Notes and C-Notes Archive

Entire Site
JC3

US Department of Energy Seal and Header Photo

JC3 Home

About JC3

Incident Reporting

Scope
Reportable Incidents
Reporting Procedures
Report Content
Forms
Negative Reporting

Bulletins

Latest

High Risk

Revised

Bulletin Archive

Technical Bulletins

C-Notes

Recent C-Notes

C-Notes Archive

Documents
and Publications

Documents and Publications

JC3 Documents
Other Publications
Conference Proceedings
Public Law

Tools

NID and SafePatch
DISA INFOSEC Tools
Multi-Platform Trusted Copy
IEBT v.1.01

Public Tools

-Windows

-MAC

-UNIX

Security Links

Advanced Search

Contact JC3

Maintenance Schedule

The JC3 server may be unavailable during the following scheduled events:
Routine maintenance:
Every Thursday from 5:00 - 9:00pm (EST)

C-Notes Archive

Notes and C-Notes are collections of computer security articles and information. Notes and C-Notes are of a less time critical nature than the information contained in Bulletins and Advisories.

Archived C-Notes

C-Note-07-016: Aircrack-ng Buffer Overflow Vulnerability (04/25/07)
C-Note-07-015: Second Sight Software ActiveMod ActiveX and ActiveGS ActiveX Control Stack Buffer Overflows (04/20/07)
C-Note-07-014: Akamai Download Manager ActiveX Control Buffer Overflow (04/20/07)
C-Note-07-013: The Wizz RSS Reader Chrome Access Vulnerability (04/20/07)
C-Note-07-012: HP-UX Running Portable File System (PFS) HPSBUX02203 SSRT071339 rev. 1 (04/13/07)
C-Note-07-011: McAfee ePolicy Orchestrator (ePO) and ProtectionPilot (PRP) HotFixes Fix Multiple Vulnerabilities (03/23/07)
C-Note-07-010: HP-UX Runing Thunderbird (03/22/07)
C-Note-07-009: Google Desktop vulnerable to cross-site scripting (02/23/07)
C-Note-07-008: Zalewski Cookie Setting / Same-Domain Bypass Vulnerability (02/22/07)
C-Note-07-007: JBoss Application Server Vulnerability (02/22/07)
C-Note-07-006: Cisco Multiple Vulnerabilities in Firewall Services Module (02/14/07)
C-Note-07-005: Cross-Site Scripting Vulnerability in Sun Java System Access Manager (01/30/07)
C-Note-07-004: Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability (01/18/07)
C-Note-07-003: A "Use-after-free" Vulnerability in Sendmail Versions Before 8.13.8 may allow Denial of Service (01/11/07)
C-Note-07-002: Third-party Applications Using GSS-API May Be Vulnerable to Compromise (01/10/07)
C-Note-07-001: Security Vulnerability in the Sun Java System Content Delivery Server (01/08/07)
C-Note-06-028: Enemies-of-Carlotta Missing Sanity Checks (12/14/06)
C-Note-06-027: Do Not Apply the Latest Proventia G Download (12/14/06)
C-Note-06-026: SGI Advanced Linux Environment 3 Security Update #66 (11/16/06)
C-Note-06-025: Verity Ultraseek Request Proxying Vulnerability (11/16/06)
C-Note-06-024: Description of the Wi-Fi Protected Access 2 support for Wireless Group
C-Note-06-023: Oracle Critical Patch Update - October 2006 (10/19/06)
C-Note-06-022: Cisco Intrusion Prevention System Management Interface Denial of Service and
C-Note-06-021: HP Storage Management Appliance (SMA) Patch Availability (9/19/06)
C-Note-06-020: gnupg2 (7/21/2006)
C-Note-06-019: elfutils Security Update (7/21/2006)
C-Note-06-018: Updated Kernel Packages for Red Hat Enterprise Linux 3 Update 8 (7/21/2006)
C-Note-06-017: Hewlett-Packard HP-UX Running BINDv4 Domain Name Server (DNS) (5/25/2006)
C-Note-06-016: Red Hat Security Advisory RHSA-2006:0280-8 (Rev. 6/2/2006)
C-Note-06-015: SecurityTracker Alert ID: 1015853 (4/3/2006)
C-Note-06-014: Debian Security Advisory DSA-1000-1 (3/13/2006)
C-Note-06-012: Debian Security Advisory DSA-978-1 (2/17/2006)
C-Note-06-011: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (04/26/2006)
C-Note-06-010: Windows WI-FI Vulnerability (01/18/2006)
C-Note-06-009: VMWare Vulnerability announced and fixed (12/22/05)
C-Note-06-008: Ethereal (revised 12/28/2005)
C-Note-06-007: Oracle Critical Patch Update Implementation Best Practices (12/02/2005)
C-Note-06-006: Sober.AG Activity Alert (11/22/2005)
C-Note-06-005: Oracle Worm Proof of Concept (11/04/2005)
C-Note-06-004: Six bagle versions in one day (11/02/2005)
C-Note-06-003: Cisco IPS MC Malformed Configuration Download Vulnerability (11/01/2005)
C-Note-06-002: phpBB 2.0.18 Released (10/31/2005)
C-Note-06-001: php 4.4.1 Released (10/31/2005)
C-Note-05-010: Debian Squid Design Flaw Revised (06/15/2005)
C-Note-05-012: Cacti (05/22/2005)
C-Note-05-009: Mozilla and Firefox Vulnerabilities (04/20/2005)
C-Note-05-008: Samba: New Release Available for v3.0.13 - 03/24/05
C-Note-05-007: phpBB Vulnerable to Arbitrary File Disclosure (03/01/05)
C-Note-05-006: Multiple Red Hat Enterprise Linux 4 Kernel Patches (02/22/05)
C-Note-05-005: Snort TCP/IP Options DoS Vulnerability (12/28/04)
C-Note-05-004: Microsoft Windows Firewall "My Network (subnet) only" scoping in Windows XP SP2 (12/20/04)
C-Note-05-003: Samba: New Release Available for v3.0.10 - 12/16/04
C-Note-05-002: Microsoft Security Bulletin 04-039 - 11/09/04
C-Note-05-001: MySQL Vulnerabilities - 10/11/04
C-Note-04-015: Mozilla Releases - rev. 09/30/04
C-Note-04-014: Apache 2.0.51 Released - 09/15/04 (revised 12/06/04)
C-Note-04-013: Samba 3.0.x Denial of Service Flaw - rev. 09/22/04
C-Note-04-012: Adobe Acrobat Reader Uudecoding Errors in UNIX/Linux versions - 08/13/04
C-Note-04-011: Sun Alert ID: 57586 Proxy Authentication to Calendar Server Fails if Portal Display
C-Note-04-010: PHP 4.3.7 Release fixes Win32 escapeshellcmd() and escapeshellarg() Input Validation Vulnerabilities
C-Note-04-009: Apple Security Update 2004-06-07 (Mac OS X 10.3.4 and 10.2.8)
C-Note-04-008: Apache HTTP Server 1.3.31 Released
C-Note-04-007: McAfee ePolicy Orchestrator Remote Compromise Vulnerability
C-Note-04-006: Samba 3.0.3 Available for Download -
C-Note-04-005: TikiWiki Multiple Vulnerabilities -

JC3 Web Site Map | DOE Directives | NNSA

U.S. Department of Energy | 1000 Independence Ave., SW | Washington, DC 20585
1-800-dial-DOE | f/202-586-4403