger timing and energy level to achieve a desired proportion of each constituent material in the resulting film.

  3. Multiple target laser ablation system

    DOE Patents [OSTI]

    Mashburn, D.N.

    1996-01-09

    A laser ablation apparatus and method are provided in which multiple targets consisting of material to be ablated are mounted on a movable support. The material transfer rate is determined for each target material, and these rates are stored in a controller. A position detector determines which target material is in a position to be ablated, and then the controller controls the beam trigger timing and energy level to achieve a desired proportion of each constituent material in the resulting film. 3 figs.

  4. V-216: Drupal Monster Menus Module Security Bypass and Script Insertion

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 6: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities August 12, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in the Monster Menus module for Drupal PLATFORM: Drupal Monster Menus Module 6.x and 7.x ABSTRACT: The vulnerabilities can be exploited by malicious users to bypass certain security restrictions and

  5. V-036: EMC Smarts Network Configuration Manager Database Authentication

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Vulnerability | Department of Energy 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts

  6. V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerability | Department of Energy 48: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability December 17, 2012 - 1:00am Addthis PROBLEM: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability PLATFORM: Cisco Wireless LAN Controller (WLC) ABSTRACT: A vulnerability was reported in Cisco Wireless LAN Controller. REFERENCE LINKS: SecurityTracker Alert ID: 1027886 Secunia Advisory

  7. Universality of Charged Multiplicity Distributions

    SciTech Connect (OSTI)

    Goulianos, K.; /Rockefeller U.

    1981-12-01

    The charged multiplicity distributions of the diffractive and non-diffractive components of hadronic interactions, as well as those of hadronic states produced in other reactions, are described well by a universal Gaussian function that depends only on the available mass for pionization, has a maximum at n{sub o} {approx_equal} 2M{sup 1/2}, where M is the available mass in GeV, and a peak to width ratio n{sub o}/D {approx_equal} 2.

  8. Multiple piece turbine rotor blade

    DOE Patents [OSTI]

    Jones, Russell B; Fedock, John A

    2013-05-21

    A multiple piece turbine rotor blade with a shell having an airfoil shape and secured between a spar and a platform with the spar including a tip end piece. a snap ring fits around the spar and abuts against the spar tip end piece on a top side and abuts against a shell on the bottom side so that the centrifugal loads from the shell is passed through the snap ring and into the spar and not through a tip cap dovetail slot and projection structure.

  9. Recirculation in multiple wave conversions

    SciTech Connect (OSTI)

    Kaufman, A. N.; Brizard, A.J.; Kaufman, A.N.; Tracy, E.R.

    2008-07-30

    A one-dimensional multiple wave-conversion model is constructed that allows energy recirculation in ray phase space. Using a modular eikonal approach, the connection coefficients for this model are calculated by ray phase-space methods. Analytical results (confirmed numerically) show that all connection coefficients exhibit interference effects that depend on an interference phase, calculated from the coupling constants and the area enclosed by the intersecting rays. This conceptual model, which focuses on the topology of intersecting rays in phase space, is used to investigate how mode conversion between primary and secondary waves is modified by the presence of a tertiary wave.

  10. Multiple channel programmable coincidence counter

    DOE Patents [OSTI]

    Arnone, Gaetano J.

    1990-01-01

    A programmable digital coincidence counter having multiple channels and featuring minimal dead time. Neutron detectors supply electrical pulses to a synchronizing circuit which in turn inputs derandomized pulses to an adding circuit. A random access memory circuit connected as a programmable length shift register receives and shifts the sum of the pulses, and outputs to a serializer. A counter is input by the adding circuit and downcounted by the seralizer, one pulse at a time. The decoded contents of the counter after each decrement is output to scalers.

