On 22nd May 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE NonStop SSL (T0910) - multiple versions
• HPE MR-WIN6530 (T0819) - multiple versions
• HPE NonStop SSH Server (T0801) - multiple versions

On 21st May 2025, GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 18.0.1, 17.11.3 and 17.10.7
• GitLab Enterprise Edition (EE) - versions prior to 18.0.1, 17.11.3 and 17.10.7

On 21st May 2025, Cisco published a security advisory to address a vulnerability in the Cisco Identity Services Engine (ISE) - version 3.4.

Review the Cisco Security Advisory and apply the necessary updates.

Between 12th to 18th May 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Between 12th to 18th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 12th to 18th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• Astronomer with IBM - version 0.36.1
• IBM ApplinX - version 11.1
• IBM Business Automation Workflow Enterprise Service Bus - multiple versions
• IBM Business Automation Workflow traditional - multiple versions
• IBM Event Streams - version 11.3.0 to 11.6.1
• IBM Storage Copy Data Management - version 2.2.0.0 to 2.2.25.0
• IBM watsonx Assistant for IBM Cloud Pak for Data - version 4.0.0 to 4.8.7

Between 12th to 18th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.04.01.00
• RecoverPoint for Virtual Machines - versions 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2 and 6.0. SP2
• Dell EMC Networking VEP1425/1445/1485 - versions prior to 2.6
• Dell SD-WAN EDGE620/640/680 - versions prior to 3.50.0.9-21
• Dell SD-WAN EDGE610/610-LTE - versions prior to 3.43.0.9-24
• PowerFlex Appliance IC - versions prior to IC-38.367.01
• PowerSwitch Z9664F-ON - versions prior to 3.54.5.1-9
• PowerSwitch Z9432F-ON - versions prior to 3.51.5.1-21
• PowerSwitch Z9264F-ON - versions prior to 3.42.5.1-21
• PowerSwitch S5448F-ON - versions prior to 3.52.5.1-12
• PowerSwitch E3200-ON Series - versions prior to 3.57.5.1-5
• PowerSwitch N2200-ON Series - versions prior to 3.45.5.1-31
• PowerSwitch N3200-ON Series - versions prior to 3.45.5.1-31

• Dell Security Advisories - DSA-2025-209
• Dell Security Advisories - DSA-2025-202
• Dell Security Advisories - DSA-2025-197
• Dell Security Advisories - DSA-2025-196
• Dell Security advisories and notices

On 20th May 2025, Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Fisheye/Crucible - version 4.9.0
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

On 17th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR - versions prior to 115.23.1
• Firefox ESR - versions prior to 128.10.1
• Firefox - versions prior to 138.0.4

• Mozilla Security Advisory (MFSA 2025-38)
• Mozilla Security Advisory (MFSA 2025-37)
• Mozilla Security Advisory (MFSA 2025-36)
• Mozilla Security Advisories

On 20th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• vCenter Server - versions 7.0 and 8.0
• VMware ESXi - versions 7.0 and 8.0
• VMware Cloud Foundation (vCenter) - versions 4.5.x and 5.x
• VMware Cloud Foundation (ESXi) - versions 4.5.x and 5.x
• VMware Fusion - versions 13.x
• VMware Telco Cloud Platform (ESXi) - versions 2.x, 3.x, 4.x and 5.x
• VMware Telco Cloud Infrastructure (ESXi) - versions 2.x and 3.x
• VMware Telco Cloud Platform (vCenter) - versions 2.x, 3.x, 4.x and 5.
• VMware Telco Cloud Infrastructure (vCenter) - versions 2.x and 3.x
• VMware Workstation - versions 13.x and 17.x

• VMSA-2025-0009 : VMware Cloud Foundation updates address multiple vulnerabilities (CVE-2025-41229, CVE-2025-41230, CVE-2025-41231)
• VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)
• Security Advisories - VMware Cloud Foundation

On 15th May 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.76.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 13th May 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Endpoint Manager Mobile (EPMM) - version 11.12.0.4 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.3.0.1 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.4.0.1 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.5.0.0 and prior

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)
• Ivanti Security Advisories

On 13th May 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe Animate 2023 - version 23.0.11 and prior
• Adobe Animate 2024 - version 24.0.8 and prior
• Adobe Bridge - version 14.1.6 and prior
• Adobe Bridge - version 15.0.3 and prior
• Adobe ColdFusion 2021 - version Update 19 and prior
• Adobe ColdFusion 2023 - version Update 13 and prior
• Adobe ColdFusion 2025 - version Update 1 and prior
• Adobe Connect - version 12.8 and prior
• Adobe Dimension - version 4.1.1 and prior
• Adobe Dreamweaver - version 21.4 and prior
• Adobe Illustrator 2024 - version 28.7.5 and prior
• Adobe Illustrator 2025 - version 29.3 and prior
• Adobe InDesign - version ID19.5.2 and prior
• Adobe InDesign - version ID20.2 and prior
• Adobe Lightroom - version 8.2 and prior
• Adobe Substance 3D Modeler - version 1.21.0 and prior
• Adobe Substance 3D Stager - version 3.1.1 and prior
• Photoshop 2024 - version 25.12.2 and prior
• Photoshop 2025 - version 26.5 and prior
• Adobe Substance 3D Painter - version 11.0 and prior

On 14th May 2025, Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 135.16.8.96.

Review the Palo Alto Networks Security Advisory and apply the necessary updates.

On 14th May 2025, Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.113 for Linux and prior to versions prior to 136.0.7103.113/114 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

From 9th to 13th May 2025, Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• Juniper Secure Analytics - versions 7.5.0 to versions prior to 7.5.0 UP11 IF02
• Junos OS - versions 19.4R1 and later
• Junos OS Evolved - versions 22.3R1 and later

• 2024-05 Reference Advisory: Junos OS and Junos OS Evolved: Multiple CVEs reported in OpenSSH
• On Demand: JSA Series: Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP11 IF03
• Juniper Networks Security Advisories

On 14th May 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• Cadence vManager Plugin - version 4.0.1-286.v9e25a_740b_a_48 and prior
• DingTalk Plugin - version 2.7.3 and prior
• Health Advisor by CloudBees Plugin - version 374.v194b_d4f0c8c8 and prior
• OpenID Connect Provider Plugin - version 96.vee8ed882ec4d and prior
• WSO2 Oauth Plugin - version 1.0 and prior

• Jenkins Security Advisory 2025-05-15
• Jenkins Security Advisories

Between the 5th to 11th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Operator - multiple versions
• IBM App Connect Enterprise Certified Containers Operands - multiple versions
• IBM Application Modernization Accelerator - versions 4.0.0 to 4.1.0
• IBM Business Automation Insights - versions 24.0.0 and 24.0.1
• IBM CICS TX Advanced - versions 10.1 and 11.1
• IBM Cloud Pak for Business Automation - multiple versions
• IBM Cloud Pak for Data System 1.0 - versions 1.0.0.0 to 1.0.8.4
• IBM Cloud Transformation Advisor - versions 2.0.1 to 4.1.0
• IBM Cognos Dashboards on Cloud Pak for Data - versions 4.8.0 to 4.8.8 and versions 5.0.0 to 5.1.2
• IBM Content Collector for Email - version 4.0.1
• IBM Content Collector for File Systems - version 4.0.1
• IBM Content Collector for Microsoft - version 4.0.1
• IBM Maximo AI Service - version 9.0.5
• IBM Maximo Application Suite - versions 8.8, 8.9 and 9.0
• IBM Maximo Application Suite - Location Service for Esri Component - version 9.0
• IBM Operational Decision Manager - multiple versions
• IBM Planning Analytics Local - IBM Planning Analytics Workspace - versions 2.0 and 2.1
• IBM Storage Scale - versions 1.7.0 to 5.1.9.8 and 5.2.2.0 to 5.2.2.1
• IBM Storage Virtualize vSphere Remote Plug-in - multiple versions
• IBM TXSeries for Multiplatforms - multiple versions
• IBM Watson Knowledge Catalog on-prem - versions 4.5.2, 4.6.6 to 4.8.6 and versions 5.0 to 5.0.3
• IBM Watson Machine Learning Accelerator on Cloud Pak for Data - versions 4.8.2 to 4.8.6 and versions 5.0 to 5.0.2
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 4.8.4 to 4.8.5
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 5.0.0 to 5.1.2
• IBM watsonx.data - version 2.1.2
• Red Hat OpenShift on IBM Cloud - multiple versions

On 12th May 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Aria Automation - version 8.18.x
• VMware Cloud Foundation - version 4.x and 5.x
• VMware Telco Cloud Platform - version 5.x

• MSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
• Security Advisories - VMware Cloud Foundation

On 12th May 2025, Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.5
• iPadOS - versions prior to 17.7.7
• macOS Sequoia - versions prior to 15.5
• macOS Sonoma - versions prior to 14.7.6
• macOS Ventura - versions prior to 13.7.6
• Safari - versions prior to 18.5

On 13th May 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiCamera 1.1 - all versions
• FortiCamera 2.0 - all versions
• FortiCamera 2.1 - version 2.1.0 to 2.1.3
• FortiMail - version 7.0.0 to 7.0.8
• FortiMail - version 7.2.0 to 7.2.7
• FortiMail - version 7.4.0 to 7.4.4
• FortiMail - version 7.6.0 to 7.6.2
• FortiNDR - version 1.1 to 1.4
• FortiNDR - version 1.5.0 to 1.5.3
• FortiNDR - version 7.0.0 to 7.0.6
• FortiNDR - version 7.1.0 to 7.1.1
• FortiNDR - version 7.2.0 to 7.2.4
• FortiNDR - version 7.4.0 to 7.4.7
• FortiNDR - version 7.6.0
• FortiOS - version 7.4.4 to 7.4.6
• FortiOS - version 7.6.0
• FortiProxy - version 7.6.0 to 7.6.1
• FortiRecorder - version 6.4.0 to 6.4.5
• FortiRecorder - version 7.0.0 to 7.0.5
• FortiRecorder - version 7.2.0 to 7.2.3
• FortiSwitchManager - version 7.2.5
• FortiVoice - versions 6.4.0 to 6.4.10
• FortiVoice - versions 7.0.0 to 7.0.6
• FortiVoice - versions prior to 7.2.0

• Fortinet PSIRT - FG-IR-25-254 (CVE-2025-32756)
• Fortinet PSIRT - FG-IR-25-472 (CVE-2025-22252)
• Fortinet PSIRT Advisories

On 13th May 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Business Objects Business Intelligence Platform (PMW) - versions ENTERPRISE 430, 2025 and 2027
• SAP Landscape Transformation (PCL Basis) - versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107 and 108
• SAP NetWeaver (Visual Composer development server) - version VCFRAMEWORK 7.50
• SAP Supplier Relationship Management (Live Auction Cockpit) - version SRM_SERVER 7.14
• SAP S/4HANA S4CORE Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) - versions S4CORE 102, 103, 104, 105, 106, 107, 108, SCM_BASIS 700, 701, 702, 712, 713 and 714

On 13th May 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Cloud Services Application - version 5.0.4 and prior
• Ivanti Neurons for ITSM (on-prem only) - versions 2023.4, 2024.2 and 2024.3

• Security Advisory Ivanti Cloud Services Application (CVE-2025-22460)
• Security Advisory Ivanti Neurons for ITSM (on-premises only) (CVE-2025-22462)
• Ivanti Security Advisories

On 12th and 13th May 2025, Intel published security advisories to address vulnerabilities in multiple products.

Review the provided Intel Security Advisories and perform the suggested mitigations.

On 13th May 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms

Between May 5 and 11, 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Between 5th and 11th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 5th to 11th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Connectrix SANnav - versions prior to 2.3.1a
• Dell Edge Gateway - multiple models and versions prior to 2.00.10
• Dell EMC Networking VEP1425/VEP1445/VEP1485 - versions prior to 2.6
• Dell Networking VEP4600 - multiple models and versions prior to 4.3
• Dell PowerFlex rack - versions prior to 3.7.7.0
• Dell PowerFlex rack - versions prior to 3.8.2.0
• Dell PowerSwitch - multiple models and versions
• Dell SD-WAN Edge 600 - versions prior to 2.6
• Dell Storage Manager DSM - versions prior to 2020 R1.21

Commvault published a security advisory to address a critical vulnerability in Commvault - versions 11.38.0 to 11.38.19

Review the Security Advisory and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.64.

Release notes for Microsoft Edge Security Updates and apply the necessary updates.

F5 published Quarterly Security Notifications for multiple products. Included were updates for the following:

• BIG-IP (all modules) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP (APM) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP (PEM) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP Next (all modules) - versions 20.2.0 to 20.2.1
• BIG-IP Next SPK - versions 1.8.0 to 1.9.2 and versions 1.7.0 to 1.9.2
• BIG-IP Next CNF - versions 1.1.0 to 1.4.1
• F5OS-A - versions 1.5.1 to 1.5.3
• F5OS-C - versions 1.6.0 to 1.6.2

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• 1000 Series Integrated Services Routers
• 1100 Series Integrated Services Routers (ISRs)
• 4000 Series Integrated Services Routers
• Integrated access points (APs) in Integrated Service Routers (ISR)1100 (Wi-Fi 6)
• Catalyst 8200 Series Edge Platforms
• Catalyst 8300 Series Edge Platforms
• Catalyst 8500 Series Edge Platforms
• Catalyst 8500L Series Edge Platforms
• Catalyst 9800-CL Wireless Controllers for Cloud
• Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
• Catalyst 9800 Series Wireless Controllers
• Embedded Wireless Controller on Catalyst 9100X Access Points
• Catalyst SD-WAN Manager - versions 20.8 and prior, 20.9, 20.10, 20.11, 20.12, 20.13, 20.14, 20.15, and 20.16
• Wi-Fi 6 pluggable module for Catalyst IR1800 Rugged Series Routers
• Cisco Industrial Ethernet 2000, 4000, 4010, and 5000 Series Switches
• Cisco IOS, IOS XE, NX-OS and IOS XR Software
• Cisco Adaptive Security Appliance (ASA) Software
• Cisco Firepower Threat Defense (FTD) Software

SonicWall published a security advisory to address vulnerabilities in SonicWall SMA 100 Series (SMA 200, 210, 400, 410, 500v) - version 10.2.1.14-75sv and prior.

