VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware rates this Critical, CVSSv3 score of 9.8.
More info. And CISA bulletin is here.

A vulnerability in the OPC UA Legacy Java Stack that allows a remote attacker to send messages that prevent a server from accepting new requests, resulting in a DoS.  CVSSv3 score of 7.5
More info.

Apple has published a security update for iTunes for Windows.
More info.

Dell Technologies PowerProtect DataDomain has been updated to correct an iDRAC9 VNC Console authentication vulnerability.  CVSSv3 score of 9.6
More info.
 
Dell EMC Enterprise Hybrid Cloud has been updated to correct the latest VMware vulnerability that may be exploited by remote attackers to compromise the affected system. CVSSv3 score of 9.8
More info.

Traffix SDC contains a vulnerability in Cyrus SASL that allows an attacker to run arbitrary SQL commands.  CVSSv3 score of 8.6
More info.

ISC BIND is vulnerable to a denial of service, caused by an assertion failure when a TLS connection to a configured http TLS listener with a defined endpoint is ended prematurely. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a DoS. CVSSv3 score of 7.5
More info.

Red Hat has updated the kernel.  More info.

Several Aruba products use the Expat XML processing library, which contains several vulnerabilities. Highest CVSSv3 score of 9.8
More info. And HPE's bulletin is here.

IBM Spectrum Protect Plus is affected by a Mozilla NSS vulnerability. CVSSv3 score of 9.8.
More info.

IBM MQ Operator and MQ Advanced container images are affected by issues in third-party software.  Highest CVSSv3 score of 9.8
More info.

Oracle Linux has updated the kernel.  More info.

Apple has patched Safari, tvOS, iOS, iPadOS, watchOS, Xcode, macOS Catalina, Big Sur, and Monterey. Several vulnerabilities allow arbitrary code execution.
More info. And here.

Multiple DoS vulnerabilities exist in MELSEC iQ-F series CPU module. These vulnerabilities could allow a remote attacker to cause a DoS condition for a product's program execution or communication. In one instance a system reset is required to recover. Highest CVSSv3 score of 8.6.
More info.

In Spring Security RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers allowing an authorization bypass. CVSSv3 score of 8.2
More info.

OpenSUSE has updated the kernel.  More info.

SonicWall SSLVPN SMA1000 series appliances are affected by multiple vulnerabilities, including an unauthenticated access control bypass, and a shared and hard-coded encryption key. Highest CVSSv3 score of 8.2.
More info.

Microsoft has updated chromium-based Edge to include the latest chromium security updates.
More info.

NetApp has published 6 new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.

SUSE has updated the kernel.  More info.

Cambium Networks cnMaestro contains multiple vulnerabilities, including OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function, Successful exploitation of these vulnerabilities could allow a remote attacker to gain RCE, sensitive data exfiltration, and complete takeover of the main multi-tenant cloud infrastructure. Highest CVSSv3 score of 9.8
More info.

InHand Networks has confirmed the vulnerabilities impacting the Industrial Router IR302, which will allow attackers to execute arbitrary commands, file uploading, increase privileges or steal cookies via specific request. Highest CVSSv3 score of 9.9
More info.

Vulnerability in IBM SDK Java affects IBM Cloud Pak System. CVSSv3 score of 9.8
More info.

IBM Security Guardium has fixed several vulnerabilities by updating the Apache Thrift component. Highest CVSSv3 score of 9.8
More info.

Apache Tomcat has a Request Mix-up vulnerability that could result in connections using the same object concurrently which could result in information disclosure.  Apache rates this High.
More info.

Zyxel has released patches for an OS command injection vulnerability. CVSSv3 score of 9.8
More info.

SUSE has updated the kernel.  More info.
Ubuntu has updated the kernel and rsyslog. More info.

Monthly Patches are out for Palo Alto Networks, with 4 bulletins, 1 rated High and 3 rated Medium. Highest CVSSv3 score of 7.2
More info.

MELSOFT iQ AppPortal is affected by vulnerabilities in third party software used by the server software VisualSVN Server. Exploits for these vulnerabilities may allow a remote attacker to disclose or tamper with information with the product, cause a DoS, or execute malicious programs. Highest CVSSv3 score of 9.8
More info.

Dell has published an update for EMC iDRAC9 the corrects an Improper Authentication vulnerability that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical. CVSSv3 score of 9.6
More info.

Dell Unity, Dell UnityVSA, and Dell Unity XT contain a XSS vulnerability that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical. CVSSv3 score of 6.1
More info.

Xerox has updated FreeFlow Print Server v2 to include security fixes for Windows 10, OpenJDK, and Firefox.
More info.

Ubuntu has updated the kernel. More info.

