New Alerts for Progress MOVEit, Checkpoint, VMware, PTC, Rockwell Automation, Fortra, Dell, and Linux.
Progress
Progress MOVEit contains 2 vulnerabilities that allow anyone who is able to place a public key on the server to assume the identity of any SFTP user at all. There is documentation of how to do this available on the Internet in a vulnerability writeup. Convoluted and intensive, but possible.
More info. And here. And here. And here.
Checkpoint has updated the Quantum Security Gateway bulletin to include additional measures to prevent further exploit.
More info.
VMware has published a new bulletin for several vulnerabilities including DoS, Authentication Bypass, and OOB read. Highest CVSSv3 score of 6.8
More info.
Creo Elements/Direct License Server contains a Missing Authorization vulnerability that could allow remote attackers to execute arbitrary OS commands. CVSSv4 score of 10.
More info. And here.
ThinManager ThinServer contains Improper Input Validation vulnerabilities that could allow a remote attacker ot achieve RCE or cause a DoS. Highest CVSSv4 score of 9.3
More info. And here.
FileCatalyst contains a Workflow SQL Injection vulnerability that could allow a remote attacker to run SQL. CVSSv3 score of 9.8
More info. And here.
Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple vulnerabilities. Dell rates this Critical.
More info.
Red Hat has updated the kernel. More info.