Review the Security Advisory and apply the necessary updates.

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Enterprise MFA - TFA for Drupal - versions prior to 4.7.0 and versions 5.0.0 to versions prior to 5.2.0
• Restrict route by IP - versions prior to 1.3.0

• Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
• Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
• Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-0554
• Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.92 for Linux and prior to 136.0.7103.92/.93 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Microsoft Azure - versions prior to 01.04.01.00
• Dell VxRail Appliance - versions 8.0.000 to 8.0.322
• PowerFlex Appliance IC - versions prior to IC 46.377.00 and versions prior to IC 46.382.00
• PowerFlex rack RCM - versions prior to 6.7.1

• DSA-2025-194: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
• DSA-2025-193: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities
• DSA-2025-152: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities
• DSA-2025-170: Security Update for Dell APEX Cloud Platform for Microsoft Azure and Dell APEX Cloud Platform Foundation Software Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• CP4NA - version 2.7.7
• GDSC Platform On-prem - version 3.7.1
• IBM Cloud Pak for Business Automation - versions V24.0.1 to V24.0.1-IF001 and versions 24.0.0 to 24.0.0-IF004
• IBM Cloud Pak System - version 2.3.4.0 (Intel)
• IBM Planning Analytics Cartridge - versions 5.0.0 to 5.1.0
• IBM Planning Analytics Cartridge for IBM Cloud Pak for Data - versions 4.8.0 to 4.8.8
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 4.8.4 to 4.8.5 and versions 5.0.0 to 5.1.1
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.1.2

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 20.04 ESM
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.50.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.59 for Linux and prior to 136.0.7103.48/49 for Windows and Apple MAC.

Review the Google security bulletins  and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in the following products:

• VMware Tanzu GemFire Vector Database - versions prior to 1.2.0
• VMware Tanzu Greenplum - versions prior to 7.4.1

• Product Release Advisory - VMware Tanzu Gemfire 1.2.0
• Product Release Advisory - VMware Tanzu Greenplum 7.4.1
• Security Advisories - Tanzu

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird ESR - versions prior to 128.10
• Thunderbird - versions prior to 138
• Firefox ESR - versions prior to 115.23
• Firefox ESR - versions prior to 128.10
• Firefox - versions prior to 138

• Mozilla Security Advisory (MFSA 2025-32)
• Mozilla Security Advisory (MFSA 2025-31)
• Mozilla Security Advisory (MFSA 2025-30)
• Mozilla Security Advisory (MFSA 2025-29)
• Mozilla Security Advisory (MFSA 2025-28)

Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat - versions 11.0.0-M1 to 11.0.5
• Apache Tomcat - versions 10.1.0-M1 to 10.1.39
• Apache Tomcat - versions 9.0.0.M1 to 9.0.102

• Apache Tomcat - 9.0.104
• Apache Tomcat - 10.1.40
• Apache Tomcat - 11.0.6

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.02.04.00
• Dell Connectrix B-Series - versions 9.1.0 to 9.1.1d6
• Dell PowerProtect Data Manager - versions 19.15.0 to 19.18.0-23

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Power HMC V10.2.1030.0 - version V10.2.1030.0
• IBM Power HMC V10.3.1050.0 - version V10.3.1050.0
• IBM QRadar SIEM - version 7.5 to 7.5.0 UP11 IF03
• IBM webMethods B2B (on-prem) - versions 10.11, 10.15 and 11.1
• IBM webMethods Integration (on prem) - versions 10.11, 10.15 and 11.1

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.98.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.11.1, 17.10.5 and 17.9.7
• GitLab Enterprise Edition (EE) - versions prior to 17.11.1, 17.10.5 and 17.9.7

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• ConfD
• ConfD Basic
• Intelligent Node Manager
• Network Services Orchestrator (NSO)
• Smart PHY
• Ultra Cloud Core - Subscriber Microservices Infrastructure

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Brocade Fabric OS - versions prior to v9.1.1d7 and v9.2.0
• HPE Compute Scale-up Server 3200 - versions prior to v1.55.98
• HPE Performance Cluster Manager HPCM 1.12 and prior
• HPE Superdome Flex 280 Server - versions prior to v2.00.12
• HPE Telco Unified OSS Console - versions prior to v3.1.15

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.114 for Linux and prior to 135.0.7049.114/115 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Enterprise - versions 12.0.1.0 to 12.0.12.12 and 13.0.1.0 to 13.0.2.2
• IBM CICS TX Standard - version 11.1
• IBM Cloud Pak for Security - version 1.10.0.0 to 1.10.11.0
• IBM Maximo Application Suite - multiple versions
• PowerVC - versions 2.1.1.2, 2.2.0, 2.2.1, 2.2.1.1 and 2.3.0
• QRadar Suite Software - version 1.10.12.0 to 1.11.1.0

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Data Lakehouse - versions prior to 1.4.0.0
• Dell Storage Resource Manager - versions prior to 5.1.0.0
• Dell Storage Monitoring and Reporting - versions prior to 5.1.0.0
• PowerStore 1000X - versions prior to 3.2.1.6-2476179
• PowerStore 3000X - versions prior to 3.2.1.6-2476179
• PowerStore 5000X - versions prior to 3.2.1.6-2476179
• PowerStore 7000X - versions prior to 3.2.1.6-2476179
• PowerStore 9000X - versions prior to 3.2.1.6-2476179

• DSA-2025-165: Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR) Security Update for Multiple Third-Party Component Vulnerabilities
• DSA-2025-182: Dell PowerStore X Security Update for Multiple Vulnerabilities
• DSA-2025-184: Security Update for Dell Data Lakehouse Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 0.3179.85.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.4.1
• macOS Sequoia - versions prior to 15.4.1

Cisco published a security advisory to address a vulnerability in the Cisco Webex App - versions 44.6 and 44.7.

Review the Cisco Security Advisory and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in Firefox - versions prior to 137.0.2.

Review the Mozilla security bulletins and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.95 for Linux and prior to 135.0.7049.95/96 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:

• Oracle Analytics
• Oracle Application Express
• Oracle Autonomous Health Framework
• Oracle Commerce
• Oracle Communications Applications
• Oracle Communications
• Oracle Construction and Engineering
• Oracle E-Business Suite
• Oracle Enterprise Manager
• Oracle Financial Services Applications
• Oracle Food and Beverage Applications
• Oracle Fusion Middleware
• Oracle GoldenGate
• Oracle Hospitality Applications
• Oracle Hyperion
• Oracle Insurance Applications
• Oracle Java SE
• Oracle JD Edwards
• Oracle MySQL
• Oracle PeopleSoft
• Oracle Policy Automation
• Oracle Retail Applications
• Oracle Siebel CRM
• Oracle Solaris
• Oracle SQL Developer
• Oracle Supply Chain
• Oracle Support Tools
• Oracle TimesTen In-Memory Database
• Oracle Utilities
• Oracle Virtualization

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen5a - version ADS Gen5A
• Dell Integrated System for Microsoft Azure Stack HCI - multiple versions and models
• Dell Integrated System for Microsoft Azure Stack Hub 16G - versions prior to 2502
• Dell iDRAC9 - versions prior to 7.00.00.181 and 7.20.30.50
• Dell NetWorker Management Console - versions prior to 19.11.04 and 19.12.0.1
• Dell PowerProtect Cyber Recovery Software - versions prior to 19.18.0.2
• Dell PowerProtect Data Manager DM5500 Appliance Software - versions prior to 5.19

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Business Automation Manager Open Editions - versions 8.0.0 to 8.0.6
• IBM Guardium Data Protection - version 11.4, 12.0 and 12.1
• IBM Integration Bus for z/OS - versions 10.1.0.0 to 10.1.0.5
• IBM PCOMM - versions v14.x and v15.x
• IBM Process Mining - versions 2.0.0 IF001 and 2.0.0
• IBM Storage Protect Plus - versions 10.1.0. to 10.1.16
• IBM Storage Protect Server - version 8.1
• IBM Storage Scale - versions 5.1.7.0 to 5.1.9.8 and 5.2.0.0 to 5.2.2.0
• IBM Security Verify Governance - version ISVG 10.02
• IBM Security Verify Governance, Identity Manager Software Stack - version ISVG 10.02
• IBM Security Verify Governance, Identity Manager Virtual Appliance - version ISVG 10.02

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

• RHSA-2025:3832 - Security Advisory
• Red Hat Security Advisories

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.73.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• CTP View - versions prior to 9.2R1
• Junos OS - multiple versions
• Junos OS Evolved - multiple versions
• Junos OS on EX and QFX5k Series - multiple versions
• Junos OS on MX Series - multiple versions
• Juno OS on SRX Series - multiple versions
• Junos Space - versions prior to 24.1R3
• Junos Space Security Director - versions prior to 24.1R3

Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 132.83.3017.1.

Review the Palo Alto Networks Security Advisory and apply the necessary updates.

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• ECA : Event - Condition - Action – versions 1.2.x, versions prior to 1.1.12, version 2.0.0 to versions prior to 2.0.16 and version 2.1.0 to versions prior to 2.1.7
• Panels - versions prior to 4.9.0

• ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031
• Panels - Critical - Access bypass - SA-CONTRIB-2025-033
• Drupal Security Advisories

HPE published a security advisory to address vulnerabilities in HPE Cray XD670 - versions prior to BMC v1.19.

Review the HPE security bulletins and apply the necessary updates.

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Capital Yield Tax Management - versions CYTERP 420_700, CYT 800, IBS 7.0 and CYT4HANA 100
• SAP Commerce Cloud -versions HY_COM 2205 and COM_CLOUD 2211
• SAP Financial Consolidation -version 1010
• SAP Landscape Transformation DMIS- versions 2011_1_700, 2011_1_710, 2011_1_730 and 2011_1_731
• SAP NetWeaver and ABAP Platform (Service Data Collection)- versions ST-PI 2008_1_700, 2008_1_710 and 740
• SAP NetWeaver Application Server ABAP - versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 and 7.93
• SAP S/4HANA S4CORE - versions 102, 103, 104, 105, 106, 107 and 108

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiSwitch 7.6 version 7.6.0
• FortiSwitch 7.4 versions 7.4.0 to 7.4.4
• FortiSwitch 7.2 versions 7.2.0 to 7.2.8
• FortiSwitch 7.0 versions 7.0.0 to 7.0.10
• FortiSwitch 6.4 versions 6.4.0 to 6.4.14

Review the Fortinet Advisory and apply the necessary updates.

Ivanti published a security advisory to address a vulnerability in Ivanti Endpoint Manager version 2024 and version 2022 SU6 and prior.

Review the Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6 and apply the necessary updates.

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe After Effects version 24.6.4 and prior and version 25.1 and prior
• Adobe Animate 2024 version 24.0.7 and prior
• Adobe Animate 2023 version 23.0.10 and prior
• Adobe Bridge version 14.1.5 and prior and version 15.0.2 and prior
• Adobe Commerce multiple versions
• Adobe Commerce B2B multiple versions
• Adobe Experience Manager Forms on JEE version 6.5.22.0 (AEMForms-6.5.0-0093) and prior
• Adobe Experience Manager Screens version AEM 6.5 Screens FP11.3 and prior
• Adobe FrameMaker version 2022 Release Update 5 and prior
• Adobe FrameMaker version 2020 Release Update 7 and prior
• Adobe Media Encoder version 24.6.4 and prior and version 25.1 and prior
• Adobe Premiere Pro version 25.1 and prior and version 24.6.4 and prior
• Adobe XMP-Toolkit-SDK version 2023.12 and prior
• ColdFusion 2025 version build 331385
• ColdFusion 2023 version Update 12 and prior
• ColdFusion 2021 version Update 18 and prior
• Magento Open Source multiple versions
• Photoshop 2025 version 26.4.1 and prior
• Photoshop 2024 version 25.12.1 and prior

Review the Adobe Security Advisories and apply the necessary updates

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.84 for Linux and prior to 0.7049.84/85 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms 

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

VMware released a security advisory to address vulnerabilities in the following products:

• VMware Tanzu Greenplum versions prior to 6.29.0
• VMware Tanzu Greenplum Backup and Restore versions prior to 1.31.0
• VMware Tanzu Greenplum Platform Extension Frameworkversions prior to 6.11.1

Review the following advisories and apply the necessary updates:

• Product Release Advisory - VMware Tanzu Greenplum Backup and Restore 1.31.0
• Product Release Advisory - VMware Tanzu Greenplum 6.29.0
• Security Advisories - VMware Cloud Foundation

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen5a - version ADS Gen5A
• Dell PowerMax EEM 10.1.0.7 - version 10.1.0.5.10551 and prior
• Dell PowerMax EEM 10.2.0.1 - version 10.2.0.0
• Dell PowerMax EEM 5978 - version 5978.714.714.10632 and prior
• Dell PowerMax OS 10.1.0.7 - version 10.1.0.5.10551 and prior
• Dell PowerMax OS 10.2.0.1 - version 10.2.0.0
• Dell PowerMax OS 5978 - version 5978.714.714.10632 and prior
• PowerFlex Custom Node - multiple versions and platforms
• Solutions Enabler Virtual Appliance - versions prior to 9.2.4.9
• Unisphere 360 - versions prior to 9.2.4.35
• Unisphere for PowerMax - multiple versions
• VxFlex Ready Node - multiple platforms, versions prior to 2.22.2

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• Business Automation Manager Open Editions - versions 9.0.0 to 9.1.1
• IBM API Connect - versions V10.0.0.5.0 to V10.0.5.8 and versions V10.0.8.0 to 10.0.8.2
• IBM App Connect Enterprise - versions 13.0.1.0 to 13.0.2.2 and versions 12.0.1.0 to 12.0.12.11
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.1.1
• InfoSphere Information Server - version 11.7

Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand's National Cyber Security Centre (NCSC-NZ)- released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB).

