Microsoft has updated the bulletin for the OMI vulnerabilities to add additional affected products to the Security Updates table. Again.
More info.

Multiple products of PILZ utilise a third-party TCP/IP implementation - the "Niche Ethernet Stack". This TCP/IP stack contains multiple vulnerabilities. Highest CVSSv3 score of 7.5
Updates for one product, mitigations for the rest.
More info.

Xerox Phaser, WorkCentre, and VersaLink products have been updated to correct an issue where scanning the printer with NMAP shows TCP port 3000 is open.
More info.

Xerox FreeFlow Print Server has updates for Oracle, Java, and Firefox.
More info.

NetApp has published 6 new bulletins identifying vulnerabilities in third-party software that affects their products.  No patches yet.
More info.

Microsoft has updated the bulletin for the OMI vulnerabilities to add additional affected products added to the Security Updates table.
More info.

Microsoft has updated chromium-based Edge to include the latest updates to chromium.
More info.

Dell published a security advisory to address vulnerabilities in Dell PowerPath Windows. Exploitation of the vulnerabilities may lead to system compromise, unauthorized access to sensitive information or remote code execution. Highest CVSSv3 score of 9.8
More info.

Moxa has published a bulletin for MGate MB3180/MB3280/MB3480 Series Protocol Gateways identifying multiple vulnerabilities that could lead to remote DoS. CVSSv3 score of 7.5
More info.

Multiple product vulnerabilities were identified in Moxa’s MXview Series. These include allowing remote connections to internal communication channels, hard-coded default passwords, RCE, information exposure, and others.
More info.

IBM API Connect has addressed vulnerabilities in Apache. Highest CVSSv3 score of 8.2
More info.

Endpoint Security for Windows update fixes two vulnerabilities and updates the cURL library. Highest CVSSv3 score of 7.3
More info.

Ubuntu has updated the kernel. More info.

When Tomcat is configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a DoS.
More info.

Apache has been updated to correct several security vulnerabilities, 1 rated High, 3 rated Moderate, and 1 rated Low. The High vulnerability allows a crafted request uri-path to cause mod_proxy to forward the request to an origin server choosen by the remote user.
More info.

A vulnerability exists in iTunes U.  Processing a maliciously crafted URL may lead to arbitrary javascript code execution.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.

Microsoft Monthly Patches are out with 86 vulnerabilities, 3 are Critical, 2 vulnerabilities were previously disclosed and one is being exploited according to Microsoft. Highest CVSSv3 score of 9.8
More info. And here. And here.

Microsoft has released security updates to address a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. CVSSv3 score of 8.8
More info.

There is a critical vulnerability in Microsoft Open Management Infrastructure which may be used for remote code execution. CVSSv3 score of 9.8.
More info.

Adobe Monthly Patches are out with 15 bulletins, covering Acrobat and Reader, Premiere Pro, InCopy, SVG-Native-Viewer, InDesign, FrameMaker, ColdFusion, Creative Cloud Desktop, Photoshop, Photoshop Elements, Premiere Elements, Digital Editions, Genuine Service, Experience Manager, and XMP Toolkit SDK.
More info.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address  multiple critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Highest CVSSv3 score of 8.8
More info.

Johnson Controls KT-1 door controller contains an Authentication Bypass by Capture-replay vulnerability. Successful exploitation of this vulnerability may allow replay attacks. CVSSv3 score of 8.6
More info. And here.

A security issue has been identified in Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller. Citrix rates this Critical.
More info.

IBM Security Guardium has fixed multiple vulnerabilities in third-party software included in the product.  Highest CVSSv3 score of 9.9
More info.

IBM has fixed  Multiple vulnerabilities in ICU libraries used in IBM DataPower Gateway.  Highest CVSSv3 score of 9.8
More info.

IBM has fixed  Multiple vulnerabilities in OpenSSL used IBM Sterling Connect:Express for UNIX. CVSSv3 score of 9.8
More info.

SAP Security Patch Day saw the release of 17 Security Notes, with 2 updates to previously released Patch Day Security Notes. Five of the Security Notes were rated Hot News, with CVSSv3 scores of 9.9 and 10.  The two updates were also Hot News patches.
More info.

Schneider Electric Monthly Patches include 4 new bulletins and 3 updated bulletins. Highest CVSSv3 score of 9.1
More info.

Schneider Electric is aware of multiple vulnerabilities in its StruxureWare Data Center Expert product that could allow a remote attacker to perform remote code execution. CVSSv3 score of 9.1
More info.

Schneider Electric is aware of multiple vulnerabilities in the web server component of the Modicon M340 PLC and the Modicon Quantum and Modicon Premium Legacy and associated communication modules. A remote attacker disclose sensitive information or cause a DoS of the controller, via the web server. CVSSv3 score of 7.5
More info.

