Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC contain security vulnerabilities that could disclose sensitive information, allow privilege escalation, or allow remote code execution. Highest CVSSv4 score of 9.2
More info.

A classic buffer overflow vulnerability in GateManager allows a DoS.
More info.

NetApp has published 15 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 7.5
No patches yet.
More info.

UISP Router and Console has been updated to fix several security vulnerabilities. Highest CVSSv3 score of 7.5
More info.

A vulnerability in the management and VPN web servers for Cisco ASA and FTD Software could allow a remote attacker to cause the device to reload unexpectedly, resulting in a DoS. CVSSv3 score of 8.6
This is actively exploited.
More info.

Broadcom has published 4 new bulletins identifying vulnerabilities affecting SANnav products, including undocumented user and insecure transmission of sensitive information.  Highest CVSSv3 score of 8.6
More info. And here. And here. And here.

Dell has updated Terraform Provider for Redfish, Terraform Provider for PowerStore, APEX Cloud Platform for Microsoft Azure, APEX Cloud Platform Foundation Software, PowerFlex Rack, and PowerFlex Appliance to fix vulnerabilities in third-party software.  Dell rates these High.
More info. And here. And here. And here. And here.

Dell has updated ObjectScale to fix vulnerabilities in third-party software.  Dell rates this Critical.
More info.

Security vulnerabilities have been identified in HPE SAN switches with the Brocade Fabric OS. Highest CVSSv3 score of 9.8
More info.

BD has provided security patches for third-party software for Care Coordination Engine.
More info.

The Domino Blog template contains a version of Dojo susceptible to a Prototype Pollution vulnerability. CVSSv3 score of 9.8
More info.

Several security vulnerabilities have been patched in FreeRDP.  Highest CVSSv3 score of 9.8
More info.

The AIG-301 Series is affected by multiple Azure uAMQP vulnerabilities that could allow a remote attacker to achieve RCE. CVSSv3 score of 9.8
More info.

Lantime has been updated to fix several security vulnerabilities in third-party software.
More info.

Chrome for Desktop has been updated to fix 4 security vulnerabilties, at least 1 rated Critical.
More info.

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a DoS. CVSSv3 score of 7.5
More info.

Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

A session hijacking vulnerability exists in Hitachi Ops Center Analyzer. CVSSv3 score of 7.5
More info.

BD has provided security patches for third-party software for Pyxis, Alaris, Identity Provider Manager, and Data Agent.
More info.

Fireware OS and WSM Management Server are vulnerable to Diffie-Hellman Key Agreement Protocal weaknesses. CVSSv3 score of 7.5.
Note the CVEs are old, one from 2002, one from 2022.
More info.

Red Hat has updated kpatch. More info.
Oracle Linux has updated the kernel. More info.
Mageia has updated the kernel. More info.

Dräger Core and M540 Converter Service contains a vulnerability that allows a remote attacker to send a specially crafted SDC message and cause a DoS. CVSSv3 score of 7.5
Patches will be provided in the next product release.
More info.

The AIG-301 Series product is affected by multiple Azure uAMQP vulnerabilities. A remote attacker can achieve RCE. Highest CVSSv3 score of 9.8
More info.

RUGGEDCOM APE 1808 devices contain the Palo Alto Networks GlobalProtect, and the associated vulnerability.  They are preparing patches.  Implement countermeasures.  CVSSv3 score of 10.
More info.

Multiple security vulnerabilities have been addressed in updates to Security Verify Governance - Identity Manager. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities affect Db2 on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.  Highest CVSSv3 score of 9.8
More info.

Edge Application Manager 4.5.5 addresses several security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. Highest CVSSv3 score of 9.8
More info.

Order Management removed parts of legacy code that carried vulnerabilites.  Highest CVSSv3 score of 10
More info.

Improper validation may allow a remote attacker to bypass authentication and gain access to users’ files. Prior knowledge of a username and a file path is needed in order to gain access to a certain file. CVSSv3 score of 7.5
More info.

Ubuntu has updated the kernel. More info.

All patches are now out. CVSSv4 score of 10.
Actively exploited.
More info.

FactoryTalk Production Centre is vulnerable to an Apache ActiveMQ vulnerability. CVSSv3 score of 9.8
More info.

Microsoft has updated Edge with the latest chromium updates as well as three Edge-specific updates.
More info.

There is a Security Update for Dell VxRail that fixes multiple third-party software vulnerabilities.  Dale rates this Critical.
More info.

Dell Networking OS10 remediation is available for third-party software vulnerabilities. Dell rates this Critical.
More info.