This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on detection and mitigations to safeguard critical infrastructure and national security.

"Fast flux" is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS) records associated with a single domain name. This threat exploits a gap commonly found in network defences, making the tracking and blocking of malicious fast flux activities difficult.

Review the updated joint advisory to protect and detect Fast Flux.

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Connect Secure - version 22.7R2.5 and prior
• Pulse Connect Secure (EoS) - version 9.1R18.9 and prior
• Ivanti Policy Secure - version 22.7R1.3 and prior
• ZTA Gateways - version 22.8R2 and prior

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.54.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Enterprise Chat and Email (ECE) - versions prior to 12.6 ES 10
• Cisco Meraki MX and Cisco Meraki Z Series - firmware versions 16.2, 17, 18.1, 18.2 and 19.1

• Cisco Security Advisory - cisco-sa-ece-dos-tC6m9GZ8
• Cisco Security Advisory - cisco-sa-meraki-mx-vpn-dos-vNRpDvfb
• Cisco Security Advisories

Jenkins published a security advisory to address vulnerabilities in the following products:

• Jenkins weekly - version 2.503 and prior
• Jenkins LTS - version 2.492.2 and prior
• AsakusaSatellite Plugin - version 0.1.1 and prior
• Cadence vManager Plugin - version 4.0.0-282.v5096a_c2db_275 and prior
• monitor-remote-job Plugin - version 1.0 and prior
• Simple Queue Plugin - version 1.4.6 and prior
• Stack Hammer Plugin - version 1.0.6 and prior
• Templating Engine Plugin - version 2.5.3 and prior

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird ESR - versions prior to 128.9
• Thunderbird - versions prior to 137
• Firefox ESR - versions prior to 128.9
• Firefox ESR - versions prior to 115.22
• Firefox - versions prior to 137

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.52 for Linux and prior to 135.0.7049.41/42 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

VMware released a security advisory to address vulnerabilities in the following products:

• VMware Aria Operations - version 8.x
• VMware Cloud Foundation - versions 5.x and 4.x
• VMware Telco Cloud Platform - versions 5.x, 4.x and 3.x
• VMware Telco Cloud Infrastructure - versions 3.x and 2.x

• VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
• Security Advisories - VMware Cloud Foundation

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.4
• iPadOS - versions prior to 17.7.6
• iOS and iPadOS - versions prior to 16.7.11
• iOS and iPadOS - versions prior to 15.8.4
• macOS Sequoia - versions prior to 15.4
• macOS Sonoma - versions prior to 14.7.5
• macOS Ventura - versions prior to 13.7.5

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Enterprise SONiC Distribution - versions prior to 4.4.2
• Dell ObjectScale - versions prior to ObjectScale 4.0
• Dell Storage Monitoring and Reporting - versions prior to 5.0.2.2
• Dell Storage Monitoring and Reporting - versions prior to 5.0.2.2
• Dell Storage Resource Manager - versions prior to 5.0.2.2
• Dell Unity - versions prior to 5.5.0.0.5.259
• PowerStore 1000T - versions prior to 3.6.1.5-2456810
• PowerStore 1200T - versions prior to 3.6.1.5-2456810
• PowerStore 3000T - versions prior to 3.6.1.5-2456810
• PowerStore 3200T - versions prior to 3.6.1.5-2456810
• PowerStore 5000T - versions prior to 3.6.1.5-2456810
• PowerStore 500T - versions prior to 3.6.1.5-2456810
• PowerStore 5200T - versions prior to 3.6.1.5-2456810
• PowerStore 7000T - versions prior to 3.6.1.5-2456810
• PowerStore 9000T - versions prior to 3.6.1.5-2456810
• PowerStore 9200T - versions prior to 3.6.1.5-2456810

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat CodeReady Linux Builder - multiple versions and platforms

Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox - versions prior to 136.0.4
• Firefox ESR - versions prior to 115.21.1
• Firefox ESR - versions prior to 128.8.1

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.10.1, 17.9.3 and 17.8.6
• GitLab Enterprise Edition (EE) - versions prior to 17.10.1, 17.9.3 and 17.8.6

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 134.0.3124.93.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Splunk published a security update to address vulnerabilities in the following products.

• Splunk Enterprise - versions prior to 9.4.0, 9.3.3, 9.2.5 and 9.1.8
• Splunk Cloud Platform - versions prior to 9.3.2408.104, 9.2.2406.108, 9.2.2403.114 and 9.1.2312.208

Next.js published a security advisory to address a critical vulnerability in the following product:

• Next.js - 15.x versions prior to 15.2.3
• Next.js - 14.x versions prior to 14.2.25
• Next.js - 13.x versions prior to 13.5.9
• Next.js - 12.x versions prior to 12.3.5

VMware released a security advisory to address multiple vulnerabilities in VMware Tools - versions 11.x.x and 12.x.x prior to 12.5.1 for Windows.

Review the VMware security advisory VMSA-2025-0005: VMware Tools for Windows update addresses an authentication bypass vulnerability and applies the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions prior to 134.0.6998.177/178 for Windows.

Review the Google security bulletins and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in HPE SANnav Management Software - versions prior to v2.3.1b and v2.4.0.

Review the HPE security bulletins and apply the necessary updates.

Kubernetes published security advisories to address vulnerabilities in the following products:

• Kubernetes ingress-nginx controller - versions prior to 1.11.5
• Kubernetes ingress-nginx controller - versions prior to 1.12.1

• Github Kubernetes
• Google Cloud GCP-2025-013
• Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.01.02.00
• Dell Chassis Management Controller (CMC) for Dell PowerEdge FX2 - versions prior to 2.40.200.202101130302
• Dell Chassis Management Controller (CMC) for PowerEdge VRTX - versions prior to 3.41.200.202209300499
• Dell Data Protection Central - versions 19.9.0 to 19.11.0-2
• Dell ECS - versions prior to 3.8.1.4
• Dell SmartFabric Manager - versions 1.0.0 and 1.1.0

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions
• Red Hat Enterprise Linux Server - multiple versions and platforms

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• AIX - versions 7.2 and 7.3
• DataStage on Cloud Pak for Data - version 4.8.2 to 4.8.4
• FileNet Content Manager - versions 5.5.12.0, 5.5.8.0 and 5.6.0.0
• IBM CP4MCM - version 2.3 to 2.3 FP9
• IBM Maximo Application Suite IoT Component - versions 8.7, 8.8 and 9.0
• IBM Rapid Infrastructure Automation - version 1.1.4
• IBM watsonx Assistant Cartridge - version 4.0 to 5.1.0
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component - version 5.0 to 5.1.0

HPE published a security advisory to address vulnerabilities in HPE Telco Service Activator - versions prior to 10.1.1.

Review the HPE security bulletins and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 134.0.3124.83.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Jenkins published a security advisory to address vulnerabilities in the following products:

• AnchorChain Plugin - version 1.0 and prior
• EDDSA API Plugin - version 3.0-13.v7cb_69ed68f00 and prior
• Zoho QEngine Plugin - version 0.29.vfa_cc23396502 and prior

Veem has released security updates to address a vulnerability in Veeam Backup & Replication - all versions 12 prior to build 12.3.1.1139.

Review the Veeam Security Advisory and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 134.0.6998.117 for Linux and prior to 134.0.6998.117/118 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat 11.0.0-M1 to 11.0.2
• Apache Tomcat 10.1.0-M1 to 10.1.34
• Apache Tomcat 9.0.0-M1 to 9.0.98

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.01.02.00
• Dell Cloud Tiering Appliance CTA and CTA-HA - versions prior to 13.2.0.2.33
• Dell Cloud Tiering Appliance CTA/VE and CTA-HA/VE - versions prior to 13.2.0.2.33
• Dell Connectrix B-Series and SANnav - multiple models and versions
• Dell Integrated System for Microsoft Azure Stack HCI - multiple models and versions
• Dell Networking OS10 - version 10.5.5.x and 10.5.6.x
• Dell VxRail Appliance - multiple models and versions

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

GitHub published a security advisory to address a vulnerability in tj-actions/changed-files GitHub Actions - versions 45.07 and prior.

Review the provided GitHub Security Advisory and perform the suggested mitigations.

VMware released a security advisory to address multiple vulnerabilities in VMWare Tanzu GemFire - versions prior to 10.0.6.

Review the VMware security advisory VMware VMSA-2025-002 and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 134.0.3124.66.

Review the following advisories and apply the necessary updates:

• Microsoft Edge Extended Stable Channel Release Notes - March 11, 2025
• Microsoft Edge Extended Stable Channel Release Notes - March 12, 2025

Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 133.16.4.99.

Review the Security Advisory and apply the necessary updates.

There are reports of ongoing and increased exploitation of CVE-2024-4577 ¹,²,³, a critical remote code execution (RCE) vulnerability in the PHP-CGI implementation of PHP on Windows.

Windows-based PHP installations configured to use PHP-CGI are specifically at risk as the vulnerability exploits Unicode processing in the CGI module.

Organizations should determine if they are at risk by verifying whether they are running vulnerable versions of PHP installed on Windows.

Organizations are advised to update to the following versions of PHP:

• PHP 8.3 - update to 8.3.8 or later
• PHP 8.2 - update to 8.2.20 or later
• PHP 8.1 - update to 8.1.29 or later

1. GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign
2. Unmasking the new persistent attacks on Japan
3. Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577
4. CVE-2024-4577 - Primary and the most effective mitigation is to upgrade PHP to the latest versions
5. NCSC NZ - Vulnerability affecting PHP on Windows

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.9.2, 17.8.5 and 17.7.7
• GitLab Enterprise Edition (EE) - versions prior to 17.9.2, 17.8.5 and 17.7.7

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Cray EX235a Accelerator Blade - versions prior to v2.1.0 (HFP 25.1.2)
• HPE Cray EX235n Server - versions prior to v1.5.1 (HFP 24.10.1)
• HPE Cray EX255a Accelerator Blade - versions prior to v1.4.0 (HFP 25.1.2)
• HPE Cray EX425 Compute Blade - versions prior to v1.7.6 (HFP 24.10.1)
• HPE Cray EX4252 Compute Blade - versions prior to v2.0.1 (HFP 25.1.2)
• HPE ProLiant XL225n Gen10 Plus 1U Node - versions prior to v3.60_01-16-2025
• HPE ProLiant XL645d Gen10 Plus Server - versions prior to v3.40_10-04-2024 (HFP 24.11.0)
• HPE ProLiant XL675d Gen10 Plus Server - versions prior to v3.40_10-04-2024 (HFP 24.11.0)
• HPE Cray XD665 - versions prior to v1.50 On the Portal HPE Cray SC XD665 Firmware Pack 2024.09.00
• HPE Cray XD675 - versions prior to v3.1.5 (HPE Cray SC XD665 Firmware Pack 2024.09.00)

Cisco published a security advisory to address a vulnerability in the Cisco IOS XR - multiple versions and platforms.

Review the Cisco Security Advisory and apply the necessary updates.

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• JunoOS - versions prior to 21.2R3-S9
• JunoOS 21.4 - versions prior to 21.4R3-S10
• JunoOS 22.2 - versions prior to 22.2R3-S6
• JunoOS 22.4 - versions prior to 22.4R3-S6
• JunoOS 23.2 - versions prior to 23.2R2-S3
• JunoOS 23.4 - versions prior to 23.4R2-S4
• JunoOS 24.2 - versions prior to 24.2R1-S2, 24.2R2

• Juniper Networks Security - JSA93446
• Juniper Networks Security Advisories

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Commerce Cloud - versions HY-COM 2205 and COM-CLOUD 2211
• SAP Commerce (Swagger UI) - version COM_CLOUD 2211
• SAP NetWeaver (ABAP Class Builder) - multiple versions

Ivanti published a security advisory to address a vulnerability in Ivanti Secure Access Client (ISAC) - version 22.7R3 and prior.

Review the Ivanti Security Advisory - March security advisory Ivanti Secure Access Client and apply the necessary updates.

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiADC - multiple versions
• FortiIsolator 2.4 - versions 2.4.0 to 2.4.5
• FortiSandbox - multiple versions
• FortiSIEM - multiple versions

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Remote Desktop client for Windows Desktop
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows App Client for Windows Desktop
• Windows Server - multiple versions and platforms

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Acrobat 2024 - version 24.001.30225 and prior
• Acrobat 2020 - version 20.005.30748 and prior
• Acrobat Reader 2020 - version 20.005.30748 and prior
• Acrobat DC - version 25.001.20428 and prior
• Acrobat Reader DC - version 25.001.20428 and prior
• Adobe Illustrator 2024 - version 28.7.4 and prior
• Adobe Illustrator 2025 - version 29.2.1 and prior
• Adobe InDesign - version ID19.5.2 and prior, version ID20.1 and prior
• Adobe Substance 3D Designer - version 14.1 and prior
• Adobe Substance 3D Modeler - version 1.15 and prior
• Adobe Substance 3D Painter - version 10.1.2 and prior
• Adobe Substance 3D Sampler - version 4.5.2 and prior

HPE published a security advisory to address vulnerabilities in HPE HPE Cray XD670 - versions prior to BMC v1.19.

Review the HPE security bulletins and apply the necessary updates.