Monthly Patches are out for Siemens, with 21 new bulletins and 25 updated bulletins. Highest CVSSv3 score of 10.
More info.

Desigo CC, Desigo CC Compact and Cerberus DMS that use CCOM communication component hosted in IIS contain a deserialisation vulnerability that could allow an unauthenticated attacker to perform remote code execution. CVSSv3 score of 10
More info.

The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges. CVSSv3 score of 10
More info.

The latest update for Industrial Edge fixes a vulnerability that could allow an unauthenticated attacker to change the password of any user in the system. With this an attacker could impersonate any valid user on an affected system. CVSSv3 score of 9.8
More info.

The latest update for SIPROTEC 5 relays fixes two vulnerabilities that could allow a remote attacker to cause a denial-of-service or potentially trigger a remote code execution under certain circumstances. CVSSv3 score of 9.8
More info.

A buffer overflow vulnerability in the integrated web server of multiple APOGEE and TALON automation devices could allow a remote attacker to execute arbitrary code on the devices with root privileges. CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. CVSSv3 score of 8.8
More info.

Apple has published updates for Safari, macOS, watchOS, iOS and iPadOS. Several security updates address 2 zero-day vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device. One vulnerability is known to be used to install the Pegasus spyware on iPhones and Apple is aware of a report that this issue may have been actively exploited.
More info. And here.

Processing maliciously crafted web content with Safari may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
More info.

Processing a maliciously crafted PDF on Catalina, Big Sur, Apple Watch, iOS and iPadOS may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
More info. And here. And here. And here.

Processing maliciously crafted web content on Big Sur, iOS, and iPadOS may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
More info. And here.

Google has updated Chrome with 11 security fixes, two of which have been exploited in the wild.
More info.

Microsoft has updated chromium-based Edge to have the latest updates from Google, including a fix for a vulnerability currently exploited in the wild.
More info.

Microsoft has updated chromium-based Edge to include the latest chromium security updates.
More info. And here.

Philips has begun identifying their products that are affected by the Microsoft PetitPotam vulnerability.  CVSSv3 score of 7.5
More info. And here.

Security vulnerability have been disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Express for UNIX. CVSSv3 score of 9.8
More info.

There are multiple container environment vulnerabilities in IBM Secure Proxy. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities have been identified in Oracle Java which is shipped with IBM Intelligent Operations Center. Highest CVSSv3 score of 9.8
More info.

Dell EMC VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

QNAP has published 5 new bulletins, 2 rated Critical, 2 rated High, and 1 rated Medium.
More info.

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks.
More info.

Two stack buffer overflow vulnerabilities have been reported to affect QNAP devices running QTS, QuTS hero, and QuTScloud. If exploited, these vulnerabilities allow attackers to execute arbitrary code.
More info.

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code.
More info.

Two stack-based buffer overflow vulnerabilities have been reported to affect QNAP NAS running NVR Storage Expansion. If exploited, these vulnerabilities allow attackers to execute arbitrary code.
More info.

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.
More info.

Cisco has published 10 new bulletins, 4 rated High and 6 rated Medium.
More info.

A vulnerability in the IP SLA responder and TWAMP features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a DoS. CVSSv3 score of 8.6
More info.

A vulnerability in the implementation of the RPKI feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the BGP process to crash, resulting in a DoS. CVSSv3 score of 6.8
More info.

A vulnerability in the DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a DoS. CVSSv3 score of 5.8
More info.

Monthly Patches for Palo Alto Networks are out.  Seven bulletins, 5 rated High, 1 rated Medium, and 1 rated Low.
More info.

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated remote attacker to access protected resources and perform unauthorized actions on the Cortex XSOAR server. CVSSv3 score of 8.1
More info.

An improper handling of exceptional conditions vulnerability exists in the PAN-OS dataplane that allows an unauthenticated remote attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts result in DoS to all PAN-OS services by restarting the device and putting it into maintenance mode. CVSSv3 score of 7.5
More info.

Zoho has addressed an authentication bypass vulnerability affecting the REST API URLs in ManageEngine's ADSelfService Plus that could result in RCE. This is rated Critical.
More info. And here.

NetApp has published 5 new bulletins identifying security vulnerabilities in third-party software used in their products.  No patches yet.
More info.

Scientific Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.

Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows, and is aware of targeted attacks that attempt to exploit this vulnerability. CVSSv3 score of 8.8
No patch yet.
More info. And here.

Monthly Patches for Google Android are out with 22 addressed vulnerabilities in addition to the Qualcomm monthly patches. One is rated Critical, 20 rated High, and 1 rated Moderate.
More info.

