VMware Cloud Director Appliance contains an authentication bypass vulnerability in the case where VMware Cloud Director Appliance was upgraded to 10.5 from an older version. CVSSv3 score of 9.8
More info.

PTC Kepware products are affected by vulnerabilities in KEPServerEX that allow a remote attacker cause a buffer overflow connect. Highest CVSSv3 score of 9.1
More info. And here.

A vulnerability in STARDOM FCN/FCJ may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. CVSSv3 score of 5.3
More info. And here.

Apple has published security updates for Safari, iOS, iPadOS, and macOS.  At least one vulnerability is being actively exploited.
More info. And here.

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. Highest CVSSv3 score of 9.8
More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.8
Only one has patches.
More info.

Ubuntu has updated the kernel. More info.
Alpine Linux has published new releases. More info.

Nessus Network Monitor has been updated to correct vulnerabilities in third-party software including HandlebarsJS, OpenSSL, and jquery-file-upload.  Highest CVSSv3 score of 9.8
More info.

Mainspring Data Express and Vital Sync Virtual Patient Monitoring Platform use Mirth Connect in certain situations, which allows a remote attacker to execute arbitrary code. CVSSv3 score of 9.8
Manual upgrade instructions for the Mirth Connect component, no Medtronic patches have been released.
More info.

Edge has been updated with one chromium fix that is being exploited in the wild.
More info.

Zyxel NAS devices contain several vulnerabilities that allow a remote attacker to execute OS commands or obtain system information.
More info.

InfraSuite Device Master contains several vulnerabilities, including Path Traversal, Deserialization of Untrusted Data, and Exposed Dangerous Method or Function. Successful exploitation could allow a remote attacker to remotely execute arbitrary code and obtain plaintext credentials. Highest CVSSv3 score of 9.8
More info.

Google has updated Chrome for Desktop to fix 7 security vulnerabilities, most rated High.
More info.

Microsoft is aware.  More info.

Sierra Wireless has updated ALEOS, an OS in AirLink Routers, to fix eight security vulnerabilities. Highest CVSSv3 score of 8.3
More info.

A vulnerability in Apache Avro Java SDK affects IBM InfoSphere Information Server. CVSSv3 score of 9.8
More info.

IBM Maximo Application Suite - Monitor Component uses systeminformation which contains a vulnerability. CVSSv3 score of 9.8
More info.

IBM Sterling B2B Integrator uses Spring Framework, which is affected by multiple vulnerabilies. Highest CVSSv3 score of 9.1
More info.

Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities.  Dell rates this High.
More info. And here.

Ubuntu has updated the kernel. More info.
Mageia has updated the kernel. More info.

Zyxel Firewall and AP products contain several vulnerabilities, one of which could be exploited by a remote attacker to trigger a DoS. CVSSv3 score of 7.5
More info.

Festo products use WIBU CodeMeter Runtime.  A remote attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server. CVSSv3 score of 9.8
All products but Automation Suite have fixes.
More info.

BIG-IP, F5OS, and Traffix SDC use APR-util that could allow a remote attacker to overwrite memory beyond the intended buffer. Highest CVSSv3 score of 6.5
Only patches for F5OS so far.
More info.

A sensitive information disclosure security vulnerability exists in Prosafe NMS300. CVSSv3 score of 9.8
More info.

Hitachi Energy's OSS component Cyrus SASL contains a vulnerability that affects the SDM600 product. A remote attacker could cause a DoS. CVSSv3 score of 7.5
More info.

Hitachi Energy's Web server and HCI IEC 60870-5-104 component contain vulnerabilities that affects RTU500. A remote attacker could perform cross-site scripting on web server or a DoS. Highest CVSSv3 score of 6.0
More info.

Xerox has published an update for FreeFlow Print Server that includes Microsoft, Java, Firefox, and Apache security fixes.
More info.

Tomcat contains a request smuggling vulnerability that could cause Tomcat to treat a single request as multiple requests. CVSSv3 score of 5.3
More info.

Red Hat has updated the kernel. More info.

Vulnerabilities in curl have been addressed in OSS Network Utilities (T1204). Highest CVSSv3 score of 9.8
More info.

Several vulnerabilities in Arcserve UDP allow a remote attacker to upload and execute arbitrary files, and bypass authentication with a valid UUID.
More info. And here.

An authentication bypass vulnerability exists in Control iD iDSecure that allows a remote attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. CVSSv3 score of 9.8
More info.

IntelliSpace PACS 2 and Universal Data Manager are affected by a BIG-IP Configuration utility unauthenticated remote code execution vulnerability. CVSSv3 score of 9.8
No patches yet.
More info.

Hikvision products have been affected by an authentication bypass vulnerability in the Hik-Connect Module, which could allow remote attackers to consume services by sending crafted messages to the affected devices. CVSSv3 score of 8.2
More info.

Security vulnerabilities exist in Hikvision Web Browser Plug-in LocalServiceComponents that allow a remote attacker to execute arbitrary code, download malicious files, and cause process exception. Highest CVSSv3 score of 9.1
More info.

NetApp has published 10 bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 7.5
Only 2 have patches.
More info.

Debian has updated the microcode. More info.

Updates for Atlassian products include 26 vulnerabilities rated High by Atlassian.  Products include Jira Software Data Center and Server, Crowd Data Center and Server, Confluence Data Center and Server, Bitbucket Data Center and Server, and Bamboo Data Center and Server.  Highest CVSSv3 score of 8.5
More info.

ownCloud ontains several vulnerabilities that allow a remote attacker to access, modify, or delete files, bypass oauth2 validation, or access PHP information that may provide sensitive information. Highest CVSSv3 score of 10.
More info. And here. And here.

Dell has published security updates for PowerProtect Cyber Recovery, PowerStore, and Index Engines CyberSense that corrects vulnerabilities in third-party software.  Dell rates the highest Critical.
More info. And here. And here.

OpenSUSE has updated the microcode. More info.
Oracle Linux has updated the kernel. More info.

Sophos Web Appliance has been updated to fix several vulnerabilities that could allow a remote attacker to execute arbitrary code.  Highest CVSSv3 score of 9.8
Exploits have been seen in the wild.
More info.

Synology Router Manager contains vulnerabilities that allow a MitM attacker to execute arbitrary code and access intranet resources.
More info.

Phoenix Contact products use WIBU CodeMeter Runtime which has several vulnerabilities.  Manual update of the CodeMeter software is required.  CVSSv3 score of 9.8
More info. And here.

Mozilla has published bulletins rated High for Firefox, Firefox ESR, Firefox for iOS, and Thunderbird.
More info.

A DoS vulnerability was discovered in WithSecure products that allows a remote attacker to trigger an issue where fuzzed file takes longer to scan, which eventually may cause the scanner to hang.
More info.

SUSE has updated the microcode. More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and DoS due to third-party software. Highest CVSSv3 score of 9.8
More info.

Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana. Highest CVSSv3 score of 9.8
More info.

A Security vulnerability has been identified in HP-UX OpenSSL. This vulnerability may cause local and remote DoS. CVSSv3 score of 7.5
More info.

Synology Camera TC500 and BC 500 contains vulnerabilities that allow a remote attacker to execute arbitrary code and bypass security constraints.
More info.

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution.
More info.

Security Center has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 score of 8.8
More info.