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.3.2
• macOS Sequoia - versions prior to 15.3.2
• Safari - versions prior to 18.3.1

• Apple security update - iOS 18.3.2 and iPadOS 18.3.2
• Apple security update - macOS Sequoia 15.3.2
• Apple security update - Safari 18.3.1

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 134.0.6998.88 for Linux and prior to 134.0.6998.88/89 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM API Connect - versions V10.0.5.0 to V10.0.5.8 and V10.0.8.0 to 10.0.8.1
• IBM App Connect Enterprise Certified Containers Operands - CD: 12.0.7.0-r4 to 12.0.12.5-r1, 13.0.1.0-r1 to 13.0.2.0-r1
• IBM App Connect Enterprise Certified Containers Operands - 12.0 LTS: 12.0.12-r1 to 12.0.12-r7
• IBM App Connect Operator - CD: 7.2.0-11.6.0, 12.1.0 to 12.7.0
• IBM App Connect Operator - 12.0 LTS: 12.0.0 to 12.0.7
• IBM DataStage on Cloud Pak for Data - version 4.8.4
• IBM Jazz Foundation - version 7.0.2
• IBM Netcool Operations Insight - versions 1.4 to 1.4.12, 1.5 to 1.5.0.1 and 1.6 to 1.6.13
• IBM Observability with Instana (OnPrem) - versions 1.0.287 to 1.0.290
• IBM Qiskit SDK - versions 0.18.0 to 1.4.1
• IBM Total Storage Service Console (TSSC) / TS4500 IMC - versions 9.4.14, 9.4.21, 9.4.26, 9.4.31, 9.5.8, 9.6.10 and 9.6.15
• IBM watsonx Assistant Cartridge - versions 4.0 to 5.1.0
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component - versions 5.0 to 5.1.0

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• GSDC Platform On-prem - version 3.6.2
• IBM Aspera Shares - versions 1.9.9 to 1.10.0 PL7
• IBM Engineering Requirements Management DOORS Next - versions 7.0.2, 7.0.3 and 7.1
• IBM Instana Observability - build 1.0.287
• ICP - Discovery - versions 4.0.0 to 4.8.7 and versions 5.0.0 to 5.1.0
• SPSS Collaboration and Deployment Services - version 8.5
• Watson Studio on Cloud Pak for Data - versions 4.0.0 to 4.8.6 and versions 5.0.0 to 5.0.3
• watsonx.data - version 2.1

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Data Protection Search - versions 19.6.0, 19.6.1, 19.6.2, 19.6.3, 19.6.4 and 19.6.5
• Dell Integrated Data Protection Appliance - version 2.7.8 and prior
• Dell Secure Connect Gateway - Appliance - version 5.26.00.20
• PowerStore 500T, 1000T, 1200 T, 3000T, 3200Q, 3200T, 5000T, 5200T, 7000T, 9000T and 9200T - versions prior to 4.0.1.2-2445526
• PowerStore 1000X, 3000X, 5000X, 7000X and 9000X - versions prior to ESXi70U3s-24585291

This Microsoft Security blog post details a malvertising campaign that distributes information-stealing malware via GitHub. Attackers use deceptive ads to trick users into downloading malicious files. These files, hosted on GitHub, execute data theft operations once installed. Microsoft warns users to remain vigilant and avoid clicking on suspicious advertisements.

Review the Microsoft blog post and apply/do the recommended mitigations to protect and detect malicious activity.

VMware released a security advisory to address vulnerabilities in the following products:

• VMware ESXi - versions 8.0 and 7.0
• VMware Workstation - version 17.x
• VMware Fusion - version 13.x
• VMware Cloud Foundation - versions 5.x and 4.5.x
• VMware Telco Cloud Platform - versions 5.x, 4.x, 3.x, 2.x
• VMware Telco Cloud Infrastructure - versions 3.x, 2.x

• VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)
• Security Advisories - VMware Cloud Foundation

Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR - versions prior to 128.8
• Firefox ESR - versions prior to 115.21
• Firefox - versions prior to 136

• Mozilla Security Advisory (MFSA 2025-16)
• Mozilla Security Advisory (MFSA 2025-15)
• Mozilla Security Advisory (MFSA 2025-14)

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 134.0.6998.35 for Linux and prior to 134.0.6998.35/36 for Windows and 134.0.6998.44/45 for Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Qualcomm published a security bulletin to address vulnerabilities affecting multiple chipsets.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking OS10 - version 10.5.4.x
• Dell Policy Manager for Secure Connect Gateway - version 5.26.00.18
• Dell PowerScale OneFS - versions 9.4.0.0 to 9.5.1.1
• Dell PowerScale OneFS - versions 9.5.0.0 to 9.7.1.4
• Dell PowerScale OneFS - versions 9.8.0.0 to 9.9.0.1
• Integrated System for Microsoft Azure Stack Hub 14G - versions prior to 2407
• Integrated System for Microsoft Azure Stack Hub 14G - versions prior to 2411
• Integrated System for Microsoft Azure Stack Hub 16G - versions prior to 2411
• Dell PowerEdge R750XA - versions prior to 1.0
• Dell PowerEdge R7515 - versions prior to 1.0
• Dell PowerEdge R7525 - versions prior to 1.0
• Dell PowerEdge R760XA - versions prior to 1.0
• Dell PowerEdge R7615 - versions prior to 1.0
• Dell PowerEdge R7625 - versions prior to 1.0
• Dell PowerEdge XE9680 - versions prior to A00

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Cloud Pak for Business Automation - versions 24.0.1, V24.0.0 to V24.0.0 to IF003 and unsupported versions
• IBM Cognos Analytics - versions 11.2.0 to 11.2.4 FP5 and 12.0.0 to 12.0.4
• IBM Jazz Reporting Service - versions 7.0.2 and 7.0.3
• IBM Software Support App (iOS) - version 1.0.0
• IBM Software Support app (Android) - version 1.0.0
• IBM Storage Virtualize - multiple versions
• IBM TXSeries for Multiplatforms - versions 8.1, 8.2, 9.1 and 10.1
• IBM Watson Speech Services Cartridge - version 4.0.0 to 5.1.0
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data - versions 4.8.4 to 4.8.5 and 5.0.0 to 5.1.0
• watsonx.data - versions 2.0.2 to 2.1.0 and 2.1

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.9.1, 17.8.4 and 17.7.6
• GitLab Enterprise Edition (EE) - versions prior to 17.9.1, 17.8.4 and 17.7.6

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.141 for Linux and prior to 133.0.6943.141/142 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in the following products:

• Console Clim Utilities T0697 - versions T0697H01^AAA and T0697H01^AAQ
• CLIM DVD Installation Software T0853 - versions T0853L03-T0853L03^DDA, T0989L03-T0989L03^DDA, T0976L03-T0976L03^DDA and T0853J03-T0853J03^CEE
• HPE Cray EX425 Compute Blade - versions prior to v1.7.6 (HFP 24.11.0)

• HPE Security Bulletin - hpesbns04778
• HPE Security Bulletin - hpesbcr04811
• HPE Security Bulletin Library

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

• Ubuntu Security Notice - LSN-0109-1
• Ubuntu Security Notice - USN-7277-1
• Ubuntu Security Notice - USN-7276-1

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Cognos Controller - versions 11.0.0 to 11.0.1 FP3
• IBM Controller - version 11.1.0
• IBM CP4MCM - versions 2.3 to 2.3 FP9
• IBM Data Virtualization on Cloud Pak for Data - multiple versions
• Maas360 Configuration Utility - versions 2.90.000 to 3.000.950
• Maas360 Mobile Enterprise Gateway - versions 2.90.000 to 3.000.800
• IBM Watson Query on Cloud Pak for Data - multiple versions
• Watson Studio on Cloud Pak for Data - Execution Engine for Apache Hadoop - version 5.0

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking S5448F-ON - versions prior to 3.52.5.1-12
• Dell Networking Z9432F-ON - versions prior to 3.51.5.1-21
• Dell Networking Z9664F-ON - versions prior to 3.54.5.1-9
• Networker Management Console - versions 19.11 to 19.11.0.3 and versions prior to 19.10.0.7
• PowerPath Management Appliance - version 4.0 P02
• PowerStore 500T, 1000T, 1200T, 3000T, 3200Q, 3200T, 5000T, 5200T, 7000T, 9000T and 9200T - versions prior to 4.1.0.0-2435323
• RecoverPoint for Virtual Machines - versions 6.0 SP1, 6.0 SP1 P1 and 6.0 SP1 P2

Signal updates containing hardened features to help protect against phishing campaigns affecting the following products:

• Signal iOS - as of today, versions prior to 7.47 (latest version)
• Signal Android - as of today, versions prior to 7.33.2 (latest version)

• Updating Signal

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 132.0.2957.171.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

As part of BGD e-GOV CIRT continuous efforts to monitor emerging threats and vulnerabilities that could compromise national security, our Cyber Threat Intelligence Unit has identified 600 vulnerable PRTG instances in Bangladesh affected by CVE-2018-19410-a critical-severity vulnerability. This....

OpenSSH published a security advisory to address vulnerabilities in OpenSSH - versions 6.8p1 to 9.9p1.

Review the OpenSSH Release Note and apply the necessary updates.

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• Junos OS - multiple versions
• Junos OS Evolved - multiple versions
• Junos Space - versions prior to 24.1R2

Citrix published security advisories to address vulnerabilities in the following products:

• NetScaler Console 14.1 - versions prior to 14.1-38.53
• NetScaler Console 13.1 - versions prior to 13.1-56.18
• NetScaler Agent 14.1 - versions prior to 14.1-38.53
• NetScaler Agent 13.1 - versions prior 13.1-56.18

Mozilla published security advisories to address vulnerabilities in Firefox - versions prior to 135.0.1.

Review the Mozilla security bulletins and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.126 for Linux and prior to 133.0.6943.126/127 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions

Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)- released a joint Cybersecurity Advisory, Ransomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.

Ghost actors conduct these widespread attacks, targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207.

Review this joint advisory and apply the recommended mitigations to protect and detect malicious activity.

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.10

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar NDMP Accelerator - multiple versions
• Dell Avamar Server Hardware Appliance Gen4T/Gen5A - multiple versions
• Dell Avamar Virtual Edition - multiple versions
• Dell Avamar VMware Image Proxy - multiple versions
• Dell Networker Virtual Edition (NVE) - multiple versions
• Dell Power Protect DP Series Appliance - version 2.7.8 and prior running on SLES12SP5
• PowerPath Management Appliance - version 4.0 P02

• Dell Security Advisory DSA-2025-081
• Dell Security Advisory DSA-2025-094
• Dell Security advisories and notices

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 133.0.3065.69.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

PostgreSQL published a security advisory to address vulnerabilities in PostgreSQL - 13.x versions prior to 13.19, 14.x versions prior to 14.16, 15.x versions prior to 15.11, 16.x versions prior to 16.7 and 17.x versions prior to 17.3.

Review the PostgreSQL Advisory - quoting APIs miss neutralizing quoting syntax in text that fails encoding validation and apply the necessary updates.

Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• PAN-OS 11.2 - versions prior to 11.2.4-h4
• PAN-OS 11.1 - versions prior to 11.1.6-h1
• PAN-OS 10.2 - versions prior to 10.2.13-h3
• PAN-OS 10.1 - versions prior to10.1.14-h9

• Palo Alto Networks Security Advisories - CVE-2025-0108
• Palo Alto Network Security Advisories

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.98 for Linux and prior to 133.0.6943.98/.99 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.8.2, 17.7.4 and 17.6.5
• GitLab Enterprise Edition (EE) - versions prior to 17.8.2, 17.7.4 and 17.6.5

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Library - @sap/approuter - version 2.6.1 to 16.7.1
• SAP BusinessObjects Business Intelligence platform (Central Management Console) - versions ENTERPRISE 430 and 2025
• SAP Enterprise Project Connection - version 3.0
• SAP NetWeaver AS Java (User Admin Application) Version - version 7.50
• SAP Supplier Relationship Management (Master Data Management Catalog) - version SRM_MDM_CAT 7.52

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Connect Secure (ICS) - version 22.7R2.5 and prior
• Ivanti CSA - version 5.0.4 and prior
• Ivanti Policy Secure (IPS) - version 22.7R1.2 and prior
• Ivanti Secure Access Client (ISAC) - version 22.7R4 and prior

• Ivanti - February Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs)
• Ivanti - Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)
• Ivanti Security Advisories

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiOS 7.6 - version 7.6.0
• FortiOS 7.4 - versions 7.4.0 to 7.4.4
• FortiOS 7.2 - versions 7.2.0 to 7.2.9 and versions 7.2.4 to 7.2.8
• FortiOS 7.0 - versions 7.0.0 to 7.0.15
• FortiOS 6.4 - all versions
• FortiPortal 7.4 - version 7.4.0 to 7.4.2
• FortiPortal 7.2 - version 7.2.0 to 7.2.6
• FortiPortal 7.0 - version 7.0.0 to 7.0.11

• Fortinet PSIRT - FG-IR-25-015
• Fortinet PSIRT - FG-IR-24-160
• Fortinet PSIRT - FG-IR-24-302
• Fortinet PSIRT Advisories

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• System Center 2019, 2022 and 2025
• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Azure - multiple versions and platforms
• Microsoft Dynamics 365 Sales
• Microsoft Excel 2016 - version 16.0.5487.1000
• Microsoft Office - multiple versions and platforms
• Microsoft SharePoint - multiple versions and platforms
• Microsoft Visual Studio - multiple versions
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe Commerce - multiple versions
• Adobe Commerce B2B - multiple versions
• Adobe Illustrator 2024 - version 28.73 and prior
• Adobe Illustrator 2025 - version 29.1 and prior
• Adobe InCopy - version 19.5.1 and prior, version 20.0 and prior
• Adobe InDesign - version ID19.5.2 and prior, version ID20.1 and prior
• Adobe Magento Open Source - multiple versions
• Adobe Substance 3D Designer - version 14.0.2 and prior

HPE published a security advisory to address vulnerabilities in the following products:

• HPE ProLiant DL145 Gen11 - versions prior to v1.30_10-04-2024
• HPE ProLiant DL325 Gen10 Plus server - versions prior to v3.40_10-04-2024
• HPE ProLiant DL325 Gen10 Plus v2 server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL325 Gen10 Server - versions prior to 3.30_10-04-2024
• HPE ProLiant DL325 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant DL345 Gen10 Plus server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL345 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant DL365 Gen10 Plus server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL365 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant DL385 Gen10 Plus server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL385 Gen10 Plus v2 server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL385 Gen10 Server - versions prior to 3.30_10-04-2024
• HPE ProLiant DL385 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant XL225n Gen10 Plus 1U Node - versions prior to 3.40_10-04-2024
• HPE ProLiant XL645d Gen10 Plus Server - versions prior to 3.40_10-04-2024
• HPE ProLiant XL675d Gen10 Plus Server - versions prior to v3.40_10-04-2024

Intel published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Intel® RealSense™ Advisory
• Intel® MLC Software Advisory
• BIOS and System Firmware Update Package Advisory
• Intel® 800 Series Ethernet Driver Software

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.3.1
• iPadOS - versions prior to 17.7.5

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• CP4NA - version 2.7.6
• GDSC Platform On-prem - version 3.6.1
• IBM Asset Data Dictionary Component - version 1.1
• IBM Cloud Pak for Business Automation - multiple versions
• IBM Cloud Pak for Security - versions 1.10.0.0 to 1.10.11.0
• IBM Cloud Pak System - multiple versions
• IBM dashDB Local - version 11.5.8.0 to refresh 8
• IBM Observability with Instana (OnPrem) - build 281-287
• IBM Security QRadar EDR - version 3.12
• IBM QRadar Suite Software - version 1.10.12.0 to 1.10.24.0
• IBM watsonx.data - version 1.0.0 to 2.0.0
• PUB - version 7.0.2 and 7.0.3

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 24.10

• USN-7233-3: Linux kernel (Azure) vulnerabilities
• USN-7234-3: Linux kernel (Azure) vulnerabilities
• USN-7238-3: Linux kernel (Low Latency) vulnerabilities

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen5A, Gen4T - versions 19.4, 19.7, 19.8, 19.9, 19.10 and 19.10 SP1
• Dell Avamar Virtual Edition - multiple versions and platforms
• Dell Protection Advisor - versions 19.9, 19.10 and 19.11
• Dell VxRail Appliance - versions 0.000 to 8.0.320

• Dell Security Advisory DSA-2025-065
• Dell Security Advisory DSA-2025-071
• Dell Security Advisory DSA-2025-075

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Enterprise Certified Container - multiple versions
• IBM Operational Decision Manager - versions 8.11.0.1, 8.11.1.0, 8.12.0.1 and 9.0.0.1
• IBM QRadar Deployment Intelligence App - version 1.0.0 to 3.0.15
• IBM Watson Assistant for IBM Cloud Pak for Data - versions 4.0.0 to 4.8.7
• IBM Watson Studio on Cloud Pak for Data - Execution Engine for Apache Hadoop - version 5.0
• IBM watsonx.data - versions 1.1.0 to 2.1.0

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 133.0.3065.51.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco IOS - versions 15.2E, 15.5SY and 15.9M
• Cisco IOS XE - versions 3.11E, 16.12, 17.9, 17.12 and 17.15
• Cisco IOS XR - versions 24.2 and prior, 24.3, 24.4 and 25.2
• Cisco Identity Services Engine (ISE) - versions 3.0, 3.1, 3.2 and 3.3

• Cisco Security Advisory - cisco-sa-snmp-dos-sdxnSUcW
• Cisco Security Advisory - cisco-sa-ise-multivuls-FTW9AOXF
• Cisco Security Advisories

F5 published Quarterly Security Notifications for multiple products. Included were updates for the following:

• BIG-IP (all modules) - multiple versions
• BIG-IP Next SPK - multiple versions
• BIG-IP (PEM) - multiple versions
• BIG-IP (ASM) - multiple versions
• BIG-IP (APM) - versions 16.1.3 to 16.1.4
• BIG-IP (AFM) - multiple versions
• BIG-IP Next CNF - versions 1.1.0 to 1.3.3

Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup & Replication - version 12.2.0.334 and prior
• Veeam Service Provider Console - version 8.1.0.21377 and prior

HPE published a security advisory to address vulnerabilities in HPE Aruba Networking ClearPass Policy Manager - 6.12.x versions prior to 6.12.3 and 6.11.x versions prior to 6.11.9.

Review the HPE security bulletins and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird - versions prior to 135
• Thunderbird ESR - versions prior to 128.7
• Firefox ESR - versions prior to 128.7
• Firefox ESR - versions prior to 115.20
• Firefox - versions prior to 135

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.53 for Linux and prior to 33.0.6943.53/54 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Qualcomm published a security bulletin to address vulnerabilities affecting multiple chipsets.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Data Protection Central - versions prior to 19.10
• Dell Enterprise SONiC Distribution - versions prior to 4.4.1 and 4.2.3
• Dell NetWorker Virtual Edition - multiple versions
• Dell NetWorker - multiple versions
• Dell PowerProtect DD - multiple versions
• Dell PowerStore X OS - versions prior to 3.2.1.5-2424458
• Dell VxRail Appliance - versions 7.0.000 to 7.0.533
• PowerProtect DP Series Appliances - versions prior to 2.7.8
• PowerProtect Data Protection Software - versions prior to 2.7.8

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM CP4MCM - version 2.3 to 2.3 FP9
• IBM Db2 Warehouse on Cloud Pak for Data - multiple versions
• IBM Planning Analytics Local - IBM Planning Analytics Workspace - versions 2.1 and 2.0
• IBM Tivoli Network Manager IP Edition - version 4.2 GA to 4.2.0.20
• IBM Watson Speech Services Cartridge - version 4.0.0 to 4.8.7
• IBM® Db2® on Cloud Pak for Data - multiple versions
• ICP - Discovery - versions 4.0.0 to 4.8.7 and 5.0.0 to 5.0.3
• InfoSphere Information Server - version 11.7

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

VMware released a security advisory to address multiple vulnerabilities in VMWare Avi Load Balancer - versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2.

Review VMware security advisory VMware VMSA-2025-002 and apply the necessary updates.

ISC released a security advisory to address ISC BIND 9 - versions 9.11.0 to 9.11.37, 9.16.0 to 9.16.50, 9.18.0 to 9.18.32, 9.20.0 to 9.20.4 and 9.21.0 to 9.21.3.

Review the following advisories and apply the necessary updates:

• ISC BIND security advisory - CVE-2024-12705
• ISC BIND security advisory - CVE-2024-11187
• BIND 9 Security Vulnerability Matrix

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

TeamViewer published security updates to address vulnerabilities in the following products:

• TeamViewer Full Client (Windows) - multiple versions
• TeamViewer Host (Windows) - multiple versions

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.3
• iOS iPadOS - versions prior to 17.7.4
• macOS Sequoia - versions prior to 15.3
• macOS Sonoma - versions prior to 14.7.3
• macOS Ventura - versions prior to 13.7.3
• Safari - versions prior to 18.3
• tvOS - versions prior to 18.3
• watchOS - versions prior to 11.3

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions and platforms

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions and platforms

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM App Connect Enterprise - versions 12.0.1.0 to 12.0.12.9 and versions 13.0.1.0 to 13.0.2.0
• IBM Observability with Instana (OnPrem) - versions 281 to 287
• IBM Engineering Lifecycle Optimization - PUB - versions 7.0.2 and 7.0.3
• IBM Storage Copy Data Management - versions 2.2.0.0 to 2.2.24.1

• IBM Security Bulletin (IBM App Connect Enterprise)
• IBM Security Bulletin (IBM Observability with Instana (OnPrem))
• IBM Security Bulletin (IBM Engineering Lifecycle Optimization - PUB)
• IBM Security Bulletin (IBM Storage Copy Data Management)

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitHub Enterprise Server - versions 3.15.x prior to 3.15.2
• GitHub Enterprise Server - versions 3.14.x prior to 3.14.7
• GitHub Enterprise Server - versions 3.13.x prior to 3.13.10
• GitHub Enterprise Server - versions 3.12.x prior to 3.12.14

• GitHub Release Notes #3.15.2
• GitHub Release Notes #3.14.7
• GitHub Release Notes #3.13.10
• GitHub Release Notes #3.12.14

Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics - versions prior to 7.5.0 UP10 IF02.

Review the Juniper Networks Security Advisories - JSA82681 and apply the necessary updates.

SonicWall published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• SonicWall Gen6 Hardware Firewalls - multiple models and version 6.5.4.15-117n and prior
• SonicWall Gen7 Firewalls - multiple models and versions
• SonicWall Gen7 NSv - multiple models and versions
• SonicWall Gen7 Cloud Platform NSv - multiple models and versions
• SonicWall TZ80 - version 8.0.0-8035

Atlassian published security advisories to address vulnerabilities in the following products:

• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco BroadWorks - versions prior to RI.2024.11
• Cisco Meeting Management - versions prior to 3.9.1

• Cisco Security Advisory - cisco-sa-cmm-privesc-uy2Vf8pc
• Cisco Security Advisory - cisco-sa- bw-sip-dos-mSySbrmt

Jenkins published a security advisory to address vulnerabilities in the following products:

• Azure Service Fabric Plugin - version 1.6 and prior
• Bitbucket Server Integration Plugin - version 4.1.3 and prior
• Eiffel Broadcaster Plugin - version 2.10.2 and prior
• Folder-based Authorization Strategy Plugin - version 17.vd5b_18537403e and prior
• GitLab Plugin - version 1.9.6 and prior
• OpenId Connect Authentication Plugin - version 4.452.v2849b_d3945fa_ and prior
• Zoom Plugin - up to and including 1.5

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.8.1, 17.7.3 and 17.6.4
• GitLab Enterprise Edition (EE) - versions prior to 17.8.1, 17.7.3 and 17.6.4

Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:

• Oracle Analytics
• Oracle Communications Applications
• Oracle Database Server
• Oracle E-Business Suite
• Oracle Enterprise Manager
• Oracle Financial Services Applications
• Oracle Fusion Middleware
• Oracle GoldenGate
• Oracle Hospitality Applications
• Oracle JD Edwards
• Oracle MySQL
• Oracle PeopleSoft
• Oracle Retail applications
• Oracle Secure Backup
• Oracle Supply Chain Products
• Oracle Utilities Applications

Dell published security advisories to address vulnerabilities in the Dell Open Manage Network Integration - versions prior to 3.7.

Review the provided Dell Security Advisory and apply the necessary updates.

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM Maximo Application Suite - versions 8.10, 8.11 and 9.0
• IBM Maximo Application Suite IoT Component - versions 8.7, 8.8 and 9.0
• IBM Watson CP4D Data Stores - versions 4.0.0 to 5.0.3

• IBM Security Bulletin (IBM Maximo Application Suite and IBM Maximo Application Suite - Iot Component)
• IBM Security Bulletin (IBM Watson CP4D Data Stores)

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting Ubuntu 18.04 ESM.

Review the following Ubuntu Security Advisory and apply the necessary updates.

• USN-7195-2: Linux kernel (Azure) vulnerabilities
• USN-7173-3: Linux kernel (Raspberry Pi) vulnerabilities

HPE published a security advisory to address vulnerabilities in HP-UX Apache-based Web Server - versions prior to B.2.4.62.00.

Review the HPE security bulletins and apply the necessary updates.

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP BusinessObjects Business Intelligence Platform - versions ENTERPRISE 420, 430 and 2025
• SAP NetWeaver Application Server ABAP and ABAP Platform - multiple versions
• SAP NetWeaver AS for ABAP and ABAP Platform - multiple versions
• SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Platform) - multiple versions
• SAPSetup - version LMSAPSETUP 9.0

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiAnalyzer Cloud 7.4 - versions 7.4.1 to 7.4.3
• FortiAnalyzer - multiple versions
• FortiManager - multiple versions
• FortiManager Cloud - versions 7.4.1 to 7.4.3
• FortiOS - multiple versions
• FortiProxy - multiple versions
• FortiSandbox - multiple versions
• FortiSwitch - multiple versions

• Fortinet PSIRT Advisory - FG-IR-24-535
• Fortinet PSIRT Advisory - FG-IR-23-260
• Fortinet PSIRT Advisories

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• System Center 2019, 2022 and 2025
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms
• .NET - version 8.0
• .NET - version 9.0
• Marketplace SaaS
• Microsoft 365 Apps for Enterprise - multiple versions and platforms
• Microsoft Access 2016
• Microsoft Defender for Endpoint
• Microsoft Edge
• Microsoft Excel 2016
• Microsoft/Muzic
• Microsoft Office - multiple versions and platforms
• Microsoft Project 2016 - multiple versions and platforms
• Microsoft Purview
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Server 2019
• Microsoft Update Catalog
• Microsoft Visual Studio - multiple versions
• Microsoft Word 2016
• Office Online Server

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Photoshop 2025 26.1 and earlier versions
• Photoshop 2024 25.12 and earlier versions
• Adobe Substance 3D Stager 3.0.4 and earlier versions
• Adobe Illustrator on iPad 3.0.7 and earlier versions
• Adobe Animate 2023 23.0.9 and earlier versions
• Adobe Animate 2024 24.0.6 and earlier versions
• Adobe Substance 3D Designer 14.0 and earlier versions

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Avalanche - versions prior to 6.4.7
• Ivanti Application Control - versions prior to 2024.3 HF1, 2024.1 HF4 and 2023.3 HF3
• Ivanti Endpoint Manager - versions prior to EPM 2024 January-2025 Security Update, EPM 2022 SU6 January-2025 Security Update
• Ivanti Security Controls - versions prior to 2024

• Ivanti - Security Advisory - Ivanti Application Control Engine (CVE-2024-10630)
• Ivanti - Security Advisory Ivanti Avalanche 6.4.7 (Multiple CVEs)
• Ivanti - Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6
• Ivanti Security Advisories

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Cloud APM, Base Private - versions 8.1.4.0 to 8.1.4.0 IF16
• IBM Cloud APM, Advanced Private - versions 8.1.4.0 to 8.1.4.0 IF16
• IBM Cognos Analytics - versions 12.0.0 t0 12.03, 11.2.0 to 11.2.4 FP4
• IBM Engineering Requirements Management DOORS Next - versions 7.02 and 7.03
• IBM Jazz Foundation - versions 7.02, 7.03 and 7.1.0
• IBM Jazz Reporting Service - versions 7.02 and 7.03
• IBM Netezza for Cloud Pak for Data (on Cloud) - versions prior to 11.2.3.3
• IBM QRadar SIEM - versions 7.5 to 7.5.0 UP10
• IBM Spectrum Protect Plus - versions 10.1.0 to 10.1.16.3

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking SmartFabric Storage Sofware - versions prior to 1.4.3
• Dell VxRail Appliance - versions 8.0.000 to 8.0.311

• DSA-2025-025
• DSA-2025-032

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions and platforms

TLP: CLEAR Distribution: Public Type of Threat: Phishing E-Mail Date: 12 January 2025 Executive Summary Recently, we have observed a surge in phishing attacks targeting various government organizations, law enforcement agencies, educational institutions, and others, with the attacks spreading further through compromised accounts. This campaign is targeted to steal sensitive information by impersonating official entities and leveraging malicious attachments and links. This advisory provides details...