 Microsoft Monthly Patches are out, with 75 vulnerabilities. Of these, 8 are Critical, 3 were previously disclosed, and one is already being exploited. Highest CVSSv3 score of 9.8
More info. And here. And here.

Windows Network File System and Windows LDAP contain remotely exploitable RCE vulnerabilities. CVSSv3 score of 9.8
More info. And here.

Adobe Monthly Patches include updates Critical vulnerabilities in Character Animator, ColdFusion, InDesign, Framemaker, and InCopy.
More info.

Adminer database management tool used in Industrial products contains a vulnerability that allows a remote attacker to read database credentials and steal data.  CVSSv3 score of 7.5
More info.

Google has published an update for Chrome for Desktop with 13 security fixes.
More info.

Microsoft is aware and working on chromium-based Edge. More info.

Phoenix Contact RAD-ISM-900-EN-BD devices use third-party software with multiple vulnerabilities.  CVSSv3 score of 9.1
More info.

TIBCO Managed File Transfer Command Center and Internet Server contain a XXE vulnerability exploitable by remote attackers.  CVSSv3 swcore of 8.6
More info.

Information disclosure and DoS vulnerabilities due to out-of-bounds read and integer overflow in OpenSSL exist in the MELSOFT GT OPC UA Client. Highest CVSSv3 score of 7.5
More info.

curl has several Medium and Low vulnerabilities that have been fixed in the latest release.
More info.

Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.

Check Point has updated ZoneAlarm Extreme Security to fix a security vulnerability.  This is rated Critical.
More info.

Monthly Patches are out for Siemens, with 12 new bulletins and 15 updated bulletins. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities exist in the webserver of SICAM P850 and SICAM P855 devices. These include unauthenticated access to web-interface functionality, missing HTTPS or impersonation as well as cross-site scripting related vulnerabilities. Highest CVSSv3 score of 9.8
More info.

A vulnerability exists in the OPC Foundation Local Discovery Server of several industrial products. A remote attacker could cause a DoS. CVSSv3 score of 7.5
More info.

Desigo PXC3, PXC4, PXC5 and DXR2 devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially intercept unencrypted transmission of sensitive information, cause a DoS, or perform RCE. Highest CVSSv3 score of 9.0
More info.

A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a DoS. CVSSv3 score of 7.5
More info.

Monthly Patches are out for Schneider Electric with 3 new bulletins and 3 updated bulletins.
More info.

Schneider Electric is aware of multiple vulnerabilities in its Wiser Smart products, including hard-coded credentials, failure to limit authentication attempts, and others.  Highest CVSSv3 score of 9.4
More info.

SAP Monthly Patches are out with 10 new Security Notes, and 4 updated notes. Of the new Notes, 3 are rated Hot News, 2 rated High, and 5 rated Medium. Highest CVSSv3 score of 9.8
More info.

Google has published an update for Chrome for Android with 13 security fixes.
More info.

Google has updated ChromeOS with several security fixes.
More info.

Nessus Network Monitor has been updated to fix vulnerabilities in third-party software.  Highest CVSSv3 score of 9.8
More info.

OpenSUSE has updated rsyslog. More info.
SUSE has updated rsyslog. More info.

The operation management interface of FUJITSU Network IPCOM provided by FUJITSU LIMITED contains multiple vulnerabilities. A remote attacker may execute arbitrary commands, obtain and/or alter sensitive information, or cause a DoS. CVSSv3 score of 9.8
More info.

Rockwell Automation has identified FactoryTalk Linx Gateway as vulnerable to APT cyber tools targeting ICS/SCADA devices (PIPEDREAM/INCONTROLLER).
More info.

Multiple vulnerabilities in VMware vCenter plugins affect IBM Cloud Pak System. Highest CVSSv3 score of 9.8
More info.

OpenSUSE has updated the kernel. More info.
Mageia has updated rsyslog. More info.

A vulnerability has been reported to affect QNAP VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands. QNAP rates this Critical.
More info.

A vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. QNAP rates this High.
More info.

Multiple vulnerabilities have been reported to affect QTS, QuTS hero, and QuTScloud. If exploited, these vulnerabilities allows remote attackers to run arbitrary commands, traverse the file system to unintended locations and read or overwrite files, inject malicious code, or redirect users to an untrusted page that contains malware. QNAP rates this High.
More info.

A path traversal vulnerability in thttpd has been reported to affect QNAP devices running QTS, QuTS hero, and QuTScloud. If exploited, this vulnerability allows attackers to access and read sensitive data. QNAP rates this Medium.
More info.

Multiple vulnerabilities have been reported to affect QNAP NAS running certain versions of Video Station. If exploited, this vulnerability allows remote attackers to access sensitive data, perform unauthorized actions, and compromise the security of the system. QNAP rates this Medium.
More info.