Monthly Patches are out for Google Pixel, with 2 addressed vulnerabilities in addition to the Google Android and Qualcomm monthly patches.  One is rated High and one Moderate.
More info.

Samsung Monthly Patches are out.  Along with the Google Android patch set, there are 23 addressed vulnerabilities, 2 rated High, the rest Moderate and Low.
More info.

Mozilla published updates for Firefox, Firefox ESR, and Thunderbird that fix several security vulnerabilities, some rated High.
More info.

ABB is aware of vulnerabilities in EIBPORT products. An attacker who successfully exploited these vulnerabilities could access sensitive information stored inside the device and can access the device with root privileges. Highest CVSSv3 score of 9.8 
More info.

Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Mageia has updated the kernel. More info.

Monthly Patches are out for Qualcomm including 10 vulnerabilities, 2 rated Critical, 6 rated High, and 2 rated Medium. Highest CVSSv3 score of 9,.8
More info.

Multiple DoS vulnerabilities due to improper handling of exceptional conditions and improper input validation exist in TCP/IP protocol stack of GOT and Tension Controller. A remote attacker may cause a DoS condition of GOT and Tension Controller by sending specially crafted packets.  No patches, only mitigation.
More info.

ABB Base Software for SoftControl contains a security vulnerability that could allow a remote attacker to run arbitrary code. CVSSv3 score of 9.8  No patches yet.
More info.

A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Photo Station. This is rated Important.
More info.

Microsoft has published an update from chromium-based Edge that includes the latest security updates from Google.
More info. And here.

Advantech WebAccess contains a Stack-based Buffer Overflow vulnerability. Successful exploitation of this vulnerability may allow remote code execution. CVSSv3 score of 9.8
More info.

Several security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance.  Highest CVSSv3 score of 9.9
More info.

IBM UrbanCode Deplay contains Eclipse OpenJ9, which is vulnerable to a stack-based buffer overflow. CVSSv3 score of 9.8
More info.

Dell EMC VNXe3200 Operating Environment contains remediation for multiple third-party vulnerabilities that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical.
More info.

Cisco has published 5 new bulletins, 1 rated Critical and 4 Medium.
More info.

A vulnerability in the TACACS+ AAA feature of Cisco Enterprise NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. CVSSv3 score of 9.8
More info.

Mitsubishi Electric reports DoS and RCE vulnerabilities due in Amazon RTOS memory allocation process. This vulnerability could allow a malicious attacker to cause a DoS condition or remotely execute arbitrary code on a target product by providing specially crafted data. Several Wi-fi Interface and Air Conditioning products are vulnerable. CVSSv3 score of 7.7
No updates, only mitigation.
More info.

Xerox has updated FreeFlow Print Server v9 with Oracle and Java updates, fixing multiple security vulnerabilities.
More info.

Xerox has fixed multiple vulnerabilities in AltaLink products.
More info.

NetApp has published 9 new bulletins identifying security vulnerabilities in third-party software included in their products.  No patches yet.
More info.

Google has published an update for Chrome for Desktop that includes 27 security fixes.
More info.

Multiple product vulnerabilities were identified in Moxa’s OnCell G3470A-LTE and WDR-3124A Series Cellular/Router, including allowing a remote attacker to achieve RCE.
Addressed CVEs span from 2006 to 2021.
More info.

Multiple product vulnerabilities were identified in Moxa’s TAP-323 Series and WAC-1001/2004 Series Railway Wireless Controllers, including allowing a remote attacker to achieve RCE.
Addressed CVEs span from 2006 to 2021.
More info.

Aruba has released patches for ArubaOS that address multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

HPE has published a bulletin for their ArubaOS products.
More info.

Xerox has updated FreeFlow Print Server v7 with Oracle and Java updates, fixing multiple security vulnerabilities.
More info.

Scientific Linux has updated libsndfile, libx11, and the kernel. More info.
CentOS has updated the kernel. More info.

Crafted communication requests may cause a Null pointer dereference in mutliple CODESYS products and may result in a DoS.  CVSSv3 score of 7.5
More info.

In CODESYS V3, the web server is an optional part of the CODESYS runtime system. Therefore, all CODESYS V3 runtime systems contain the CmpWebServer. Specific web server requests may have read access to private files, which may contain user IDs and password hashes. CVSSv3 score of 7.5
More info.

In CODESYS V3, the web server is an optional part of the CODESYS runtime system. Therefore, all CODESYS V3 runtime systems contain the CmpWebServer. Specific crafted requests may cause a heap-based buffer overflow. Further on this could crash the web server, lead to a DoS or may be utilized for RCE. CVSSv3 score of 9.8
More info.