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• Junos OS - multiple versions
• Junos OS Evolved - multiple versions
• Junos Space - versions prior to 24.1R2

• Juniper Networks Security - JSA92867
• Juniper Networks Security Advisories

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Connect Secure - versions prior to 22.7R2.5 and versions 9.1R18.9 and prior
• Ivanti Policy Secure - versions prior to 22.7R1.2
• Ivanti Neurons for ZTA Gateways - versions prior to 22.7R2.3

Palo Alto Networks published a security advisory to address a critical vulnerability in Expedition 1 migration tool - versions prior to 1.2.101.

Review the Security Advisory and apply the necessary updates.

SonicWall published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• SonicWall Gen6 Hardware Firewalls - multiple models and version 6.5.4.15-117n and prior
• SonicWall Gen7 Firewalls - multiple models and versions
• SonicWall Gen7 NSv - multiple models and versions
• SonicWall Gen7 Cloud Platform NSv - multiple models and versions
• SonicWall TZ80 - version 8.0.0-8035

HPE published a security advisory to address vulnerabilities in Brocade Fabric OS - multiple versions. Review the HPE security bulletins  and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Apache Tomcat on Dell OpenManage Server Administrator - versions prior to 11.1.0.0
• Apache Tomcat on Dell Systems Management Tools and Documentation DVD ISO - versions prior to 11.1.0.0

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM Content Collector for SAP Applications - version 4.0.0
• IBM Security QRadar Log Management AQL Plugin - version 1.0 to 1.1

• IBM Security Bulletin (IBM Content Collector for SAP Applications)
• IBM Security Bulletin (IBM Security QRadar Log Management AQL Plugin)

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• API Big SQL on IBM Cloud Pak for Data - versions IBM Big SQL 7.2, IBM Big SQL 7.3, IBM Big SQL 7.4 and IBM Big SQL 7.5
• IBM Maximo Application Suite - Monitor Component - versions 8.10.14, 8.11.12 and 9.0.4
• IBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data - versions v3.5 through refresh 10, v4.0 through refresh 9, v4.5 through refresh 3, v4.6 through refresh 6, v4.7 through refresh 4, v4.8 through refresh 6, v5.0 through refresh 2 and v5.0 through
• refresh 3

• IBM Security Bulletin (IBM Big SQL on IBM Cloud Pak for Data)
• IBM Security Bulletin (IBM Maximo Application Suite - Monitor Component)
• IBM Security Bulletin (IBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data)

Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• PAN-OS 11.2 - versions prior to 11.2.3
• PAN-OS 11.1 - versions prior to 11.1.5
• PAN-OS 10.2 - versions 10.2.8 and later, versions prior to 10.2.10-h2 and versions prior to 10.2.13.h2
• PAN-OS 10.1 - versions 10.1.14 and later, versions prior to 10.1.14-h8
• Prisma Access - versions 10.2.8 on PAN-OS and later, versions prior to 11.2.3 on PAN-OS

• Palo Alto Networks Security Advisories - CVE-2024-3393
• Palo Alto Network Security Advisories

Apache published a security advisory to address vulnerabilities in the following products:

• Apache MINA - versions 2.0.x prior to 2.0.27
• Apache MINA - versions 2.1.x prior to 2.1.10
• Apache MINA - versions 2.2.x prior to 2.2.4
• Apache Traffic Control - version 8.0.0 to 8.0.1

• CVE-2024-45387
• CVE-2024-52046
• Apache Security Bulletins
• Apache Security Bulletins (Openwall)

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• API Connect - version V10.0.0 to V10.0.8
• IBM Asset Data Dictionary Component - version 1.1
• IBM Cognos Analytics - versions 11.2.0 to 11.2.4 FP4 and 12.0.0 to 12.0.3
• IBM Planning Analytics - versions 2.0 and 2.1
• IBM Planning Analytics Local - IBM Planning Analytics Workspace - versions 2.0 and 2.1
• IBM Watson Assistant for IBM Cloud Pak for Data - version 4.0.0 to 5.0.3

BeyondTrust published a security advisory to address vulnerabilities in the following products:

• Privileged Remote Access (PRA) - versions 24.3.1 and prior
• Remote Support (RS) - versions 24.3.1 and prior

• BeyondTrust Security Advisory - Advisory ID: BT24-10
• BeyondTrust Advisories

Sophos has released security updates to address vulnerabilities in Sophos Firewall v21.0 GA (21.0.0) and older.

Review Sophos's Security Update and apply the necessary updates.

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiClientLinux 7.4 - versions 7.4.0 to 7.4.2
• FortiClientLinux 7.2 - versions 7.2.0 to 7.2.7
• FortiClientLinux 7.0 - versions 7.0.0 to 7.0.13
• FortiClientWindows 7.4 - versions 7.4.0 to 7.4.1
• FortiClientWindows 7.2 - versions 7.2.0 to 7.2.6
• FortiClientWindows 7.0 - versions 7.0.0 to 7.0.13
• FortiManager 7.6 - version 7.6.0
• FortiManager 7.4 - versions 7.4.0 to 7.4.4 and versions Cloud 7.4.1 to 7.4.4
• FortiManager 7.2 - versions 7.2.3 to 7.2.7 and versions Cloud 7.2.1 to 7.2.7
• FortiManager 7.0 - version 7.0.5 to 7.0.12 and versions Cloud 7.0.1 to 7.0.12
• FortiManager 6.4 - versions 6.4.10 to 6.4.14
• FortiWLM 8.6 - versions 8.6.0 to 8.6.5
• FortiWLM 8.5 - versions 8.5.0 to 8.5.4

• Fortinet PSIRT Advisory - FG-IR-23-278
• Fortinet PSIRT Advisory - FG-IR-24-425
• Fortinet PSIRT Advisory - FG-IR-23-144
• Fortinet PSIRT Advisories

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 131.0.6778.204 for Linux and prior to 131.0.6778.204/.205 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Foxit published security advisories to address vulnerabilities in the following products:

• Foxit PDF Editor (Windows) - multiple versions
• Foxit PDF Editor for Mac - multiple versions
• Foxit PDF Reader (Windows) - version 2024.3.0.26795 and prior
• Foxit PDF Reader for Mac - version 2024.3.0.65538 and prior

Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat - versions 11.0.0-M1 to 11.0.1
• Apache Tomcat - versions 10.1.0-M1 to 10.1.33
• Apache Tomcat - versions 9.0.0.M1 to 9.0.97

• [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet
• Fixed in Apache Tomcat 9.0.98
• Fixed in Apache Tomcat 10.1.34
• Fixed in Apache Tomcat 11.0.2
• Apache Tomcat

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM App Connect Enterprise - versions 13.0.1.0 to 13.0.1.1, versions 12.0.1.0 to 12.0.12.8
• IBM Cloud Pak for AIOps - versions 4.1.0 to 4.7.1
• IBM Cognos Dashboards on Cloud Pak for Data - versions 5.0.0 and 4.8.0
• IBM Guardium Data Security Center - version 3.4.1
• IBM Operations Analytics - Log Analysis - version 1.3.8.0
• IBM Process Mining - versions 1.15.0 IF004, 1.15.0 IF003, 1.15.0 IF002, 1.15.0 IF001 and 1.15.0
• IBM QRadar SIEM - versions 7.5 to 7.5.0 UP10 IF01
• QRadar Incident Forensics - versions 7.5 to 7.5.0 UP10 IF01
• IBM Security QRadar Log Management AQL Plugin - version 1.0.0
• IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data - versions 4.0.0 to 5.0.3

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.02.02.00
• Avamar Data Store Gen5A, Gen4T - versions 19.4, 19.7, 19.8, 19.9, 19.10 and 19.10SP1
• Avamar Server - versions 19.4, 19.7, 19.8, 19.9, 19.10 and 19.10SP1
• Data Lakehouse Bundle - versions prior to 1.2.0.0
• Cloud Tiering Appliance CTA, CTA-HA, CTA/VE and CTA-HA/VE - versions prior to 13.2.0.2.32
• Connectrix B-Series FOS - multiple versions
• InsightIQ Installation Package - versions prior to 5.1.1
• PowerFlex appliance IC - versions prior to IC 46.376.00 and versions prior to IC 46.381.00
• PowerFlex rack RCM - versions prior to 3.8.1.0 and versions prior to 3.7.6.0
• PowerFlex Manager - versions prior to 4.6.1.0
• RecoverPoint for Virtual Machines - versions 6.0 SP1 and 6.0 SP1 P1
• VxRail VxVerify - versions prior to x.40.405

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Application Control - versions 2024.3, 2024.1 and 2023.3
• Ivanti Automation - version 2024.4 and prior
• Ivanti Performance Manager - versions 2024.3, 2024.1 and 2023.3
• Ivanti Security Control - versions 2024 and prior
• Ivanti Workspace Control - versions 10.18.30.0 and prior

• December 2024 Security Advisory Ivanti Application Control
• December 2024 Security Advisory Ivanti Automation
• December 2024 Security Advisory Ivanti Performance Manager
• Security Advisory - Ivanti Security Controls (ISeC)
• December 2024 Security Advisory Ivanti Workspace Control (IWC)

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 131.0.2903.99.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Service Director - versions prior to v5.1.2
• HPE SimpliVity 325 Gen10 - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 325 Gen10 Plus - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 325 Gen11 - versions prior to HPE SimpliVity Gen11 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 380 Gen11 - versions prior to HPE SimpliVity Gen11 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 380 Gen10 - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 380 Gen10 G - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 380 Gen10 H - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 190r Gen10 Server - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 170r Gen10 Server - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129
• HPE SimpliVity 380 Gen10 Plus - versions prior to HPE SimpliVity Gen10 Support Pack (SVTSP) v2024_1129

• HPE Security Bulletin - hpesbnw04768
• HPE Security Bulletin - hpesbhf04686
• HPE Security Bulletin - hpesbhf04756
• HPE Security Bulletin - hpesbhf04753

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.6.2, 17.5.4 and 17.4.6
• GitLab Enterprise Edition (EE) - versions prior to 17.6.2, 17.5.4 and 17.4.6

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.2
• iOS iPadOS - versions prior to 17.7.3
• macOS Sequoia - versions prior to 15.2
• macOS Sonoma - versions prior to 14.7.2
• macOS Ventura - versions prior to 13.7.2
• watchOS 11.2 - versions prior to 11.2
• tvOS - versions prior to 18.2
• Safari - versions prior to 18.2
• visionOS - versions prior to 2.2

• iOS and iPadOS
• iOS iPadOS
• macOS Sequoia
• macOS Sonoma
• macOS Ventura
• watchOS 11.2
• tvOS
• Safari
• visionOS

Drupal published security advisories to address vulnerabilities in Drupal Login Disable - versions 2.0.0 prior to 2.1.1 .

Review the provided Drupal Security Advisory and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities Firefox ESR - versions prior to 115.18.

