March 2026 Vendor Security Advisories for Multiple Products
Multiple vendors and agencies published security advisories covering newly addressed vulnerabilities across enterprise, Linux, and industrial control system products. The advisories include an HPE Telco Service Orchestrator remote buffer overflow affecting versions prior to 4.2.12, broad Red Hat and Ubuntu Linux kernel updates, and a large set of Dell and IBM product fixes spanning storage, networking, cloud, identity, and security platforms. CISA ICS advisories also highlighted weaknesses in products from Siemens, Honeywell, Lantronix, Trane, Ceragon, Apeman, and Inductive Automation, indicating continued exposure across operational technology environments.
A related technical disclosure from the Zero Day Initiative described CVE-2022-32250, a Linux kernel nf_tables use-after-free flaw that can allow local privilege escalation to root after low-privileged code execution, and noted that Linux distributions have issued updates. That Linux kernel issue aligns with the broader kernel patching activity reflected in the Ubuntu and Red Hat notices, but the overall reporting is not a single incident or exploit campaign; it is a roundup of routine but substantive vulnerability disclosures and remediation guidance. This content is not fluff because it contains specific vulnerability information, affected products, and actionable patching intelligence.
Timeline
Mar 26, 2026
HKCERT publishes bulletin on multiple GitLab vulnerabilities
On March 26, 2026, HKCERT published a security bulletin warning about multiple vulnerabilities affecting GitLab. The bulletin alerted users to review the affected versions and apply vendor-recommended updates or mitigations.
Mar 23, 2026
Red Hat publishes further kernel-related security advisories
Between March 23 and 29, 2026, Red Hat published another set of security advisories covering Linux kernel vulnerabilities in products including CodeReady Linux Builder, Red Hat Enterprise Linux, Red Hat Enterprise Linux Server, and Red Hat Enterprise Linux for Real Time. The Canadian Centre for Cyber Security urged users and administrators to review the referenced advisories and apply the necessary updates.
Mar 16, 2026
Red Hat publishes another round of kernel-related security advisories
Between March 16 and 22, 2026, Red Hat published additional security advisories covering Linux kernel vulnerabilities in products including Red Hat Enterprise Linux, Red Hat Enterprise Linux Server, Red Hat Enterprise Linux for Real Time, and CodeReady Linux Builder. The Canadian Centre for Cyber Security advised administrators to review the referenced advisories and apply the necessary updates.
Mar 16, 2026
Canadian Centre for Cyber Security highlights vendor advisories
On March 16, 2026, the Canadian Centre for Cyber Security published alerts summarizing recent Dell, IBM, Ubuntu, Red Hat, HPE, and CISA ICS advisories and urged users and administrators to review vendor guidance, apply updates, and implement mitigations. These notices consolidated vulnerability and remediation activity disclosed during the prior week.
Mar 16, 2026
ZDI publicly discloses Linux kernel privilege-escalation flaw
On March 16, 2026, Zero Day Initiative disclosed ZDI-26-191, a Linux kernel use-after-free vulnerability in the nf_tables subsystem that can let a low-privileged local attacker execute code as root. The disclosure noted that Linux had issued an update and that Ubuntu had published related security notes.
Mar 16, 2026
HPE issues Telco Service Orchestrator vulnerability advisory
On March 16, 2026, HPE published bulletin HPESBNW05029 revision 1 for a remote buffer overflow vulnerability in HPE Telco Service Orchestrator. The issue affects versions prior to v4.2.12, and customers were advised to review guidance and update.
Mar 9, 2026
CISA publishes ICS advisories for multiple industrial vendors
Between March 9 and 15, 2026, CISA issued a set of ICS security advisories covering vulnerabilities in products from vendors including Apeman, Ceragon, Honeywell, Inductive Automation, Lantronix, Siemens, and Trane. The advisories included mitigation guidance and updates where available for industrial and connected systems.
Mar 9, 2026
Red Hat releases kernel-related security advisories
Between March 9 and 15, 2026, Red Hat published advisories for Linux kernel vulnerabilities affecting multiple offerings, including Red Hat Enterprise Linux, Red Hat Enterprise Linux Server, Red Hat Enterprise Linux for Real Time, and CodeReady Linux Builder. The updates covered multiple versions and platforms.
Mar 9, 2026
Ubuntu issues Linux kernel security notices for LTS releases
Between March 9 and 15, 2026, Ubuntu published security notices for Linux kernel vulnerabilities affecting Ubuntu 22.04 LTS and 24.04 LTS, including NVIDIA-related issues referenced in USN-8060-7 and USN-8059-8. Administrators were advised to apply the available updates.
Mar 9, 2026
IBM publishes broad set of product security advisories
Between March 9 and 15, 2026, IBM published security advisories affecting numerous products, including AIX, MQ, QRadar Suite Software, Cloud Pak for Security, IBM Verify offerings, Sterling products, and watsonx Orchestrate components. The advisories called for customers to follow IBM PSIRT guidance and install fixes.