  11. T-637: VMSA-2011-0009 VMware hosted product updates, ESX patches and VI, Client update resolve multiple

    Broader source: Energy.gov [DOE]

    This patch provides a fix for the following three security issues in the VMware Host Guest File System (HGFS). None of these issues affect Windows based Guest Operating Systems. CVE-2011-2146 Mount.vmhgfs Information Disclosure, information disclosure via a vulnerability that allows an attacker with access to the Guest to determine if a path exists in the Host filesystem and whether it is a file or directory regardless of permissions. CVE-2011-1787 Mount.vmhgfs Race Condition, privilege escalation via a race condition that allows an attacker with access to the guest to mount on arbitrary directories in the Guest filesystem and achieve privilege escalation if they can control the contents of the mounted directory. CVE-2011-2145 Mount.vmhgfs Privilege Escalation, privilege escalation via a procedural error that allows an attacker with access to the guest operating system to gain write access to an arbitrary file in the Guest filesystem. This issue only affects Solaris and FreeBSD Guest Operating Systems. For more information on the following associated CVE details please use the provided links below. This patch provides a fix for the following three security issues in the VMware Host Guest File System (HGFS). None of these issues affect Windows based Guest Operating Systems. CVE-2011-2146 Mount.vmhgfs Information Disclosure, information disclosure via a vulnerability that allows an attacker with access to the Guest to determine if a path exists in the Host filesystem and whether it is a file or directory regardless of permissions. CVE-2011-1787 Mount.vmhgfs Race Condition, privilege escalation via a race condition that allows an attacker with access to the guest to mount on arbitrary directories in the Guest filesystem and achieve privilege escalation if they can control the contents of the mounted directory. CVE-2011-2145 Mount.vmhgfs Privilege Escalation, privilege escalation via a procedural error that allows an attacker with access to the guest operating system to gain write access to an arbitrary file in the Guest filesystem. This issue only affects Solaris and FreeBSD Guest Operating Systems. For more information on the following associated CVE details please use the provided links below. CVE-2009-4536, CVE-2010-1188, CVE-2009-3080, CVE-2010-2240, CVE-2011-2146, CVE-2011-1787, CVE-2011-2145, and CVE-2011-2217

  12. Multiple protocol fluorometer and method

    DOE Patents [OSTI]

    Kolber, Zbigniew S. (Shoreham, NY); Falkowski, Paul G. (Stony Brook, NY)

    2000-09-19

    A multiple protocol fluorometer measures photosynthetic parameters of phytoplankton and higher plants using actively stimulated fluorescence protocols. The measured parameters include spectrally-resolved functional and optical absorption cross sections of PSII, extent of energy transfer between reaction centers of PSII, F.sub.0 (minimal), F.sub.m (maximal) and F.sub.v (variable) components of PSII fluorescence, photochemical and non-photochemical quenching, size of the plastoquinone (PQ) pool, and the kinetics of electron transport between Q.sub.a and PQ pool and between PQ pool and PSI. The multiple protocol fluorometer, in one embodiment, is equipped with an excitation source having a controlled spectral output range between 420 nm and 555 nm and capable of generating flashlets having a duration of 0.125-32 .mu.s, an interval between 0.5 .mu.s and 2 seconds, and peak optical power of up to 2 W/cm.sup.2. The excitation source is also capable of generating, simultaneous with the flashlets, a controlled continuous, background illumination.

  13. Multiple channel data acquisition system

    DOE Patents [OSTI]

    Crawley, H. Bert (Ames, IA); Rosenberg, Eli I. (Ames, IA); Meyer, W. Thomas (Ames, IA); Gorbics, Mark S. (Ames, IA); Thomas, William D. (Boone, IA); McKay, Roy L. (Ames, IA); Homer, Jr., John F. (Ames, IA)

    1990-05-22

    A multiple channel data acquisition system for the transfer of large amounts of data from a multiplicity of data channels has a plurality of modules which operate in parallel to convert analog signals to digital data and transfer that data to a communications host via a FASTBUS. Each module has a plurality of submodules which include a front end buffer (FEB) connected to input circuitry having an analog to digital converter with cache memory for each of a plurality of channels. The submodules are interfaced with the FASTBUS via a FASTBUS coupler which controls a module bus and a module memory. The system is triggered to effect rapid parallel data samplings which are stored to the cache memories. The cache memories are uploaded to the FEBs during which zero suppression occurs. The data in the FEBs is reformatted and compressed by a local processor during transfer to the module memory. The FASTBUS coupler is used by the communications host to upload the compressed and formatted data from the module memory. The local processor executes programs which are downloaded to the module memory through the FASTBUS coupler.