Review the Mozilla security bulletins and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 131.0.6778.139 for Linux and prior to 131.0.6778.139/.140 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe FrameMaker 2020 Release Update 7 and earlier
• Adobe FrameMaker 2022 Release Update 5 and earlier
• Adobe Substance 3D Painter 10.1.1 and earlier versions
• Adobe Premiere Pro 25.0 and earlier versions
• Adobe Premiere Pro 24.6.3 and earlier versions
• Adobe Bridge 14.1.3 and earlier versions
• Adobe Bridge 15.0 and earlier versions
• Adobe Substance 3D Modeler 1.14.1 and earlier versions
• Photoshop 2025 26.0 and earlier versions
• Adobe Substance 3D Sampler 4.5.1 and earlier versions
• Adobe Connect 12.6 and earlier versions
• Adobe Connect 11.4.7 and earlier versions
• Adobe PDFL Software Development Kit (SDK) PDFL SDK 21.0.0.5 and earlier versions
• Adobe InDesign ID19.5 and earlier versions
• Adobe InDesign ID18.5.4 and earlier versions
• Adobe Animate 2023 23.0.8 and earlier versions
• Adobe Animate 2024 24.0.5 and earlier versions
• Adobe After Effects 24.6.2 and earlier versions
• Adobe After Effects 25.0.1 and earlier versions
• Illustrator 2025 29.0.0 and earlier versions
• Illustrator 2024 28.7.2 and earlier versions
• Adobe Media Encoder 24.6.3 and earlier versions
• Adobe Media Encoder 25.0 and earlier versions
• Acrobat DC 24.005.20307 and earlier versions continuous
• Acrobat Reader DC 24.005.20307 and earlier versions continuous
• Acrobat 2024 24.001.30213 and earlier versions (Windows) classic 2024
• Acrobat 2024 24.001.30193 and earlier versions (MacOS) classic 2024
• Acrobat 2020 20.005.30730 and earlier versions (Windows) classic 2020
• Acrobat 2020 20.005.30710 and earlier versions (MacOS) classic 2020
• Acrobat Reader 2020 20.005.30730 and earlier versions (Windows) classic 2020
• Acrobat Reader 2020 20.005.30710 and earlier versions (MacOS) classic 2020
• Adobe Experience Manager (AEM) AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) 6.5.21 and earlier versions

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP NetWeaver AS for JAVA (Adobe Document Services) - version ADSSSAP 7.50
• SAP NetWeaver Application Server ABAP - versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 and 7.93

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Cloud Services Application (CSA) - version 5.0.2 and prior
• Ivanti Connect Secure (ICS) - version 22.7R2.3 and prior
• Ivanti Policy Secure (IPS) - version 22.7R1.1 and prior
• Ivanti Sentry - versions 9.20.1 and prior and 10.0.1 and prior

• December 2024 Security Advisory Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS)
• Security Advisory Ivanti Cloud Services Application (CSA)
• Security Advisory Ivanti Sentry

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM App Connect Enterprise Certified Container - multiple versions
• IBM Observability with Instana (OnPrem) - version Build 261 to 283

• App Connect Enterprise Certified Container
• IBM Observability with Instana (OnPrem)

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following::

• APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.01.01.00
• Dell NetWorker - versions 19.10 to 19.10.0.5, versions 19.11 to 19.11.0.1, versions 19.8 to 19.8.0.4, versions 19.9 to 19.9.0.7 and versions prior to 19.8
• Dell RecoverPoint Classic - versions 5.1 sp4 p3, 5.1 sp4 p4 and versions 5.1 sp4 p2

• APEX Cloud Platform for Red Hat OpenShift
• Dell NetWorker
• Dell RecoverPoint Classic

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 131.0.2903.86.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup & Replication - version 12.2.0.334 and prior
• Veeam Service Provider Console - version 8.1.0.21377 and prior

• Veeam Security Advisory - kb4679
• Veeam Security Advisory - kb4693

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Drupal Download All Files - versions prior to 2.0.2
• Drupal Pages Restriction Access - versions 2.0.0 to prior to 2.0.3
• Drupal OAuth and OpenID Connect Single Sign On - SSO (OAuth/OIDC Client) - versions 3.0.0 to prior to 3.44.0 and 4.0.0 to prior to 4.0.19
• Drupal Print Anything - unsupported
• Drupal Megamenu Framework - unsupported

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 131.0.6778.108 for Linux and prior to 131.0.6778.108/.109 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

SonicWall published a security advisory to address vulnerabilities in SonicWall SMA SSL-VPN 100 Series - version 10.2.1.13-72sv and prior.

Review the Security Advisory and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting Ubuntu 16.04 ESM.

Review the Ubuntu Security Notices and apply the necessary updates.

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM Planning Analytics - versions 2.0 and 2.1
• IBM Robotic Process Automation - version 21.0.0 to 21.0.7.16, version 23.0.0 to 23.0.18
• IBM Robotic Process Automation for Cloud Pak - version 21.0.0 to 21.0.7.16, version 23.0.0 to 23.0.18
• IBM Sterling Connect:Direct Web Services - versions 6.1.0, 6.2.0 and 6.3.0
• IBM Sterling Secure Proxy - version 6.0.0.0 to 6.0.30 and version 6.1.0.0
• QRadar User Behavior Analytics - version 1.0.0 to 4.1.16
• SPSS Collaboration and Deployment Services - version 8.5

Jenkins published a security advisory to address vulnerabilities in the following products:

• Jenkins weekly - version 2.486 and prior
• Jenkins LTS - version 2.479.1 and prior
• Filesystem List Parameter Plugin - version 0.0.14 and prior
• Simple Queue Plugin - version 1.4.4 and prior

Jenkins published a security advisory to address vulnerabilities in the following products:

• Apache Struts - versions 2.0.0 to 2.3.37 (EOL)
• Apache Struts - versions 2.5.0 to 2.5.33
• Apache Struts - versions 6.0.0 to 6.3.0.2

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird - versions prior to 133
• Thunderbird - versions prior to 128.5
• Firefox ESR - versions prior to 115.18
• Firefox ESR - versions prior to 128.5
• Firefox - versions prior to 133

VMware released a security advisory to address vulnerabilities in the following products:

• VMware Aria Operations - versions 8.x
• VMware Cloud Foundation (VMware Aria Operations) - versions 5.x and 4.x

• VMware VMSA-2024-0022
• Security Advisories - VMware Cloud Foundation

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.4.5, 17.5.3 and 17.6.1
• GitLab Enterprise Edition (EE) - versions prior to 17.4.5, 17.5.3 and 17.6.1

HPE published a security advisory to address vulnerabilities in HPE AutoPass License Server (APLS) - versions prior to 9.17.

Review the HPE security bulletins and apply the necessary updates.

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM Planning Analytics - versions 2.0 and 2.1
• IBM Robotic Process Automation - version 21.0.0 to 21.0.7.16, version 23.0.0 to 23.0.18
• IBM Robotic Process Automation for Cloud Pak - version 21.0.0 to 21.0.7.16, version 23.0.0 to 23.0.18
• IBM Sterling Connect:Direct Web Services - versions 6.1.0, 6.2.0 and 6.3.0
• IBM Sterling Secure Proxy - version 6.0.0.0 to 6.0.30 and version 6.1.0.0
• QRadar User Behavior Analytics - version 1.0.0 to 4.1.16
• SPSS Collaboration and Deployment Services - version 8.5

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le

• Red Hat Security Advisory - RHSA-2024:9942
• Red Hat Security Advisory - RHSA-2024:9943

Trellix published a security advisory to address vulnerabilities in the Trellix Enterprise Security Manager (ESM) - versions prior to 11.6.13.

Review the Trellix Security Notices and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 131.0.2903.63.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Drupal published security advisories to address vulnerabilities in Drupal core - versions prior to 7.102.

Review the provided Drupal Security Advisory and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 131.0.6778.85 for Linux and prior to 131.0.6778.85/.86 for Windows, and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 17.7.2
• iOS iPadOS - versions prior to 18.1.1
• macOS Sequoia - versions prior to 15.1.1
• visionOS - versions prior to 2.1.1

• Apple Security Advisory - 121752
• Apple Security Advisory - 121753
• Apple Security Advisory - 121754
• Apple Security Advisory - 121755
• Apple Security Updates

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions
• Sourcetree for Mac - multiple versions
• Sourcetree for Windows - multiple versions

Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• Palo Alto Networks PAN-OS 11.2 < 11.2.4-h1
• Palo Alto Networks PAN-OS 11.1 < 11.1.5-h1
• Palo Alto Networks PAN-OS 11.0 < 11.0.6-h1
• Palo Alto Networks PAN-OS 10.2 < 10.2.12-h2
• Palo Alto Networks PAN-OS 10.1 < 10.1.14-h6

• Palo Alto Networks Security Advisories - CVE-2024-0012
• Palo Alto Networks Security Advisories - CVE-2024-9474

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following::

• CyberSense - versions 8.0 to 8.9
• Dell Connectrix Cisco MDS 9000 Series - versions 12.0 to 12.2.1
• Dell NetWorker Server - versions 19.10 to 19.10.0.5, versions 19.11 to 19.11.0.1, versions 19.8 to 19.8.0.4, versions 19.9 to 19.9.0.7 and versions prior to 19.8
• Dell Networking OS10 - versions 10.5.6.x, 10.5.5.x, and 10.5.4.x
• Dell Power Protect Data Manager - versions prior to 19.17
• Dell PowerEdge Servers - versions prior to 2.4.4
• Dell XC Core - versions prior to 2.4.4
• PowerProtect Cyber Recovery - versions prior to 19.17.0.2

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM App Connect Enterprise - versions 12.0.1.0 to 12.0.12.7 and 13.0.1.0
• IBM CICS TX Advanced - versions 10.1 and 11.1
• IBM CICS TX Standard - version 11.1
• IBM Cloud Pak for AIOps - versions 4.1.0 to 4.7.0
• IBM DevOps Code ClearCase - version 11.0
• IBM Event Streams - versions 10.0.0 to 11.5.1
• IBM Integrated Analytics System - version 1.0.0 to 1.0.30.0
• IBM Rational ClearCase - versions 10.0.0 and 9.1
• IBM Sterling Secure Proxy - versions 6.0.0.0 to 6.0.3.0 and 6.1.0.0
• IBM Tivoli Network Manager IP Edition - version 4.2 GA to 4.2.0.19

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 14.04 ESM

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

• Red Hat Security Advisory - RHSA-2024:9546
• Red Hat Security Advisory - RHSA-2024:9500
• Red Hat Security Advisory - RHSA-2024:9498
• Red Hat Security Advisory - RHSA-2024:9497
• Red Hat Security Advisory - RHSA-2024:9605
• Red Hat Security Advisories

HPE published a security advisory to address vulnerabilities HP-UX OpenSSL Software - versions prior to A.03.00.15.001.

Review the HPE security bulletins and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 130.2903.48.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.5.2, 17.4.4 and 17.3.7
• GitLab Enterprise Edition (EE) - versions prior to 17.5.2, 17.4.4 and 17.3.7

Drupal published security advisories to address vulnerabilities in POST File - versions prior to 1.0.2.

Review the provided Drupal Security Advisory and apply the necessary updates.

Intel published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Intel Neural Compressor software - versions prior to v3.0
• Intel Endpoint Management Assistant software - versions prior to 1.13.1.0
• Intel Computing Improvement Program software - versions prior to 2.4.10852
• Intel Atom, Celeron, Core, Pentium and XEON CPUs - multiple models
• Intel Server Board S2600ST, S2600BP, S2600BPBR, M20NTP, M10JPN2SB and M70KLP Families - all firmware versions

Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 130.59.2920.7.

Review the Palo Alto Networks Security Advisory  and apply the necessary updates.

Palo Alto Networks (PAN) has released an important informational bulletin on securing management interfaces after becoming aware of claims of an unverified remote code execution vulnerability via the PAN-OS management interface.

Review PAN's instruction for accessing the organization's scan results for internet-facing management interfaces and take immediate action if required:

• PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management Interface is Secured
• Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Endpoint Manager (EPM)
• Ivanti Avalanche
• Ivanti Connect Secure
• Ivanti Policy Secure
• Ivanti Security Access Client

• Ivanti Security Advisory EPM
• Ivanti Security Advisory Avalanche
• Ivanti Security Advisory Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Citrix published security advisories to address vulnerabilities in the following products:

• NetScaler ADC and NetScaler Gateway 14.1 - versions prior to 14.1-29.72
• NetScaler ADC and NetScaler Gateway 13.1 - versions prior to 13.1-55.34
• NetScaler ADC 13.1-FIPS - versions prior to 13.1-37.207
• NetScaler ADC 12.1-FIPS - versions prior to 12.1-55.321
• NetScaler ADC 12.1-NDcPP - versions prior to 12.1-55.321

• Citrix Security Advisory - CTX691608
• Citrix Security Advisories

SAP published security advisories to address vulnerabilities SAP Web Dispatcher - versions WEBDISP 7.77, 7.89, 7.93, KERNEL 7.77, 7.89, 7.93, 9.12 and 9.13.

Review the SAP Security Patch Day - November 2024 and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Alletra 4110 - versions prior to 2.30_08-09-2024
• HPE Alletra 4120 - versions prior to 2.30_08-09-2024
• HPE Alletra 4140 - versions prior to 2.30_08-09-2024
• HPE Compute Edge Server e930t - versions prior to 2.30_08-09-2024
• HPE Cray XD665 - versions prior to 1.50 (Cray SC XD665 Firmware Pack 2024.09.00)
• HPE Cray XD670 - versions prior to 2.01
• HPE Cray EX235a Accelerator Blade - versions prior to 1.9.0 (HFP 24.9.0)
• HPE Cray EX235n Server - versions prior to 1.4.0 (HFP 24.8.1)
• HPE Cray EX254n Accelerator Blade - versions prior to 1.9.0 (HFP 24.8.1)
• HPE Cray EX255a Accelerator Blade - versions prior to 1.1.1 (HFP 24.9.0)
• HPE Cray EX420 Compute Blade - versions prior to 1.3.2 (HFP 24.8.1)
• HPE Cray EX425 Compute Blade - versions prior to 1.7.4 (HFP 24.8.1)
• HPE Cray EX4252 Compute Blade - versions prior to 1.7.0 (HFP 24.9.0)
• HPE IP Meditation - versions prior to 8.5.1
• HPE ProLiant DL110 Gen11 - versions prior to 2.30_08-09-2024
• HPE ProLiant DL320 Gen11 Server - versions prior to 2.30_08-09-2024
• HPE ProLiant DL360 Gen11 Server - versions prior to 2.30_08-09-2024
• HPE ProLiant DL380 Gen11 Server - versions prior to 2.30_08-09-2024
• HPE ProLiant DL380a Gen11 - versions prior to 2.30_08-09-2024
• HPE ProLiant DL560 Gen11 - versions prior to 2.30_08-09-2024
• HPE ProLiant ML110 Gen11 - versions prior to 2.30_08-09-2024
• HPE ProLiant ML350 Gen11 Server - versions prior to 2.30_08-09-2024
• HPE ProLiant XL645d Gen10 Plus Server - versions prior to v3.10 (HFP 24.8.1)
• HPE ProLiant XL675d Gen10 Plus Server - versions prior to v3.10 (HFP 24.8.1)
• HPE Synergy 480 Gen11 Compute Module - versions prior to 2.30_08-09-2024

