All patches are now out. CVSSv4 score of 10.
Actively exploited.
More info.

FactoryTalk Production Centre is vulnerable to an Apache ActiveMQ vulnerability. CVSSv3 score of 9.8
More info.

Microsoft has updated Edge with the latest chromium updates as well as three Edge-specific updates.
More info.

There is a Security Update for Dell VxRail that fixes multiple third-party software vulnerabilities.  Dale rates this Critical.
More info.

Dell Networking OS10 remediation is available for third-party software vulnerabilities. Dell rates this Critical.
More info.

Workplace Cloud contains a Critical vulnerability in the Job Processing feature.  Xerox recommends disabling the Job Processing feature until a patch is available.
More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10.
More info.

Unitronics Vision Standard PLCs allow a remote attacker to retrieve the 'Information Mode' password in plaintext. CVSSv3 score of 7.5
More info.

PoCs are out for the GlobalProtect vulnerability. CVSSv4 score of 10.
Actively exploited.  More patches expected today and tomorrow.
More info.

Cisco has released 3 new bulletins, 2 rated High and 1 rated Medium. Highest CVSSv3 score of 8.8
More info.

A vulnerability in the implementation of SNMP IPv4 ACL could allow a remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. CVSSv3 score of 5.3
More info.

Authentication bypass vulnerability and an Information Disclosure vulnerability in the 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit could allow a remote attacker to conduct an unauthorized access attack due to improper authentication control.  Highest CVSSv3 score of 6.5
More info. And here.

Brocade SANnav has been updated for a several vulnerabilities. Highest CVSSv3 score of 7.5
More info. And here. And here.

A vulnerability exists in the HTML file parser that could cause a DoS. CVSSv3 score of 7.5
More info.

Seven high-severity vulnerabilities have been fixed in Bamboo/Confluence/Jira Data Center and Server. Highest CVSSv3 score of 8.2
More info.

OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.

The GlobalProtect vulnerability guidance is changing, disabling Telemetry, previously reported as a workaround, does not provide protection. CVSSv4 score of 10.
Actively exploited.  Some patches available.
More info.

Mozilla has updated Firefox and Firefox ESR for vulnerabilities rated High.
More info.

Electrolink transmitters are vulnerable to Several security vulnerabilities, including Authentication Bypass, Missing Authentication, and Cleartext Storage of Sensitive Information. Highest CVSSv4 score of 8.7
More info.

Brocade SANnav has been updated for a several vulnerabilities. Highest CVSSv3 score of 8.6
More info. And here. And here. And here.

Chrome for Desktop has been updated to fix 23 security vulnerabilities.
More info.

Avalanche has been updated to address vulnerabilities reported last month. Highest CVSSv3 score of 9.8
More info.

SUSE has updated the kernel. More info.
Ubutu has updated the kernel. More info.

Oracle Quarterly Critical Patch Update is out, with 441 security patches, with 285 of these exploitable without authentication.
More info.

Hitachi has published updates in JP1 and Cosminexus.
More info.

Biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures.
More info.

Red Hat has updated the kernel. More info.

A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the firewall. CVSSv4 score of 10
Some patches are now available.
Exploits reported.
More info.

Microsoft has updated Edge with the latest chromium updates
More info.

Security vulnerabilities have been identified in HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 that could be exploited to overwrite SMM memory leading to execution of arbitrary code with privilege elevation. CVSSv3 score of 9.8
More info.

HP ThinPro contains security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

NetApp has published 13 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 8.4
Six have patches.
More info.

SUSE has updated the kernel. More info.
Debian as updated the kernel. More info.

A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the firewall. CVSSv4 score of 10
Patches expected by 14 April, this is being exploited.
More info.

An input validation vulnerability exists in 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault when malicious input is entered resulting in a DoS that requires a manual restart. CVSSv4 score of 8.7
More info.

ControlLogix and GuardLogix are vulnerable to a major nonrecoverable fault due to an invalid header value resulting in a DoS that requires a manual restart. CVSSv4 score of 9.2
More info.

Storage Resource Manager and Storage Monitoring and Reporting remediation is available for multiple security vulnerabilities. Dell rates this Critical.
More info.

IBM Sterling B2B Integrator uses Apache Commons BCEL and contains a vulnerability. CVSSv3 score of 9.8
More info.

Due to use of Postgresql JDBC, IBM Instana Observability is vulnerable to SQL injection. CVSSv3 score of 10
More info.

IBM Disconnected Log Collector includes components with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM QRadar SIEM includes vulnerable components that could be identified and exploited with automated tools. Highest CVSSv3 score of 9.8.
More info.

SUSE has updated the kernel. More info.

Google has updated Chrome for Desktop to fix 3 security vulnerabilities.
More info.

Microsoft is aware.  More info.

Monthly Patches are out for Palo Alto Networks with 8 bulletins, 4 rated High, 3 Medium, and 1 Informational.  Highest CVSSv3 score of 8.3
More info.