  14. Multiple channel data acquisition system

    DOE Patents [OSTI]

    Crawley, H.B.; Rosenberg, E.I.; Meyer, W.T.; Gorbics, M.S.; Thomas, W.D.; McKay, R.L.; Homer, J.F. Jr.

    1990-05-22

    A multiple channel data acquisition system for the transfer of large amounts of data from a multiplicity of data channels has a plurality of modules which operate in parallel to convert analog signals to digital data and transfer that data to a communications host via a FASTBUS. Each module has a plurality of submodules which include a front end buffer (FEB) connected to input circuitry having an analog to digital converter with cache memory for each of a plurality of channels. The submodules are interfaced with the FASTBUS via a FASTBUS coupler which controls a module bus and a module memory. The system is triggered to effect rapid parallel data samplings which are stored to the cache memories. The cache memories are uploaded to the FEBs during which zero suppression occurs. The data in the FEBs is reformatted and compressed by a local processor during transfer to the module memory. The FASTBUS coupler is used by the communications host to upload the compressed and formatted data from the module memory. The local processor executes programs which are downloaded to the module memory through the FASTBUS coupler. 25 figs.

  15. Multiple soil nutrient competition between plants, microbes,...

    Office of Scientific and Technical Information (OSTI)

    Journal Article: Multiple soil nutrient competition between plants, microbes, and mineral surfaces: model development, parameterization, and example applications in several...

  16. Detection of electromagnetic radiation using micromechanical multiple

    Office of Scientific and Technical Information (OSTI)

    quantum wells structures (Patent) | SciTech Connect Patent: Detection of electromagnetic radiation using micromechanical multiple quantum wells structures Citation Details In-Document Search Title: Detection of electromagnetic radiation using micromechanical multiple quantum wells structures An apparatus and method for detecting electromagnetic radiation employs a deflectable micromechanical apparatus incorporating multiple quantum wells structures. When photons strike the quantum-well

  17. Multiple-stage integrating accelerometer

    DOE Patents [OSTI]

    Devaney, Howard F. (Cedar Crest, NM)

    1986-01-01

    An accelerometer assembly is provided for use in activating a switch in response to multiple acceleration pulses in series. The accelerometer includes a housing forming a chamber. An inertial mass or piston is slidably disposed in the chamber and spring biased toward a first or reset position. A damping system is also provided to damp piston movement in response to first and subsequent acceleration pulses. Additionally, a cam, including a Z-shaped slot, and cooperating follower pin slidably received therein are mounted to the piston and the housing. The middle or cross-over leg of the Z-shaped slot cooperates with the follower pin to block or limit piston movement and prevent switch activation in response to a lone acceleration pulse. The switch of the assembly is only activated after two or more separate acceleration pulses are sensed and the piston reaches the end of the chamber opposite the reset position.

  18. Multiple-stage integrating accelerometer

    DOE Patents [OSTI]

    Devaney, H.F.

    1984-06-27

    An accelerometer assembly is provided for use in activating a switch in response to multiple acceleration pulses in series. The accelerometer includes a housing forming a chamber. An inertial mass or piston is slidably disposed in the chamber and spring biased toward a first or reset position. A damping system is also provided to damp piston movement in response to first and subsequent acceleration pulses. Additionally, a cam, including a Z-shaped slot, and cooperating follower pin slidably received therein are mounted to the piston and the housing. The middle or cross-over leg of the Z-shaped slot cooperates with the follower pin to block or limit piston movement and prevent switch activation in response to a lone acceleration pulse. The switch of the assembly is only activated after two or more separate acceleration pulses are sensed and the piston reaches the end of the chamber opposite the reset position.

  19. Multiple acousto-optic q-switch

    DOE Patents [OSTI]

    Deason, Vance A. (Idaho Falls, ID)

    1993-01-01

    An improved dynamic moire interferometer comprised of a lasing medium providing a plurality of beams of coherent light, a multiple q-switch producing multiple trains of 100,000 or more pulses per second, a combining means collimating multiple trains of pulses into substantially a single train and directing beams to specimen gratings affixed to a test material, and a controller, triggering and sequencing the emission of the pulses with the occurrence and recording of a dynamic loading event.