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in IBM WebSphere Application Server.  CVSSv3 score of 9.8
More info.

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities in third-party software and IBM WebSphere Application Server Liberty. Highest CVSSv3 score of 9.8
More info.

Sophos Firewall has been updated to fix several security vulnerabilities, including an authentication bypass vulnerability allowing RCE rated Critical.
More info.

NetApp has published 7 new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.

Belden Provize Basic has been updated to fix security vulnerabilities in third-party software that is included in the product. Highest CVSSv3 score of 9.8
More info. And here. And here.

Dell EMC NetWorker vProxy updates are available for multiple security vulnerabilities in SUSE that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical.
More info.

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities, including vulnerabilities in the web-based management interface of ClearPass Policy Manager that could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host.  Highest CVSSv3 score of 9.8
More info.

Mozilla has published security updates for Thunderbird, rated High.
More info.

Access control vulnerabilities has been identified in Mitel 6800 Series SIP Phones and 6900 Series SIP phones (excluding the 6970) running SIP and MiNet firmware that could allow a remote attacker RCE.
More info. And here.

F5 Monthly Patches are out, with 43 Security Advisories, and another 10 Security Exposures.  One advisory is rated Critical, 17 are rated High, 24 are rated Medium, and 1 Low. Highest CVSSv3 score of 9.8
More info.

Fortinet Monthly Patches are out with 9 bulletins,  1 rated Critical, 2 are rated High, and 6 are rated Medium. Highest CVSSv3 score of 9
More info.

Yokogawa has updated a previous bulletin to include the ProSafe-RS product as vulnerable.  Highest CVSSv3 score of 7.5
More info.

Multiple heap overflow vulnerabilities exist with various networking vendors, dubbed TLStorm 2.0. ArubaOS-Switch devices are affected by these vulnerabilities. Exploitation allows for attackers to execute arbitrary code on the affected device. CVSSv3 score of 9.0
More info.

HPE's bulletin here.

Several moderate vulnerabilities in OpenSSL have been patched in the latest updates.
More info.

Rockwell Automation Factory Talk Production Center products contain third-party software that has several vulnerabilities. If exploited, these vulnerabilities could allow RCE, information disclosure, and DoS on FTPC products.
More info.

Hitachi Energy Gatway Station and FACTS Control Platform products are affected by multiple open-source software vulnerabilities. An attacker could eavesdrop on the traffic between network source and destination, gain unauthorized access to information or cause a DoS. Highest CVSSv3 score of 8.1
More info. And here.

Mozilla has published security updates for Firefox and Firefox ESR, rated High.
More info.

Emerson AVENTICS AF2 Series flow sensor with Ethernet communication interface has multiple, specific cybersecurity vulnerabilities. The vulnerabilities may allow attackers to disrupt the embedded web server of the device under very specific circumstances and could allow denial of view functions and possibly exposure of system resources. Highest CVSSv3 score of 5.8
More info.

Oracle Linux has updated the kernel. More info.

Qualcomm Monthly Patches are out, with 13 CVEs in proprietary software, and 10 more in open-source software.  Of the proprietary CVEs, 2 are rated Critical, 10 are rated High, and 1 Medium. Several vulnerabilities are remotely exploitable without Authentication.  Highest CVSSv3 score of 9.3
More info.

Google has published Android Monthly Patches, with 18 addressed CVEs, plus MediaTek and Qualcomm patches. 16 vulnerabilities are rated High, 2 Medium.
More info.

Monthly Patches for Pixel are also out, with 6 additional patched vulnerabilities, 2 rated Critical, 4 High.
More info.

Samsung Monthly Patches include 18 additional SVEs, along with Android patches.
More info.

Debian has updated the kernel. More info.

TRUMPF TruTops Fab, TruTops Boost, and TruTops Monitor contain a missing authentication vulnerability. CVSSv3 score of 9.8
More info.

The PLC application of the control systems ctrlX CORE, IndraLogic, IndraMotion MTX, IndraMotion MLC and IndraMotion MLD contains PLC technology from CODESYS GmbH. Exploiting vulnerabilities in the CODESYS protocol allows remote attackers to stop the web server communication with the PLC runtime or a temporary blocking of the communication to the PLC runtime. Highest CVSSv3 score of 7.5
More info.

SICK has reported a DoS vulnerability in Gateway Flexi Soft, due to a mishandling of Read Implicit Request services. An attacker could use this vulnerability to affect the availability of the Gateway Flexi Soft. CVSSv3 score of 7.5
More info.

Dell has published updates for Dell Unity, Dell UnityVSA, and Dell Unity XT security vulnerabilities and third-party software. Dell rates this Critical.
More info.

Multiple F5 products contain a vulnerable version of Expat. CVSSv3 score of 9.8
More info. And here. And here. And here.