About DOE Button Organization Button News Button Contact Us Button


Entire Site
DOE-CIRC
US Department of Energy Seal and Header Photo
Science and Technology Button Energy Sources Button Energy Efficiency Button The Environment Button Prices and Trends Button National Security Button Safety and Health Button
Office of the Cheif Information Officer
DOE-CIRC Home
About CIRC
Bulletins
Latest
High Risk
Revised
Bulletin Archive
Technical Bulletins
Search
C-Notes
Recent C-Notes
C-Notes Archive
Security Links
Advanced Search
Contact CIRC

You are the 121736th visitor to CIRC.
Maintenance Schedule
The DOE-CIRC server will be unavailable during the following scheduled events:
Routine maintenance:
Every Thursday from 5:00 - 9:00pm (PST)
Quick Reference Header
circ rss news feed


doe-circ logo

Latest Bulletins
bulletin legend
  • T-175 Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability (02 Jul 2009)
  • T-174 MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability (01 Jul 2009)
  • T-173 phpMyAdmin 'db' Parameter Cross Site Scripting Vulnerability (30 Jun 2009)
  • T-172 Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability (29 Jun 2009)
  • T-171 Samba Format String And Security Bypass Vulnerabilities (26 Jun 2009)
  • T-170 Cisco Physical Access Gateway Malformed Packet Remote Denial of Service Vulnerability (25 Jun 2009)
  • T-169 Adobe Shockwave Player Unspecified Security Vulnerability (24 Jun 2009)
  • T-168 IrfanView 'TIFF' File Handling Remote Integer Overflow Vulnerability (23 Jun 2009)
  • T-167 OpenSSL Multiple Vulnerabilities (22 Jun 2009)
  • T-166 FreeBSD Direct Pipe Writes Information Disclosure Vulnerability (19 Jun 2009)
  • T-165 Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability (18 Jun 2009)
  • T-164 Sun Java Runtime Environment Aqua Look and Feel Privilege Escalation Vulnerability (18 Jun 2009)
  • T-163  Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability (17 Jun 2009)
  • T-162  Drupal Views Module Multiple Security Bypass and HTML Injection Vulnerabilities (16 Jun 2009)
  • T-161 Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities (15 Jun 2009)
  • T-160 Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability (12 Jun 2009)
  • T-159 Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities (11 Jun 2009)
  • T-158  HP OpenView Network Node Manager SNMP and MIB Unspecified Remote Code Execution Vulnerability (10 Jun 2009)
  • T-157 Apple Safari Prior to 4.0 Multiple Security Vulnerabilities (09 Jun 2009)
  • T-156  GNOME Evolution S/MIME Email Signature Verification Vulnerability (08 Jun 2009)
  • T-155  OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability (05 Jun 2009)
  • T-154  Sun Solaris Kerberos Credential Management Security Bypass Vulnerability (05 Jun 2009)
  • T-153  Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness (04 Jun 2009)
  • T-152 Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability (04 Jun 2009)
  • T-151 Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability (03 Jun 2009)
  • T-150 VMware Hosted products and ESX and ESXi security issues (02 Jun 2009)
  • T-149 Apache 'Options' and 'AllowOverride' Security Directives Vulnerability (01 Jun 2009)
  • T-148 Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability (29 May 2009)
  • T-147  OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability (29 May 2009)
  • T-146 BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities (28 May 2009)
  • T-145 Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability (28 May 2009)
  • T-144 FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability (27 May 2009)
  • T-143  Pidgin Multiple Buffer Overflow Vulnerabilities (26 May 2009)
  • T-142 Basic Analysis and Security Engine Cross-Site Scripting Vulnerability (26 May 2009)
  • T-141 Novell GroupWise Buffer Overflow and Cross Site Scripting Vulnerabilities (22 May 2009)
  • T-140 CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability (21 May 2009)
  • T-139 Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability (20 May 2009)