A packet processing mechanism in PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. CVSSv3 score of 8.2
More info.

A vulnerability in PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving NTLM packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
More info.

A memory leak exists in PAN-OS software that enables a remote attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. CVSSv3 score of 8.2
More info.

A vulnerability was discovered in the way multiple programming languages fail to properly escape the arguments in a Microsoft Windows command execution environment. Successful exploitation of this vulnerability permits an attacker to execute arbitrary commands.
This affects Haskell, Node.js, Rust (reported yesterday), PHP, yt-dlp, and perhaps others.
More info.

Node.js has updated. More info.

Juniper Networks April Patches include 36 bulletins, 3 rated Critical, 10 rated High, and 23 rated Medium. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities have been resolved in Juniper Networks Junos cRPD and Juniper Cloud Native Router by updating third party software.  Some CVEs date back to 2011. Highest CVSSv3 score of 9.8
More info. And here.

Multiple vulnerabilities have been resolved in Juniper Networks Junos OS and Junos OS Evolved by updating cURL libraries. Highest CVSSv3 score of 9.8
More info.

Spring Framework has been patched to fix a URL Parsing vulnerability.  CVSSv3 score of 8.1
More info.

QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 10.
More info.

IBM Sterling B2B Integrator uses Apache CXF. Highest CVSSv3 score of 9.8
More info.

IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable. CVSSv3 score of 9.8
More info.

A vulnerable version of the Postgresql JDBC driver is shipped with IBM Tivoli Netcool Impact. CVSSv3 score of 10.
More info.

Vulnerabilities have been identified with the DS8900F Hardware Management Console (HMC). Highest CVSSv3 score of 9.8
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.

Microsoft Monthly Patches are out, with 149 vulnerabilities plus chromium vulnerabilities.  Three are rated Critical, and 1 is being exploited.  Highest CVSSv3 score of 9.0
More info. And here.

Adobe has published updates for After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Animate. Highest CVSSv3 score of 9.
More info. And here.

Fortinet Monthly Patches includes 13 bulletins.  Highest CVSSv3 score of 9.4
More info.

A vulnerability in FortiClientLinux may allow a remote attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website. CVSSv3 score of 9.4
More info.

A vulnerability in FortiOS may allow a remote attacker to fingerprint the device version via HTTP requests. CVSSv3 score of 5
More info.

A vulnerability in FortiNAC-F may allow a remote attacker to perform a MitM attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. CVSSv3 score of 4.4
More info.
 

The Rust standard library did not properly escape arguments when invoking batch files on Windows using the Command API. A remote attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands. CVSSv3 score of 10
More info.

Pepperl+Fuchs: ICE2- * and ICE3- * products are affected by multiple vulnerabilities in third-party software. Highest CVSSv3 score of 7.5
No patches yet.
More info.

Security vulnerabilities have been identified in HPE Unified Correlation Analyzer that could be exploited by a remote attacker to allow RCE, DoS, unauthorized access, memory corruption, XML external entity (XXE), and insecure deserialization. Highest CVSSv3 score of 9.8
More info.

Oracle Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.

SAP Security Patch Day saw the release of 10 new Security Notes and 2 updated Security Notes. Highest CVSSv3 score of 8.8
More info.

Siemens Monthly Patches are out, with 8 new bulletins and 11 updated bulletins.  Highest CVSSv3 score of 9.8
More info.

The SCALANCE W1750D devices contain multiple vulnerabilities that could allow a remote attacker to achieve to information disclosure or RCE. Highest CVSSv3 score of 9.8
More info.

SINEC NMS is affected by multiple vulnerabilities. Highest CVSSv3 score of 7.6
More info.

Siemens has released a new version for Telecontrol Server Basic that fixes multiple vulnerabilities. Highest CVSSv3 score of 8.8
More info.

Multiple vulnerabilities in Palo Alto Networks Virtual NGFW exist on RUGGEDCOM APE1808 devices. Highest CVSSv3 score of 8.8
More info. And here.

Schneider Electric includes 1 new bulletin and 3 updated bulletins in their Monthly Patches. The new bulletin has a CVSSv3 score of 7.8
More info.

Monthly Patches for Unisoc chipset for Android are out with 4 addressed vulnerabilities.  Highest CVSSv3 score of 6.2
More info.

Welotec has reported two vulnerabilities in the TK500v1 router series that could allow a remote attacker to manipulate the device. Highest CVSSv3 score of 9.8
More info.

In FRRouting a remote attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. CVSSv3 score of 7.5
More info.

WeOS uses the WebDAV PROPFIND and could allow a remote attacker to obtain sensitive information. CVSSv3 score of 5.3
More info.

Dell NetWorker, Storage Resource Manager, and Storage Monitoring and Reporting remediation is available for multiple security vulnerabilities in third-party software. Dell rates these Critical.
More info. And here.

A remote attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a DoS.
No patches available.
More info.