  20. Multiple acousto-optic q-switch

    DOE Patents [OSTI]

    Deason, Vance A.

    1993-12-07

    An improved dynamic moire interferometer comprised of a lasing medium providing a plurality of beams of coherent light, a multiple q-switch producing multiple trains of 100,000 or more pulses per second, a combining means collimating multiple trains of pulses into substantially a single train and directing beams to specimen gratings affixed to a test material, and a controller, triggering and sequencing the emission of the pulses with the occurrence and recording of a dynamic loading event.

  1. Multiscale Mathematics For Plasma Kinetics Spanning Multiple...

    Office of Scientific and Technical Information (OSTI)

    Technical Report: Multiscale Mathematics For Plasma Kinetics Spanning Multiple Collisionality Regimes Citation Details In-Document Search Title: Multiscale Mathematics For Plasma...

  2. Staged inoculation of multiple cyanobacterial photobioreactors

    DOE Patents [OSTI]

    Scott, Brendan; Meichel, George; Phillips-Kress, Jesse; Blanks, Jessica

    2015-09-01

    A method of rapid simultaneous inoculation of cyanobacteria to multiple commercial-scale closed photobioreactors for the production of a target molecule such as ethanol.

  3. Integrated Inverter Control for Multiple Electric Machines -...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Industrial Technologies Find More Like This Return to Search Integrated Inverter Control for Multiple Electric Machines Oak Ridge National Laboratory Contact ORNL About This...

  4. T-601: Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in the Windows Kernel. A local user can obtain elevated privileges on the target system. A local user can trigger a use-after free or null pointer dereference to execute arbitrary commands on the target system with kernel level privileges.

  5. PrimerDesign-M: A multiple-alignment based multiple-primer design...

    Office of Scientific and Technical Information (OSTI)

    for walking across variable genomes Prev Next Title: PrimerDesign-M: A multiple-alignment based multiple-primer design tool for walking across variable genomes You are ...

  6. PrimerDesign-M: A multiple-alignment based multiple-primer design...

    Office of Scientific and Technical Information (OSTI)

    for walking across variable genomes Prev Next Title: PrimerDesign-M: A multiple-alignment based multiple-primer design tool for walking across variable genomes Analyses of ...

  7. PrimerDesign-M: A multiple-alignment based multiple-primer design tool for

    Office of Scientific and Technical Information (OSTI)

    walking across variable genomes (Journal Article) | DOE PAGES PrimerDesign-M: A multiple-alignment based multiple-primer design tool for walking across variable genomes « Prev Next » Title: PrimerDesign-M: A multiple-alignment based multiple-primer design tool for walking across variable genomes Analyses of entire viral genomes or mtDNA requires comprehensive design of many primers across their genomes. In addition, simultaneous optimization of several DNA primer design criteria may

  8. LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

    SciTech Connect (OSTI)

    Ray Fink

    2006-10-01

    The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

  9. Neutron multiplication error in TRU waste measurements

    SciTech Connect (OSTI)

    Veilleux, John [Los Alamos National Laboratory; Stanfield, Sean B [CCP; Wachter, Joe [CCP; Ceo, Bob [CCP