  • T-138  NTP 'ntpd' Autokey and ntpq Stack Buffer Overflow Vulnerability (19 May 2009)
  • T-137 Microsoft IIS 6.0 WebDAV Remote Authentication Bypass (18 May 2009)
  • T-136  Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability (15 May 2009)
  • T-135  Apple Mac OS X Help Viewer HTML Document Remote Code Execution Vulnerability (14 May 2009)
  • T-134  Microsoft PowerPoint Notes Container Heap Memory Corruption Remote Code Execution Vulnerability (13 May 2009)
  • T-133  Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability (12 May 2009)
  • T-132  Multiple Trend Micro Products RAR/ZIP Files Scan Evasion Vulnerability (12 May 2009)
  • T-131  Multiple AVG Products RAR/ZIP Files Scan Evasion Vulnerability (12 May 2009)
  • T-130  F-PROT Products CAB File Scan Evasion Vulnerability (12 May 2009)
  • T-129  HP OpenView Network Node Manager 'ovalarmsrv.exe' Remote Code Execution Vulnerability (08 May 2009)
  • T-128  Adobe Flash Media Server Unspecified RPC Call Privilege Escalation Vulnerability (08 May 2009)
  • T-127  Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability (07 May 2009)
  • T-126 Insight Control Suite For Linux (ICE-LX) Multiple Remote Vulnerabilities In Nagios (06 May 2009)
  • T-125 The Linux kernel is prone to a local privilege-escalation vulnerability via ptrace_attach(). (05 May 2009)
  • T-124 Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability (04 May 2009)
  • T-123  CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities (1 May 2009)
  • T-122 McAfee Products RAR/ZIP Files Scan Evasion Vulnerability (30 Apr 2009)
  • T-121  Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability (29 Apr 2009)
  • T-120  Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability (28 Apr 2009)
  • T-119  Symantec Brightmail Gateway Appliance Cross-site Scripting and Elevation of Privilege (28 Apr 2009)
  • T-118  GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities (27 Apr 2009)
  • T-117  Sun Java System Delegated Administrator HTTP Response Splitting Vulnerability (24 Apr 2009)
  • T-116 Symantec Norton Ghost 'EasySetupInt.dll' ActiveX Multiple Remote Denial of Service Vulnerabilities (24 Apr 2009)
  • T-115  Multiple Vulnerabilities in Firefox, Thunderbird and Seamonkey (23 Apr 2009)
  • T-114  Xpdf JBIG2 Processing Multiple Security Vulnerabilities (22 Apr 2009)
  • T-113  udev Netlink Message Validation Local Privilege Escalation Vulnerability (21 Apr 2009)
  • T-112  CUPS Integer Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code (17 Apr 2009)
  • T-111 Oracle April 2009 Critical Patch Update (16 Apr 2009)
  • T-110 OpenBSD PF Remote Denial of Service Vulnerability (16 Apr 2009)
  • T-109 Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) (16 Apr 2009)
  • T-108 Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause De (16 Apr 2009)
  • T-107 Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) (16 Apr 2009)
  • T-106 Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) (16 Apr 2009)
  • T-105 Critical Cumulative Security Update for Internet Explorer (963027) (16 Apr 2009)
  • T-104 Vulnerabilities in Windows HTTP services could allow remote code execution (15 Apr 2009)
  • T-103 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (15 Apr 2009)
  • T-102 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (15 Apr 2009)
  • T-101 Vmware Flaw in Multiple Products Allows Compromise of Host System (14 Apr 2009)
  • T-100 Tor Security Bypass And Privilege Escalation Weaknesses (13 Apr 2009)
  • T-099 Linux Kernel CIFS Remote Buffer Overflow Vulnerability (10 Apr 2009)
  • T-098 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances (09 Apr 2009)
  • T-097 Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability (08 Apr 2009)
  • T-096 Clam AV 0.94 and below Rar Evasion Vulnerability (07 Apr 2009)
  • T-095 Microsoft Office PowerPoint code execution vulnerability (06 Apr 2009)
  • T-094 Wireshark PN-DCP Data Format String Vulnerability (02 Apr 2009)