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 131.0.6778.69 for Linux and prior to 131.0.6778.69/.70 for Windows, and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• SQL Server
• Microsoft Virtual Hard Drive
• Windows SMBv3 Client/Server
• Windows USB Video Driver
• Microsoft Windows DNS
• Windows NTLM
• Windows Registry
• .NET and Visual Studio
• Windows Update Stack
• LightGBM
• Azure CycleCloud
• Azure Database for PostgreSQL
• Windows Telephony Service
• Windows NT OS Kernel
• Role: Windows Hyper-V
• Windows VMSwitch
• Windows DWM Core Library
• Windows Kernel
• Windows Secure Kernel Mode
• Windows Kerberos
• Windows SMB
• Windows CSC Service
• Windows Defender Application Control (WDAC)
• Windows Active Directory Certificate Services
• Microsoft Office Excel
• Microsoft Graphics Component
• Microsoft Office Word
• Windows Task Scheduler
• Microsoft Exchange Server
• Visual Studio
• Windows Win32 Kernel Subsystem
• TorchGeo
• Visual Studio Code
• Microsoft PC Manager
• Airlift.microsoft.com

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe After Effects - version 24.6.2 and prior, version 23.6.9 and prior
• Adobe Audition - version 24.4.6 and prior, version 23.6.9 and prior
• Adobe Bridge - version 13.0.9 and prior, version 14.1.2 and prior
• Adobe Commerce and Magento Open Source - version 3.2.5 and prior
• Adobe InDesign - version ID19.5 and prior, version ID18.5.3 and prior and version ID18.5.2 and prior
• Adobe Substance 3D Painter - version 10.1.0 and prior
• Illustrator 2024 - version 28.7.1 and prior
• Photoshop 2023 - version 24.7.3 and prior
• Photoshop 2024 - version 25.11 and prior

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird - versions prior to 132.0.1
• Thunderbird - versions prior to 128.4.3

• Mozilla Security Advisory (MFSA 2024-61)
• Mozilla Security Advisory (MFSA 2024-62)

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft Office
• Microsoft Edge (Chromium-based)
• Microsoft Defender for Endpoint
• Microsoft Office SharePoint
• GitHub
• Microsoft Office Word
• Microsoft Office Excel
• Windows Task Scheduler
• Windows Mobile Broadband
• Windows Kernel-Mode Drivers
• Windows Remote Desktop Services
• Windows Virtualization-Based Security (VBS) Enclave
• Microsoft Office Publisher
• Windows IP Routing Management Snapin
• Windows Wireless Wide Area Network Service
• Windows File Explorer
• Windows Kernel
• Windows Routing and Remote Access Service (RRAS)
• Windows Common Log File System Driver
• Role: DNS Server
• Windows Resilient File System (ReFS)
• Windows PrintWorkflowUserSvc
• Windows Message Queuing
• Remote Desktop Client
• WmsRepair Service
• Windows LDAP - Lightweight Directory Access Protocol
• Windows Cloud Files Mini Filter Driver
• Role: Windows Hyper-V
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Remote Desktop
• Microsoft Office Access

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• AIX - versions 7.2 and 7.3
• IBM Cloud Pak for Security - versions 1.10.0.0 to 1.10.11.0
• IBM Cloud Transformation Advisor - versions 2.0.1 to 3.10.1
• QRadar Suite Software - versions 1.10.12.0 to 1.10.26.0
• VIOS - versions 3.1 and 4.1

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat Enterprise Linux for Real Time 8 x86_64
• Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
• Red Hat CodeReady Linux Builder for x86_64 8 x86_64
• Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
• Red Hat CodeReady Linux Builder for ARM 64 8 aarch64

• Red Hat Security Advisory - RHSA-2024:8856
• Red Hat Security Advisory - RHSA-2024:8870
• Red Hat Security Advisories

Veem has released security updates to address a vulnerability in Veeam Backup Enterprise Manager - versions prior to 12.2.0.334.

Review the Veeam Security Advisory and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 130.0.2849.68.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Unified Industrial Wireless Software - version 17.14 and prior
• Cisco Unified Industrial Wireless Software - version 17.15
• Cisco Nexus Dashboard Fabric Controller (NDFC) - versions 12.1.2 and 12.1.3
• Cisco Enterprise Chat and Email (ECE) - versions 12.5 and prior
• Cisco Enterprise Chat and Email (ECE) - version 12.6
• Catalyst IW9165D Heavy Duty Access Points
• Catalyst IW9165E Rugged Access Points and Wireless Clients
• Catalyst IW9167E Heavy Duty Access Point

• Cisco Security Advisory - cisco-sa-backhaul-ap-cmdinj-R7E28Ecs
• Cisco Security Advisory - cisco-sa-ndfc-sqli-CyPPAxrL
• Cisco Security Advisory - cisco-sa-ece-dos-Oqb9uFEv

Drupal published security advisories to address vulnerabilities in Basic HTTP Authentication - versions prior to 7.x-1.4.

Review the provided Drupal Security Advisory and apply the necessary updates.

The Bangladesh e-Government CIRT reported an active exploitation of the F5 BIG-IP vulnerability (CVE-2023-46747) within Bangladeshi infrastructure. Attackers have used this vulnerability to gain unauthorized system access and even sold compromised access online. This critical flaw allows remote code execution, enabling attackers to fully control affected systems.

Review the provided BGD e-GOV CIRT website and apply the necessary mitigation.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 30.0.6723.116 for Linux and prior to 130.0.6723.116/.117 for Windows, and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Aruba Networking Access Point - version AOS-10.4.x.x - 10.4.1.4 and prior
• HPE Aruba Networking Access Point - version Instant AOS-8.12.x.x - 8.12.0.2 and prior
• HPE Aruba Networking Access Point - version Instant AOS-8.10.x.x - 8.10.0.13 and prior

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following::

• PowerStore 1000X - versions prior to 3.2.1.4-2386214
• PowerStore 3000X - versions prior to 3.2.1.4-2386214
• PowerStore 5000X - versions prior to 3.2.1.4-2386214
• PowerStore 7000X - versions prior to 3.2.1.4-2386214
• PowerStore 9000X - versions prior to 3.2.1.4-2386214

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM Business Automation Insights - version 24.0.0
• IBM Business Automation Workflow containers - multiple versions
• IBM Business Automation Workflow traditional - multiple versions
• IBM Cloud Pak for Business Automation - multiple versions
• IBM Cloud Pak System - multiple versions
• IBM ICP - Discovery - versions 4.0.0 to 4.8.5 and 5.0.0
• IBM QRadar SIEM - version 7.5 to 7.5.0 UP10
• IBM Storage Protect Server - version 8.1

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platform

• Red Hat Security Advisory - RHSA-2024:8617
• Red Hat Security Advisory - RHSA-2024:8616
• Red Hat Security Advisory - RHSA-2024:8614
• Red Hat Security Advisory - RHSA-2024:8613

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 130.0.2849.68.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 130.0.6723.91 for Linux and prior to 130.0.6723.91/.92 for Windows, and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 17.7.1
• iOS and iPadOS - versions prior to 18.1
• macOS Sequoia - version prior to 15.1
• macOS Sonoma - versions prior to 14.7.1
• macOS Ventura - versions prior to 13.7.1
• tvOS - versions prior to 18.1
• visionOS - versions prior to 2.1
• watchOS - versions prior to 11.1

HPE published a security advisory to address vulnerabilities in HP-UX 11i Secure Shell Software - versions prior to A.09.30.007.

Review the HPE security bulletins and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• DELL Data Lakehouse System Software - versions 1.0.0.0 and 1.1.0.0
• Dell EMC VxRail Appliance - versions prior to 8.0.310
• PowerFlex appliance - versions prior to 3.8.8 and versions prior to 4.6.0.1
• PowerFlex rack - versions prior to 3.8.8 and versions prior to 4.6.0.1

• DSA-2024-413: Security Update for a Dell PowerFlex Manager Cleartext Storage of Sensitive Information Vulnerability
• DSA-2024-419: Security Update for Dell Data Lakehouse System Software for Multiple Component Vulnerabilities
• DSA-2024-393: Security Update for Dell VxRail 8.0.310 Multiple Third-Party Component Vulnerabilities

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• DataPower Operations Dashboard - version 1.0.21.0
• IBM Cognos Analytics - versions 11.2.0 to 11.2.3 FP3 and 12.0.0 to 12.0.3
• IBM Cognos Analytics Mobile (Android) - version 1.1
• IBM Cognos Analytics Mobile (iOS) - version 1.1
• IBM Concert Software - version 1.0.0 to 1.0.1
• IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) - version 4.1.1 and 4.2
• IBM Storage Protect Server - version 8.1
• Server Firmware - versions FW1030.00 to FW1030.61, FW1050.00 to FW1050.21, FW1060.00 to FW1060.10, FW860.00 to FW860.B3 and FW950.00 to FW950.C0

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting Ubuntu 22.04 LTS.

Review the Ubuntu Security Notices and apply the necessary updates.

Ubuntu published a security notice to address vulnerabilities in the Red Hat Enterprise Linux Server - multiple versions and platform.

Review the Red Hat Security Advisory and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in HP-UX Common Internet File System (CIFS) Client/Server Software - versions prior to B.04.18.01.00.

Review the HPE security bulletins and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 130.0.2849.46.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiManager 7.6 - versions prior to 7.6.1
• FortiManager 7.4 - versions prior to 7.4.5
• FortiManager 7.2 - versions prior to 7.2.8
• FortiManager 7.0 - versions prior to 7.0.13
• FortiManager 6.4 - versions prior to 6.4.15
• FortiManager 6.2 - versions prior to 6.2.13
• FortiManager Cloud 7.4 - versions prior to 7.4.5
• FortiManager Cloud 7.2 - versions prior to 7.2.8
• FortiManager Cloud0 - versions prior to 7.0.13
• FortiManager Cloud 6.4 - all versions

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Adaptive Security Appliance (ASA) Software - multiple versions
• Cisco Firepower Management Center (FMC) Software - multiple versions
• Cisco Firepower Threat Defense (FTD) Software - multiple versions
• Cisco Secure Firewall Management Center (FMC) Software - multiple versions

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.5.1, 17.4.3 and 17.3.6
• GitLab Enterprise Edition (EE) - versions prior to 17.5.1, 17.4.3 and 17.3.6

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Monster Menus 9.4.x branch - versions 9.4.0 to versions prior to 9.4.2
• Monster Menus 9.3.x branch - versions prior to 9.3.4

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 130.0.6723.69 for Linux and prior to 130.0.6723.69/.70 for Windows, and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Policy Manager for Secure Connect Gateway - version 5.24.00.14
• Dell Secure Connect Gateway - version 5.24.00.14
• Dell Storage Monitoring and Reporting - versions prior to 5.0.2.0
• Dell Storage Resource Manager - versions prior to 5.0.2.0

• DSA-2024-406: Security Update for Dell Secure Connect Gateway Policy Manager Multiple Vulnerabilities
• DSA-2024-407: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities
• DSA-2024-421: Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR) Security Update for Multiple Third-Party Component Vulnerabilities

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• IBM Observability with Instana (OnPrem) - version Build 277 (Self-Hosted Standard Edition 1.5.0)
• IBM QRadar SIEM - version 7.5 to 7.5.0 UP9 IF03
• IBM QRadar Incident Forensics - version 7.5 to 7.5.0 UP9 IF03
• IBM Rational ClearQuest - versions 10.0 to 10.0.6 and 9.1 to 9.1.0.6

• BM Observability with Instana for Self-Hosted Standard Edition is affected by multiple Vulnerabilities
• A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest due to the included Apache HTTP Server
• Due to use of International Components for Unicode, IBM Rational ClearQuest is vulnerable to buffer overflow
• IBM QRadar SIEM contains multiple vulnerabilities

HPE published a security advisory to address vulnerabilities in the following products:

• HPE OpenView Performance Mgt. T0684 - versions T0684V01^ABG, T0684V01^ABH, T0684V01^ABI, T0684V01^ABJ and T0684V01^ABK
• HPE Superdome Flex 280 Server - versions prior to v1.90.12
• HPE Superdome Flex Server - versions prior to v4.0.10

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Cray EX235a Accelerator Blade - versions prior to v1.9.0 (HFP 24.9)
• HPE Cray EX235n Server - versions prior to v1.5.0 (HFP 24.9)
• HPE Cray EX255a Accelerator Blade - versions prior to v1.1.0 (HFP 24.8.1)
• HPE Cray EX425 Compute Blade - versions prior to v1.7.5 (HFP 24.9)
• HPE Cray EX4252 Compute Blade - versions prior to v1.7.0 (HFP 24.8.1)
• HPE ProLiant XL645d Gen10 Plus Server - versions prior to v3.20_08-07-2024
• HPE ProLiant XL675d Gen10 Plus Server - versions prior to v3.20_08-07-2024

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 130.0.2849.46.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

VMware released a security advisory to address vulnerabilities in the following products:

• vCenter Server - versions 7.0 and 8.0
• VMware Cloud Foundation - versions 5.x and 4.x

• VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
• Security Advisories - VMware Cloud Foundation

F5 published security updates address vulnerabilities in BIG-IP (all modules) - versions 17.1.0 to 17.1.1, 16.1.0 to 16.1.4, and 15.1.0 to 15.1.1.0

Review the F5 Security Advisories and apply the necessary updates.

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco ATA 191 Analog Telephone Adapter - version 12.0.1 and prior
• Cisco ATA 191 and 192 Multiplatform Analog Telephone Adapter - version 11.2.4 and prior

SolarWinds published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Serv-U FTP - version 15.4.2 and prior
• SolarWinds Platform - version 2024.2.1 and prior
• SolarWinds Web Help Desk - versions 12.8.3 HF2 and prior

• Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability (CVE-2024-45711)
• SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (CVE-2024-45710)
• SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability (CVE-2024-28988)

VMware released a security advisory to address multiple vulnerabilities in VMWare HCX - versions 4.8.x, 4.9.x, and 4.10.x.

Review VMware security advisory VMSA-2024-0021 and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 130.0.6723.58 for Linux and prior to 130.0.6723.58/.59 for Windows, and Apple MAC.

Review the Google security bulletins and apply the necessary updates.