    2009-01-01

    Total Measurement Uncertainty (TMU) in neutron assays of transuranic waste (TRU) are comprised of several components including counting statistics, matrix and source distribution, calibration inaccuracy, background effects, and neutron multiplication error. While a minor component for low plutonium masses, neutron multiplication error is often the major contributor to the TMU for items containing more than 140 g of weapons grade plutonium. Neutron multiplication arises when neutrons from spontaneous fission and other nuclear events induce fissions in other fissile isotopes in the waste, thereby multiplying the overall coincidence neutron response in passive neutron measurements. Since passive neutron counters cannot differentiate between spontaneous and induced fission neutrons, multiplication can lead to positive bias in the measurements. Although neutron multiplication can only result in a positive bias, it has, for the purpose of mathematical simplicity, generally been treated as an error that can lead to either a positive or negative result in the TMU. While the factors that contribute to neutron multiplication include the total mass of fissile nuclides, the presence of moderating material in the matrix, the concentration and geometry of the fissile sources, and other factors; measurement uncertainty is generally determined as a function of the fissile mass in most TMU software calculations because this is the only quantity determined by the passive neutron measurement. Neutron multiplication error has a particularly pernicious consequence for TRU waste analysis because the measured Fissile Gram Equivalent (FGE) plus twice the TMU error must be less than 200 for TRU waste packaged in 55-gal drums and less than 325 for boxed waste. For this reason, large errors due to neutron multiplication can lead to increased rejections of TRU waste containers. This report will attempt to better define the error term due to neutron multiplication and arrive at values that are more realistic and accurate. To do so, measurements of standards and waste drums were performed with High Efficiency Neutron Counters (HENC) located at Los Alamos National Laboratory (LANL). The data were analyzed for multiplication effects and new estimates of the multiplication error were computed. A concluding section will present alternatives for reducing the number of rejections of TRU waste containers due to neutron multiplication error.

  10. Ultrafast photodetectors allow direct observation of multiple...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    N.M., Sept. 11, 2015-One of the big benefits of the tiny semiconductor pieces known as quantum dots is that they can crank out multiple electrons from a single photon, a feature...

  11. Modular multiplication operator and quantized baker's maps

    SciTech Connect (OSTI)

    Lakshminarayan, Arul [Max-Planck-Institut fuer Physik komplexer Systeme, Noethnitzer Strasse 38, D-01187 Dresden (Germany)

    2007-10-15

    The modular multiplication operator, a central subroutine in Shor's factoring algorithm, is shown to be a coherent superposition of two quantum baker's maps when the multiplier is 2. The classical limit of the maps being completely chaotic, it is shown that there exist perturbations that push the modular multiplication operator into regimes of generic quantum chaos with spectral fluctuations that are those of random matrices. For the initial state of relevance to Shor's algorithm we study fidelity decay due to phase and bit-flip errors in a single qubit and show exponential decay with shoulders at multiples or half-multiples of the order. A simple model is used to gain some understanding of this behavior.

  12. Laser isotope separation by multiple photon absorption

    DOE Patents [OSTI]

    Robinson, C. Paul (Los Alamos, NM); Rockwood, Stephen D. (Los Alamos, NM); Jensen, Reed J. (Los Alamos, NM); Lyman, John L. (Los Alamos, NM); Aldridge, III, Jack P. (Los Alamos, NM)

    1987-01-01

    Multiple photon absorption from an intense beam of infrared laser light may be used to induce selective chemical reactions in molecular species which result in isotope separation or enrichment. The molecular species must have a sufficient density of vibrational states in its vibrational manifold that, is the presence of sufficiently intense infrared laser light tuned to selectively excite only those molecules containing a particular isotope, multiple photon absorption can occur. By this technique, for example, intense CO.sub.2 laser light may be used to highly enrich .sup.34 S in natural SF.sub.6 and .sup.11 B in natural BCl.sub.3.

  13. Charged-particle multiplicity at LHC energies

    ScienceCinema (OSTI)

    None

    2011-10-06

    The talk presents the measurement of the pseudorapidity density and the multiplicity distribution with ALICE at the achieved LHC energies of 0.9 and 2.36 TeV.An overview about multiplicity measurements prior to LHC is given and the related theoretical concepts are briefly discussed.The analysis procedure is presented and the systematic uncertainties are detailed. The applied acceptance corrections and the treatment of diffraction are discussed.The results are compared with model predictions. The validity of KNO scaling in restricted phase space regions is revisited. 

  14. Laser isotope separation by multiple photon absorption

    DOE Patents [OSTI]

    Robinson, C.P.; Rockwood, S.D.; Jensen, R.J.; Lyman, J.L.; Aldridge, J.P. III.