  • T-093 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities (01 Apr 2009)
  • T-092 Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability (31 Mar 2009)
  • T-091 Conficker Worm Targets Microsoft Windows Systems (30 Mar 2009)
  • T-090 Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability (27 Mar 2009)
  • T-089 pam-krb5 Local Privilege Escalation Vulnerability (26 Mar 2009)
  • T-088 HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability (25 Mar 2009)
  • T-087 Sun Solaris NFS Daemon (nfsd(1M)) Security Bypass Vulnerability (24 Mar 2009)
  • T-086 Linux Kernel 'readlink' Local Privilege Escalation Vulnerability (23 Mar 2009)
  • T-085 Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities (20 Mar 2009)
  • T-084 Tasklist Drupal Module Unspecified SQL Injection Vulnerability (19 Mar 2009)
  • T-083 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities (18 Mar 2009)
  • T-082 Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability (17 Mar 2009)
  • T-081 Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities (16 Mar 2009)
  • T-080 Hewlett-Packard WMI Mapper for HP Systems Insight Manager Unauthorized Access Vulnerabilities (13 Mar 2009)
  • T-079 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability (12 Mar 2009)
  • T-078 Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability (11 Mar 2009)
  • T-077 IBM Tivoli Storage Manager HSM Buffer Overflow Vulnerability (10 Mar 2009)
  • T-076 OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability (09 Mar 2009)
  • T-075 VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities (06 Mar 2009)
  • T-074 XML Data Theft via RDFXML DataSouce and Cross-Domain Redirect (05 Mar 2009)
  • T-073 New proftpd-dfsg packages fix SQL injection vulnerabilites (04 Mar 2009)
  • T-072 Adobe Flash Player Invalid Object Reference Bug Lets Remote Users Execute Arbitrary Code (03 Mar 2009)
  • T-071 Novell eDirectory Management Console Accept-Language Buffer Overflow (02 Mar 2009)
  • T-070 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability (27 Feb 2009)
  • T-069 HP OpenView Network Node Manager Vulnerable to Denial of Service (26 Feb 2009)
  • T-068 Microsoft Windows AutoRun and AutoPlay Vulnerability (25 Feb 2009)
  • T-067 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (24 Feb 2009)
  • T-066 Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability (23 Feb 2009)
  • T-065 Adobe Acrobat and Reader PDF File Handling Remote Code Execution Vulnerability (20 Feb 2009)
  • T-064 BlackBerry Application Web Loader ActiveX Control Remote Buffer Overflow Vulnerability (19 Feb 2009)
  • T-063 Apple Mac OS X SMB Component Unspecified Buffer Overflow Vulnerability (18 Feb 2009)
  • T-062 Unspecified vulnerablility in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service. (17 Feb 2009)
  • T-061 pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability (13 Feb 2009)
  • T-060 Cumulative Security Update for Internet Explorer 7 (12 Feb 2009)
  • T-059 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (11 Feb 2009)
  • T-058 RealPlayer IVR File Processing Two Vulnerabilities (10 Feb 2009)
  • T-057 Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files (9 Feb 2009)
  • T-056 RealNetworks RealPlayer IVR File Parsing Multiple Vulnerabilities (6 Feb 2009)
  • T-055 Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities (4 Feb 2009)
  • T-054 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities Bypass Same-Origin Restrictions (4 Feb 2009)
  • T-053 Buffer Overflows in RealNetworks Helix Server and Helix Mobile Server Allow Remote Attackers to Cause a Denial of Service Attack (3 Feb 2009)
  • T-052 Sun Solaris BIND "EVP_VerifyFinal()" and "DSA_do_verify()" Spoofing Vulnerability (2 Feb 2009)
  • T-051 Sun Java System Access Manager User Enumeration Weakness (30 Jan 2009)
  • T-050 Sun Solaris Pseudo-terminal Driver Local Denial of Service Vulnerability (29 Jan 2009)
  • T-049 Sun Solaris IPv6 Packet Processing Denial of Service Vulnerability (28 Jan 2009)