Workplace Cloud contains a Critical vulnerability in the Job Processing feature.  Xerox recommends disabling the Job Processing feature until a patch is available.
More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10.
More info.

Unitronics Vision Standard PLCs allow a remote attacker to retrieve the 'Information Mode' password in plaintext. CVSSv3 score of 7.5
More info.

PoCs are out for the GlobalProtect vulnerability. CVSSv4 score of 10.
Actively exploited.  More patches expected today and tomorrow.
More info.

Cisco has released 3 new bulletins, 2 rated High and 1 rated Medium. Highest CVSSv3 score of 8.8
More info.

A vulnerability in the implementation of SNMP IPv4 ACL could allow a remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. CVSSv3 score of 5.3
More info.

Authentication bypass vulnerability and an Information Disclosure vulnerability in the 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit could allow a remote attacker to conduct an unauthorized access attack due to improper authentication control.  Highest CVSSv3 score of 6.5
More info. And here.

Brocade SANnav has been updated for a several vulnerabilities. Highest CVSSv3 score of 7.5
More info. And here. And here.

A vulnerability exists in the HTML file parser that could cause a DoS. CVSSv3 score of 7.5
More info.

Seven high-severity vulnerabilities have been fixed in Bamboo/Confluence/Jira Data Center and Server. Highest CVSSv3 score of 8.2
More info.

OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.

The GlobalProtect vulnerability guidance is changing, disabling Telemetry, previously reported as a workaround, does not provide protection. CVSSv4 score of 10.
Actively exploited.  Some patches available.
More info.

Mozilla has updated Firefox and Firefox ESR for vulnerabilities rated High.
More info.

Electrolink transmitters are vulnerable to Several security vulnerabilities, including Authentication Bypass, Missing Authentication, and Cleartext Storage of Sensitive Information. Highest CVSSv4 score of 8.7
More info.

Brocade SANnav has been updated for a several vulnerabilities. Highest CVSSv3 score of 8.6
More info. And here. And here. And here.

Chrome for Desktop has been updated to fix 23 security vulnerabilities.
More info.

Avalanche has been updated to address vulnerabilities reported last month. Highest CVSSv3 score of 9.8
More info.

SUSE has updated the kernel. More info.
Ubutu has updated the kernel. More info.

Oracle Quarterly Critical Patch Update is out, with 441 security patches, with 285 of these exploitable without authentication.
More info.

Hitachi has published updates in JP1 and Cosminexus.
More info.

Biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures.
More info.

Red Hat has updated the kernel. More info.

A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the firewall. CVSSv4 score of 10
Some patches are now available.
Exploits reported.
More info.

Microsoft has updated Edge with the latest chromium updates
More info.

Security vulnerabilities have been identified in HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 that could be exploited to overwrite SMM memory leading to execution of arbitrary code with privilege elevation. CVSSv3 score of 9.8
More info.

HP ThinPro contains security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

NetApp has published 13 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 8.4
Six have patches.
More info.

SUSE has updated the kernel. More info.
Debian as updated the kernel. More info.

A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the firewall. CVSSv4 score of 10
Patches expected by 14 April, this is being exploited.
More info.

An input validation vulnerability exists in 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault when malicious input is entered resulting in a DoS that requires a manual restart. CVSSv4 score of 8.7
More info.

ControlLogix and GuardLogix are vulnerable to a major nonrecoverable fault due to an invalid header value resulting in a DoS that requires a manual restart. CVSSv4 score of 9.2
More info.

Storage Resource Manager and Storage Monitoring and Reporting remediation is available for multiple security vulnerabilities. Dell rates this Critical.
More info.

IBM Sterling B2B Integrator uses Apache Commons BCEL and contains a vulnerability. CVSSv3 score of 9.8
More info.

Due to use of Postgresql JDBC, IBM Instana Observability is vulnerable to SQL injection. CVSSv3 score of 10
More info.

IBM Disconnected Log Collector includes components with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM QRadar SIEM includes vulnerable components that could be identified and exploited with automated tools. Highest CVSSv3 score of 9.8.
More info.

SUSE has updated the kernel. More info.

Google has updated Chrome for Desktop to fix 3 security vulnerabilities.
More info.

Microsoft is aware.  More info.

Monthly Patches are out for Palo Alto Networks with 8 bulletins, 4 rated High, 3 Medium, and 1 Informational.  Highest CVSSv3 score of 8.3
More info.

A packet processing mechanism in PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. CVSSv3 score of 8.2
More info.

A vulnerability in PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving NTLM packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
More info.

A memory leak exists in PAN-OS software that enables a remote attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. CVSSv3 score of 8.2
More info.