    1987-04-07

    Multiple photon absorption from an intense beam of infrared laser light may be used to induce selective chemical reactions in molecular species which result in isotope separation or enrichment. The molecular species must have a sufficient density of vibrational states in its vibrational manifold that, is the presence of sufficiently intense infrared laser light tuned to selectively excite only those molecules containing a particular isotope, multiple photon absorption can occur. By this technique, for example, intense CO[sub 2] laser light may be used to highly enrich [sup 34]S in natural SF[sub 6] and [sup 11]B in natural BCl[sub 3]. 8 figs.

  15. Hand-held multiple system gas chromatograph

    DOE Patents [OSTI]

    Yu, Conrad M. (Antioch, CA)

    2001-01-01

    A multiple parallel hand-held gas chromatograph (GC) system which includes several independent GCs. Each independent GC has its own injector, separation column, detector and oven and the GCs are mounted in a light weight hand-held assembly. Each GC operates independently and simultaneously. Because of different coatings in different separation columns, different retention times for the same gas will be measured. Thus, for a GC system with multiple parallel GCs, the system can measure, in a short period, different retention times and provide a cross-reference in the determination of the measured gas and to become a two-dimensional system for direct field use.

  16. The differential algebra based multiple level fast multipole...

    Office of Scientific and Technical Information (OSTI)

    The differential algebra based multiple level fast multipole algorithm for 3D space charge ... Title: The differential algebra based multiple level fast multipole algorithm for 3D space ...

  17. Permeation of Multiple Isotopes in the Transition Between Surface...

    Office of Environmental Management (EM)

    Permeation of Multiple Isotopes in the Transition Between Surface- and Diffusion-Limited Regimes Permeation of Multiple Isotopes in the Transition Between Surface- and...

  18. U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS).

  19. U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS).

  20. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8, 2013 V-087: Adobe Flash Player Two Vulnerabilities Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system. February...

  1. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A vulnerability was reported in McAfee VirusScan Enterprise. February 27, 2013 V-100: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code Several vulnerabilities were...

  2. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    11, 2013 V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods...

  3. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    11, 2013 V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods...

  4. V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    48: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability V-048: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability December 17, 2012 - 1:00am ...

  5. U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerabilit...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis ...

  6. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  7. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerabili...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis...

  8. Nessus Visualization

    Energy Science and Technology Software Center (OSTI)

    2012-10-01

    NV is a visualization tool for exploring vulnerabilities within a network. The data is created with a vulnerability assessment tool, such as Nessus (http://www.tenable.com/products/nessus).

  9. U-226: Linux Kernel SFC Driver TCP MSS Option Handling Denial...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability U-226: Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability August 2,...

  10. T-599: Microsoft April 2011 Security Bulletin Release

    Broader source: Energy.gov [DOE]

    Microsoft released 17 bulletins to address vulnerabilities involving Microsoft Office Suites and Software in Windows OS. This Microsoft Bulletin contains 9 Critical vulnerabilities which require a restart after the applied patch.

  11. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    the Login Security module for Drupal June 25, 2013 V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability Apache has acknowledged a vulnerability in Apache...

  12. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    the Login Security module for Drupal June 25, 2013 V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability Apache has acknowledged a vulnerability in Apache...

  13. Selectivity in multiple quantum nuclear magnetic resonance

    SciTech Connect (OSTI)

    Warren, W.S.

    1980-11-01

    The observation of multiple-quantum nuclear magnetic resonance transitions in isotropic or anisotropic liquids is shown to give readily interpretable information on molecular configurations, rates of motional processes, and intramolecular interactions. However, the observed intensity of high multiple-quantum transitions falls off dramatically as the number of coupled spins increases. The theory of multiple-quantum NMR is developed through the density matrix formalism, and exact intensities are derived for several cases (isotropic first-order systems and anisotropic systems with high symmetry) to shown that this intensity decrease is expected if standard multiple-quantum pulse sequences are used. New pulse sequences are developed which excite coherences and produce population inversions only between selected states, even though other transitions are simultaneously resonant. One type of selective excitation presented only allows molecules to absorb and emit photons in groups of n. Coherent averaging theory is extended to describe these selective sequences, and to design sequences which are selective to arbitrarily high order in the Magnus expansion. This theory and computer calculations both show that extremely good selectivity and large signal enhancements are possible.