Mar 9, 2026
Dell publishes security advisories for multiple enterprise products
Between March 9 and 15, 2026, Dell released a set of security advisories covering vulnerabilities in products including Avamar Data Store Gen5A, Connectrix B-Series FOS and SANnav, PowerSwitch E3200-ON Series, PowerSwitch Z9664F-ON, and Secure Connect Gateway. Users were urged to review affected version ranges and apply updates.
May 25, 2022
Linux kernel flaw CVE-2022-32250 reported to vendor
Keith Yeo (@kyeojy) reported a use-after-free privilege-escalation vulnerability in the Linux kernel nf_tables subsystem to the vendor. The issue was later tracked as ZDI-CAN-17443, ZDI-26-191, and CVE-2022-32250.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
5 more from sources like ca ccs and zdi published advisories
Related Stories
Canadian Cyber Centre Advisories Highlight Linux Kernel and Other Vendor Patch Updates
The Canadian Centre for Cyber Security issued multiple advisories urging organizations to apply vendor patches released between **February 16–22, 2026**, including updates addressing **Linux kernel vulnerabilities** impacting **Ubuntu** (16.04 LTS through 25.10) and **Red Hat** platforms (including *RHEL* and related offerings). The advisories emphasize routine but potentially high-impact exposure from unpatched kernel flaws across widely deployed enterprise and server environments, and direct administrators to review upstream vendor notices and deploy the corresponding updates. Separate Cyber Centre advisories also flagged patch requirements outside the Linux kernel: Microsoft released an update for **Microsoft Edge Stable** to remediate vulnerabilities in versions prior to `145.0.3800.70`, IBM published security advisories covering multiple products (including *Aspera Enterprise WebApps*, *Cloud Pak System*, *Storage Defender*, and others), and CISA issued ICS advisories for vulnerabilities across several industrial and IoT/OT products (including **Delta Electronics**, **GE Vernova**, **Honeywell CCTV**, **Siemens Simcenter**, and others) with recommended mitigations and updates where available. A Linux 7.0 release-candidate feature article is not a security advisory and does not materially relate to the patch/vulnerability notices in the other items.
1 months ago
Multiple Security Advisories for Enterprise and Industrial Products (Late October–Early November 2025)
Vendors including Hitachi Energy, Schneider Electric, ABB, Ubiquiti, Dell, IBM, Red Hat, Ubuntu, and Microsoft released security advisories between October 27 and November 3, 2025, addressing vulnerabilities across a wide range of enterprise, industrial, and cloud products. Notable advisories include CISA's ICS alerts for control systems, a critical flaw in ABB's PCM600 software (CVE-2018-1002208), a critical vulnerability in Ubiquiti's UniFi Access Application (CVE-2025-52665), and updates for Microsoft Edge, Red Hat Enterprise Linux, Ubuntu LTS versions, and multiple Dell and IBM products. Organizations are urged to review the advisories, apply recommended mitigations, and update affected systems to reduce exposure to exploitation. The advisories highlight vulnerabilities that could allow remote code execution, privilege escalation, or unauthorized access if left unpatched. The Canadian Centre for Cyber Security and CISA emphasize the importance of timely patching and mitigation, especially for products deployed in critical infrastructure and enterprise environments. Administrators should consult the official vendor advisories for detailed remediation steps and monitor for further updates as new vulnerabilities are disclosed and addressed.
1 months ago
Early March 2026 Vendor Security Advisories and Patch Releases Across Enterprise, Mobile, and ICS Products
Multiple vendors issued security advisories and patch releases in late February and early March 2026, prompting coordinated update guidance from national and regional CERTs. The Canadian Centre for Cyber Security highlighted updates for **Django** (fixed in `4.2.29`, `5.2.12`, `6.0.3`), **Samsung mobile devices** (March 2026 security update), **Qualcomm** (March 2026 monthly bulletin), **Veeam Kasten for Kubernetes / Kasten K10**, **VMware Tanzu** components (including *Greenplum* and *RabbitMQ on Kubernetes*), and **Red Hat** advisories including **Linux kernel** updates across multiple RHEL-related platforms. Industrial and infrastructure-facing products were also covered via **CISA ICS** advisories spanning a broad set of vendors and solutions (including EV charging ecosystems, building management, cameras, and DCS/SCADA platforms such as **Schneider Electric EcoStruxure Building Operation Workstation** and **Yokogawa CENTUM VP**), with guidance to apply mitigations and updates where available. Additional enterprise patch guidance included **Dell** advisories affecting *PowerStore T* and *PowerEdge* server lines (including AMD-based models and NVIDIA networking/DOCA-related components), and **IBM** advisories across a wide portfolio (including *App Connect Enterprise*, *CICS TX*, *License Metric Tool*, *Maximo*, *Sterling Secure Proxy*, *Terracotta*, *QRadar*, and others). HKCERT separately summarized **Samsung** vulnerabilities impacting Android devices and Exynos chipsets, listing multiple CVEs (e.g., `CVE-2024-31328` and numerous 2025-series CVEs) with potential impacts including **RCE**, **EoP**, **information disclosure**, and **DoS**.
1 months ago