An RCE vulnerability in Brocade Fabric OS could allow a remote attacker to execute arbitrary code and use this to gain root access to the switch. CVSSv3 score of 8.6
More info.

Apache has updated HTTP Server to fix several security vulnerabilities, including the recently discovered CONTINUATION vulnerability.
More info. And here.

Apache has updated CloudStack to fix several security vulnerabilities.
More info.

Dell ECS and PowerStore X remediation is available for multiple security vulnerabilities. Dell rates these Critical.
More info. And here.

BD has updated Assurity Linc and MAX to fix security vulnerabilities in third-party software.
More info.

Microsoft has updated Edge with the latest chromium fixes and 2 Edge-specific vulnerabilities.
More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 7.2
No patches yet.
More info.

Cisco has published 12 new bulletins, 1 rated High and the rest Medium.  Highest CVSSv3 score of 7.5
More info.

A vulnerability in the OOB PnP feature of Cisco Nexus Dashboard Fabric Controller could allow a remote attacker to read arbitrary files. CVSSv3 score of 7.5
More info.

Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream. A remote attacker that can send packets to a target server can send a stream of CONTINUATION frames causing an OOM crash. CVSSv3 score of 7.5
More info.

Node.js has updated.  More info.

Vulnerabilities have been discovered in Ivanti Connect Secure. Highest CVSSv3 score of 8.2
More info.

A DoS vulnerability in Control API ‘VPNI’ impacts S+ Operations, S+ Engineering and S+ Analyst. CVSSv3 score of 7.5
More info.

Security vulnerabilities have been identified in HPE Unified OSS Console Assurance Monitoring (UOCAM). These vulnerabilities could allow a remote attacker to achieve  Authentication Bypass, DoS, SSRF. Highest CVSSv3 score of 9.8
More info.

A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. CVSSv3 score of 8.8
More info.

Oracle Linux has updated the kernel. More info.

Multiple vulnerabilities have been fixed in VMware SD-WAN. Highest CVSSv3 score of 7.4
More info.

Three security issues have been discovered in select Supermicro motherboards.  Highest CVSSv3 score of 8.3
More info.

Google has published the Monthly Patches for Pixel, that include 24 vulnerabilities plus Android and Qualcomm. One is rated Critical, 19 rated High, and 4 rated Moderate.
More info.

Google has updated Chrome for Desktop to fix 3 security vulnerabilities.
More info.

Hitachi has published several security bulletins for Cosminexus.
More info.

TRENDnet has updated TEW-827DRU Firmware to fix a vulnerability that allows a remote attacker to gain root access to the device. 
More info.

NetApp has published 3 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10.
No patches yet.
More info.

Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.

Android Monthly Patches are out, with 8 vulnerabilities, all rated High, plus MediaTek, Widevine, and Qualcomm patches.
More info.

Samsung Monthly Patches for Mobile are out, with Android patches and 17 additional Samsung vulnerabilities.
More info.

IBM Cloud Pak for Network Automation update addresses multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM App Connect Enterprise Certified Container instances that run or edit flows containing JSONata mapping are vulnerable to arbitrary code execution. CVSSv3 score of 9.8
More info.

IBM App Connect Enterprise is vulnerable to a DoS and RCE. Highest CVSSv3 score of 9.8
More info.

A vulnerability in Pillow affects IBM Process Mining. CVSSv3 score of 9.
More info.

IBM Jazz for Service Management and IBM Tivoli Netcool Impact are vulnerable to Apache Derby security bypass. CVSSv3 score of 9.1
More info. And here.

Netcool Operations Insights has addressed multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable. CVSSv3 score of 10.
More info.

Amazon Linux 2 has updated the kernel. More info.

A backdoor has been installed in XZ Utils.  It was discovered before it made its way into most Linux distributions and its impact should be limited. CVSSv3 score of 10.
More info. And here. And here.

Arch Linux has published a bulletin. More info.
Debian's bulletin identifies testing, unstable, and experimental distributions as affected..  More info.
Getoo says they don't think they're affected. More info.
NetBSD is unaffected. More info.
QNAP says their products are not affected. More info.

Qualcomm Monthly Patches are out, with 12 addressed vulnerabilities, 1 rated Critical and the rest High. Highest CVSSv3 score of 9.8
More info.

The MediaTek Monthly Patches include 19 vulnerabilities, 4 rated High and the rest Medium.  These vulnerabilities can lead to RCE, DoS, EoP, and Information Disclosure.
More info.

Eaton has identified their PowerAlert Element Manager product as being updated to fix the 2021 Apache log4j vulnerabilties. CVSSv3 score of 10.
More info.

Microsoft as updated Edge to include the latest chromium fixes.
More info.

Data Protection Advisor has been updated to fix multiple vulnerabilities. Dell rates this Critical.
Note the vulnerabilities date back to 2016, and include log4j.
More info.

A security vulnerability has been identified in Web ViewPoint Enterprise software. A remote attacker can access resources on a NonStop system. CVSSv3 score of 8.3
More info.