  14. Electron circuits: semiconductor laser multiple use installation

    SciTech Connect (OSTI)

    Zhou, F.; Fan, J.; Weng, D.

    1983-04-01

    A light source for a multiple use installation using a same matter junction or different matter junction GaAlAs/GaAs semiconductor laser, which has the advantages of high interference resistance, long transmission distance (tens to hundreds of meters), good security, and low power consumption in addition, the controller of the light source has multiple usages of alarming, switching and counting is presented. The multiple use installation can be used in control of breaking warps and counting on roving waste machines, warping machines and silk weaving machines in the textile industry long distance speed measurement, alarming and counting in machinery, electricity and chemical industries and alarming and control of water levels in reservoirs, rivers and water towers, as well as blockade alarming and control of important divisions. This multiple use installation is composed of two parts a laser emitter and a receiving device. The former component is used to produce the laser after the receiver receives the laser, the installation completes operations of alarming, switching and counting.

  15. Semiconductor laser with multiple lasing wavelengths

    DOE Patents [OSTI]

    Fischer, Arthur J.; Choquette, Kent D.; Chow, Weng W.

    2003-07-29

    A new class of multi-terminal vertical-cavity semiconductor laser components has been developed. These multi-terminal laser components can be switched, either electrically or optically, between distinct lasing wavelengths, or can be made to lase simultaneously at multiple wavelengths.

  16. T-571: Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions.

  17. U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  18. U-210: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions.

  19. U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system

  20. U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP WBEM. A remote or local user can gain access to diagnostic data.

  1. U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system.

  2. T-720: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Blue Coat Director. A remote user can conduct cross-site scripting attacks.

  3. U-060: Security update: Hotfix available for ColdFusion

    Broader source: Energy.gov [DOE]

    Vulnerabilities have been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. These vulnerabilities could lead to a cross-site scripting attack. Adobe categorizes this as an important update and recommends that users apply the latest update for their product installation.This update resolves a cross-site scripting vulnerability in cfform tag (CVE-2011-2463). This update resolves a cross-site scripting vulnerability in RDS (CVE-2011-4368).

  4. U-245: Critical Java 0-day flaw exploited

    Broader source: Energy.gov [DOE]

    Targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims' machines

  5. U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions.

  6. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  7. U-153: EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions.

  8. U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system.

  9. V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access

    Broader source: Energy.gov [DOE]

    This security update resolves a vulnerability in the HP Service Manager which allows people to have access to unauthorized information

  10. U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

  11. U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system.

  12. T-651: Blue Coat ProxySG Discloses Potentially Sensitive Information in Core Files

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Blue Coat ProxySG. A local user can obtain potentially sensitive information

  13. U-017: HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP MFP Digital Sending Software. A local user can obtain potentially sensitive information.

  14. T-592: Cisco Security Advisory: Cisco Secure Access Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Unauthorized Password Change Vulnerability | Department of Energy 92: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability T-592: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability March 31, 2011 - 5:05pm Addthis PROBLEM: A vulnerability was reported in Cisco Secure Access Control System. A remote user can change the passwords of arbitrary users. PLATFORM: Cisco Secure ACS versions 5.1 patch

  15. Audits and Inspections Work Plan Audits Central Audits Division

    Office of Environmental Management (EM)

    of Critical Asset Vulnerability and Risk Assessments Western Area Power Administration Procurement Selected Financial Assistance Recipients Bonneville Power...

  16. T-562: Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in novell-tftp.exe when parsing requests. This can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to UDP port 69. The vulnerability is reported in versions 10.3.1, 10.3.2, and 11.0.

  17. Evaluation Report: IG-0856 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    controls, vulnerability management web application integrity, contingency planning, change control management, and cyber security training. The weaknesses identified...

  18. T-725: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilitiry Code

    Broader source: Energy.gov [DOE]

    Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers.

  19. U-023: Debian update for phpldapadmin

    Broader source: Energy.gov [DOE]

    All versions of phpldapadmin - all released versions as of today are vulnerable to a remote code execution bug.

  20. V-112: Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks

    Broader source: Energy.gov [DOE]

    This security update resolves four reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation.