Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-20033: End of Support for the Secunia Community Site

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

CVE
#sql#vulnerability

Summary

This article documents the accessibility of Secunia research through FlexNet Code Insight following the closure of the Secunia Community site in February 2019

Synopsis

The Secunia Community site will become inaccessible at the end of February.

A future release of Code Insight will incorporate the following changes to ensure access to Secunia data:

  • Deliver additional Secunia Advisory properties (currently visible on the Secunia Community site) to Code Insight through the Electronic Update service.
  • Provide a new Get Vulnerability Details REST API to obtain the additional Secunia Advisory data.
  • Develop a new “vulnerability details” interface to display additional Secunia Advisory data.

Meanwhile, if you want to temporarily disable Secunia Advisories from Code Insight, refer to the instructions below for your version of the product.

Code Insight 6.13.0 (or later)

Follow the steps below to disable Secunia Advisories from Code Insight v6 (JIRA: SCA-8639)

  1. Update the following properties in /FNCI_ROOT/config/core/core.properties:
    • disable.secunia=true (value is false by default)
    • enable.forceupdate=true (value is false by default)
  2. Restart Code Insight
  3. Force an electronic update
    • Log in as an Administrator
    • Navigate to Administration >> Updates
    • Manually trigger an Electronic Update

Code Insight 2019 R1 (or later)

Follow the steps below to disable Secunia Advisories from Code Insight v7 (JIRA: SCA-12114)

  1. Execute the following database SQL insert statement using a database client of your choice:
    • INSERT INTO PAS_GLOBAL_PROPERTIES (SERVER_ID_, KEY_, VALUE_, ENCRYPTED_) VALUES (0, 'disable.secunia’, 'true’, 0);
  2. Restart Code Insight
  3. Force an electronic update
    • Log in as an Administrator
    • Navigate to Administration >> Electronic Update
    • Check the Force Full Electronic Update option
    • Click the Schedule Update button

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907