A vulnerability was discovered in the way multiple programming languages fail to properly escape the arguments in a Microsoft Windows command execution environment. Successful exploitation of this vulnerability permits an attacker to execute arbitrary commands.
This affects Haskell, Node.js, Rust (reported yesterday), PHP, yt-dlp, and perhaps others.
More info.

Node.js has updated. More info.

Juniper Networks April Patches include 36 bulletins, 3 rated Critical, 10 rated High, and 23 rated Medium. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities have been resolved in Juniper Networks Junos cRPD and Juniper Cloud Native Router by updating third party software.  Some CVEs date back to 2011. Highest CVSSv3 score of 9.8
More info. And here.

Multiple vulnerabilities have been resolved in Juniper Networks Junos OS and Junos OS Evolved by updating cURL libraries. Highest CVSSv3 score of 9.8
More info.

Spring Framework has been patched to fix a URL Parsing vulnerability.  CVSSv3 score of 8.1
More info.

QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 10.
More info.

IBM Sterling B2B Integrator uses Apache CXF. Highest CVSSv3 score of 9.8
More info.

IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable. CVSSv3 score of 9.8
More info.

A vulnerable version of the Postgresql JDBC driver is shipped with IBM Tivoli Netcool Impact. CVSSv3 score of 10.
More info.

Vulnerabilities have been identified with the DS8900F Hardware Management Console (HMC). Highest CVSSv3 score of 9.8
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.

Microsoft Monthly Patches are out, with 149 vulnerabilities plus chromium vulnerabilities.  Three are rated Critical, and 1 is being exploited.  Highest CVSSv3 score of 9.0
More info. And here.

Adobe has published updates for After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Animate. Highest CVSSv3 score of 9.
More info. And here.

Fortinet Monthly Patches includes 13 bulletins.  Highest CVSSv3 score of 9.4
More info.

A vulnerability in FortiClientLinux may allow a remote attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website. CVSSv3 score of 9.4
More info.

A vulnerability in FortiOS may allow a remote attacker to fingerprint the device version via HTTP requests. CVSSv3 score of 5
More info.

A vulnerability in FortiNAC-F may allow a remote attacker to perform a MitM attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. CVSSv3 score of 4.4
More info.
 

The Rust standard library did not properly escape arguments when invoking batch files on Windows using the Command API. A remote attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands. CVSSv3 score of 10
More info.

Pepperl+Fuchs: ICE2- * and ICE3- * products are affected by multiple vulnerabilities in third-party software. Highest CVSSv3 score of 7.5
No patches yet.
More info.

Security vulnerabilities have been identified in HPE Unified Correlation Analyzer that could be exploited by a remote attacker to allow RCE, DoS, unauthorized access, memory corruption, XML external entity (XXE), and insecure deserialization. Highest CVSSv3 score of 9.8
More info.

Oracle Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.

SAP Security Patch Day saw the release of 10 new Security Notes and 2 updated Security Notes. Highest CVSSv3 score of 8.8
More info.

Siemens Monthly Patches are out, with 8 new bulletins and 11 updated bulletins.  Highest CVSSv3 score of 9.8
More info.

The SCALANCE W1750D devices contain multiple vulnerabilities that could allow a remote attacker to achieve to information disclosure or RCE. Highest CVSSv3 score of 9.8
More info.

SINEC NMS is affected by multiple vulnerabilities. Highest CVSSv3 score of 7.6
More info.

Siemens has released a new version for Telecontrol Server Basic that fixes multiple vulnerabilities. Highest CVSSv3 score of 8.8
More info.

Multiple vulnerabilities in Palo Alto Networks Virtual NGFW exist on RUGGEDCOM APE1808 devices. Highest CVSSv3 score of 8.8
More info. And here.

Schneider Electric includes 1 new bulletin and 3 updated bulletins in their Monthly Patches. The new bulletin has a CVSSv3 score of 7.8
More info.

Monthly Patches for Unisoc chipset for Android are out with 4 addressed vulnerabilities.  Highest CVSSv3 score of 6.2
More info.

Welotec has reported two vulnerabilities in the TK500v1 router series that could allow a remote attacker to manipulate the device. Highest CVSSv3 score of 9.8
More info.

In FRRouting a remote attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. CVSSv3 score of 7.5
More info.

WeOS uses the WebDAV PROPFIND and could allow a remote attacker to obtain sensitive information. CVSSv3 score of 5.3
More info.

Dell NetWorker, Storage Resource Manager, and Storage Monitoring and Reporting remediation is available for multiple security vulnerabilities in third-party software. Dell rates these Critical.
More info. And here.

A remote attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a DoS.
No patches available.
More info.