Multiple Security Advisories for Major Software Products (January 2026)
Vendors including Ubuntu, IBM, VMware, Microsoft, Google, and F5 released security advisories and updates between January 5 and 12, 2026, addressing vulnerabilities across a range of widely used products. Notable issues include a high-severity vulnerability (CVE-2026-0628) in Google Chrome’s WebView component, which could allow malicious extensions or payloads to bypass security controls and inject scripts or HTML into privileged pages, as well as a Linux kernel vulnerability (CVE-2024-56614) that could result in out-of-bounds writes and potential memory corruption. Updates were also issued for Ubuntu Linux kernel packages, IBM Cloud Pak and related software, VMware Tanzu Greenplum Backup and Restore, and Microsoft Edge, with users urged to apply patches promptly to mitigate risk.
The Linux kernel vulnerability (CVE-2024-56614) was specifically highlighted by F5, describing how improper bounds checking in the xsk_map_delete_elem function could lead to out-of-bounds memory access and system instability. Google’s Chrome update not only patched a critical security flaw but also introduced new rate limits for push notifications to reduce notification spam. The advisories from Ubuntu, IBM, VMware, and Microsoft Edge all emphasized the importance of applying the latest updates to address recently disclosed vulnerabilities and maintain system security across enterprise and consumer environments.
Related Entities
Organizations
Sources
1 more from sources like f5 product advisories
Related Stories
Canadian Cyber Centre Advisories Highlight Linux Kernel and Other Vendor Patch Updates
The Canadian Centre for Cyber Security issued multiple advisories urging organizations to apply vendor patches released between **February 16–22, 2026**, including updates addressing **Linux kernel vulnerabilities** impacting **Ubuntu** (16.04 LTS through 25.10) and **Red Hat** platforms (including *RHEL* and related offerings). The advisories emphasize routine but potentially high-impact exposure from unpatched kernel flaws across widely deployed enterprise and server environments, and direct administrators to review upstream vendor notices and deploy the corresponding updates. Separate Cyber Centre advisories also flagged patch requirements outside the Linux kernel: Microsoft released an update for **Microsoft Edge Stable** to remediate vulnerabilities in versions prior to `145.0.3800.70`, IBM published security advisories covering multiple products (including *Aspera Enterprise WebApps*, *Cloud Pak System*, *Storage Defender*, and others), and CISA issued ICS advisories for vulnerabilities across several industrial and IoT/OT products (including **Delta Electronics**, **GE Vernova**, **Honeywell CCTV**, **Siemens Simcenter**, and others) with recommended mitigations and updates where available. A Linux 7.0 release-candidate feature article is not a security advisory and does not materially relate to the patch/vulnerability notices in the other items.
3 weeks agoMultiple Security Advisories for Enterprise and Industrial Products (Late October–Early November 2025)
Vendors including Hitachi Energy, Schneider Electric, ABB, Ubiquiti, Dell, IBM, Red Hat, Ubuntu, and Microsoft released security advisories between October 27 and November 3, 2025, addressing vulnerabilities across a wide range of enterprise, industrial, and cloud products. Notable advisories include CISA's ICS alerts for control systems, a critical flaw in ABB's PCM600 software (CVE-2018-1002208), a critical vulnerability in Ubiquiti's UniFi Access Application (CVE-2025-52665), and updates for Microsoft Edge, Red Hat Enterprise Linux, Ubuntu LTS versions, and multiple Dell and IBM products. Organizations are urged to review the advisories, apply recommended mitigations, and update affected systems to reduce exposure to exploitation. The advisories highlight vulnerabilities that could allow remote code execution, privilege escalation, or unauthorized access if left unpatched. The Canadian Centre for Cyber Security and CISA emphasize the importance of timely patching and mitigation, especially for products deployed in critical infrastructure and enterprise environments. Administrators should consult the official vendor advisories for detailed remediation steps and monitor for further updates as new vulnerabilities are disclosed and addressed.
4 months agoMultiple Security Vulnerabilities Disclosed Across Major Software Platforms
Several major software vendors, including Mozilla, Node.js, SonicWall, Cisco, Google, Apple, Ubuntu, Red Hat, VMware, and TeamViewer, have disclosed security vulnerabilities affecting a wide range of products. These advisories highlight issues such as OS command injection in the Node.js `systeminformation` library, privilege escalation in SonicWall SMA1000, improper input validation in Cisco Secure Email Gateway, and multiple vulnerabilities in browsers like Firefox and Chrome. Additionally, Apple products, Epson printers, and TeamViewer DEX Client have been identified as having critical security flaws, with some advisories noting the potential for remote code execution or privilege escalation if left unpatched. Security agencies and vendors are urging users and administrators to review the relevant advisories and apply patches or mitigations as soon as possible. The vulnerabilities span operating systems (Linux kernel in Ubuntu and Red Hat), cloud and virtualization platforms (VMware Tanzu), and widely used remote access tools (TeamViewer). The breadth of affected products underscores the importance of timely updates and vigilance in monitoring official security channels for new disclosures and remediation guidance.
2 months ago