  • T-048 Computer Assosciates Anti-Virus Engine 'arclib.dll' Multiple Scan Evasion Vulnerabilities(28 Jan 2009)
  • T-047 Sun Solaris "libike" Library Denial of Service (28 Jan 2009)
  • T-046 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability (27 Jan 2009)
  • T-045 CYV4: Linux Kernel dell_rbu Denial of Service Security Issues (26 Jan 2009)
  • T-044 Apple QuickTime MPEG-2 Playback Component For Windows Input Validation Vulnerability (23 Jan 2009)
  • T-043 Apple Quicktime Memory Corruption and Buffer Overflow Vulnerabilities (22 Jan 2009)
  • T-042 Linux Kernel "keyctl_join_session_keyring()" Denial of Service (21 Jan 2009)
  • T-041 Symantec AppStream Client LaunchObj ActiveX Control Insecure Methods (20 Jan 2009)
  • T-040  Sun SPARC Enterprise Server Authentication Bypass Vulnerability (20 Jan 2009)
  • T-039 Sun Java System Access Manager Privilege Vulnerability and Password Security Issue (16 Jan 2009)
  • T-038 Cisco ONS Platform Crafted Packet Vulnerability (15 Jan 2009)
  • T-037 Oracle Has Released The January 2009 Critical Patch Update (14 Jan 2009)
  • T-036  Vulnerabilities in SMB Could Allow Remote Code Execution (MS09-001) (14 Jan 2009)
  • T-035  Microsoft RPC Worm Spreads in Corporate Networks (13 Jan 2009)
  • T-034  Vulnerability Discovered In XOOPS (09 Jan 2009)
  • T-033  OpenSSL Security Advisory (08 Jan 2009)
  • T-032 New Xterm Packages Fix Regression (07 Jan 2009)
  • T-031  SolucionWeb "id_area" SQL Injection Vulnerability (06 Jan 2009)
  • T-030  New Ruby packages fix denial of service (05 Jan 2009)
  • T-029  Linux Kernel Malformed 'msghdr' Structure Remote Denial of Service Vulnerability (02 Jan 2009)
  • T-028  New php-ajax packages fix cross-site scripting (31 Dec 2008)
  • T-027  Vulnerability in SQL Server could allow remote execution (24 Dec 2008)
  • T-026  Zero-day exploit for Internet Explorer (10 Dec 2008)
  • T-025  Vulnerabilities in Microsoft XML Core Services (13 Nov 2008)
  • T-024  Vulnerability in Server Messge Block (SMB) (13 Nov 2008)
  • T-023  Cisco PIX ASA Vulnerability (6 Nov 2008)
  • T-022  OpenOffice Vulnerability (6 Nov 2008)
  • T-021  libspf2 Vulnerability (6 Nov 2008)
  • T-020  Adobe Reader Acrobat 8 Vulnerability (6 Nov 2008)
  • T-019  libxml2 Vulnerability (29 Oct 2008)
  • T-018  Vulnerability in Server Service   (Released 23 Oct 2008)
  • T-017  Gear Software CD DVD Filter Vulnerability   (Released 15 Oct 2008)
  • T-016  iseemedia / Roxio / MGI Software LPViewer ActiveX Vulnerabilities   (Released 15 Oct 2008)
  • T-015  InstallShield / Macrovision / Acresso FLEXnet Connect Vulnerabilities   (Released 15 Oct 2008)
  • T-014  InstallShield Update Service Agent ActiveX Vulnerability   (Released 15 Oct 2008)
  • T-013  Mac OS X v10.5.5 and Security Update 2008-006   (Released 15 Oct 2008)
  • T-012  MPlayer Vulnerability   (Released 15 Oct 2008)
  • T-011  Oracle Critical Patch Update Advisory - October 2008   (Released 15 Oct 2008)
  • T-010  Vulnerability in the Microsoft Ancillary Function Driver   (Released 15 Oct 2008)
  • T-009  Vulnerability in Message Queuing   (Released 15 Oct 2008)
  • T-008  Vulnerability in Virtual Address Descriptor Manipulation   (Released 15 Oct 2008)
  • T-007  Vulnerability in Windows Internet Printing Service   (Released 15 Oct 2008)
  • T-006  Vulnerabilities in Windows Kernel   (Released 15 Oct 2008)
  • T-005  Vulnerability in Active Directory   (Released 15 Oct 2008)
  • T-004  Cumulative Security Update for Internet Explorer   (Released 15 Oct 2008)
  • T-003  Vulnerabilities in Microsoft Excel   (Released 15 Oct 2008)
  • T-002  Vulnerability in Host Integration Server RPC Service   (Released 15 Oct 2008)
  • T-001  LANDesk QIP Vulnerability   (Released 14 Oct 2008)

 

 
  Related Links

  cyber security sites
GFIRST

US-CERT

FIRST

AUSCERT

NVD (National Vulnerability Database)

NSA (National Security Agency)

  VIRUS information

The White House www.USA.gov E-gov IQ FOIA DOE Privacy Program
U.S. Department of Energy | 1000 Independence Ave., SW | Washington, DC 20585
1-800-dial-DOE | f/202-586-4403