Multiple vulnerabilities were reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. CVSSv3 score of 9.1
More info.

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) allows specially crafted requests to read and write some special parameters without authentication. CVSSv3 score of 9.8
More info.

WAGO controllers include vulnerable versions of OpenSSL. With special crafted requests it is possible to bring the device out of operation. CVSSv3 score of 7.5
More info.

An out-of-bounds read vulnerability in OpenSSL has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. If exploited, the vulnerability allows remote attackers to disclose memory data or execute a denial-of-service (DoS) attack.
More info.

Red Hat has updated kpatch, the microcode, and the kernel. More info.
Oracle Linux has updated libsndfile, libx11, and the kernel. More info.
CentOS has updated libx11 and libsndfile. More info.

Dell has published updates for EMC SupportAssist Enterprise that contains remediation for Third-party Component vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this High.
More info.

Red Hat has updated libx11 and libsndfile. More info.
Alpine Linux has published a new release. More info.

Johnson Controls CEM Systems AC2000 contains an Improper Authorization vulnerability. Under specific conditions, successful exploitation of this vulnerability could allow a remote attacker access to the system without adequate authorization. CVSSv3 score of 8.2
More info. And here.

Delta Electronics DIAEnergie contains several vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to retrieve passwords in cleartext, remotely execute code, cause a user to carry out an action unintentionally, or log in and use the device with administrative privileges. Highest CVSSv3 core of 9.8
More info.

Annke N48PBB (NVR) contains a Stack-based Buffer Overflow vulnerability. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker access to sensitive information and execute arbitrary code. CVSSv3 score of 9.4
More info.

OPC Foundation has pubished an update for a vulnerability in the Local Discovery Server (LDS) that allows remote attackers to cause a denial of service (DoS) by sending carefully crafted messages. CVSSv3 score of 7.5
More info.

NetApp has published 9 new bulletins identifying security vulnerabilities in third-party software used in their products.  No patches yet.
More info.

NETGEAR has released fixes for an authentication bypass security vulnerability in several product models.
More info.

Cisco has released 14 new bulletins, 1 rated Critical, 6 rated High, and the rest Medium.
More info.

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. CVSSv3 score of 9.1
More info.

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. CVSSv3 score of 8.6
More info.

A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. CVSSv3 score of 8.6
More info.

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. CVSSv3 score of 8.6
More info.

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric. CVSSv3 score of 8.6
More info.

A vulnerability in Red Lion’s DA50A and DA70A modular gateways allows an attacker to create arbitrary connections from the subject device to hosts on both internal and external networks. This may allow unauthorized access to connected devices, or the use of the device for malicious and bandwidth-consuming activities such as the sending of unsolicited commercial email. CVSSv3 score of 8.3
This has been used in exploits already.
More info.

An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.  CVSSv3 score of 9.8
More info.

Hitachi ABB Power Grids has published updates for FragAttack vulnerabilities in the TropOS products. An attacker could use a weakness in the Wi-Fi protocol to implement a MitM attack, snooping Wi-Fi frames and appending undetected packet fragments that could be used spoof IP address and/or DNS information. A client connected to a TropOS Wi-Fi access point could directed to fake websites, used to extract sensitive data. Highest CVSSv3 score of 10
More info. And here.

Vulnerabilities in IBM SDK Java Technology affect IBM Integration Bus, IBM App Connect Enterprise, and IBM Security Directory Suite. Highest CVSSv3 score of 9.8
More info. And here.

Publicly disclosed vulnerabilities in XStream affect Tivoli Netcool Configuration Manager. Highest CVSSv3 score of 9.8
More info.

Security vulnerabilities in several HPE Aruba FlexNetworking, Flexfabric, and MSR switches and routers could allow local and remote access or disclosure of information, DoS, and XSS. Highest CVSSv3 score of 7.8
More info.

F5 has published 35 new security bulletins, with 13 rated High.  Highest CVSSv3 score of 9.9
More info.

Multiple vulnerabilities in VMware vRealize Operations have been patched, including an Arbitrary log-file read vulnerability, SSRF, and Broken access control leading to unauthenticated API access. Highest CVSSv3 score of 8.6.
More info.

OpenSSL has published a security advisory identifying two vulnerabilities in OpenSSL, one rated High and one Moderate.
More info.

Dell EMC ECS has been udpated for multiple security vulnerabilities in third-party software that could be exploited by remote attackers to compromise the affected system. Dell rates this Critical.
More info.

PowerPath Management Appliance has provided updates for tomcat security vulnerabilities that could be exploited by remote attackers to compromise the affected system. Dell rates this High.  Highest CVSSv3 score of 7.5
More info.

SUSE has updated systemd. More info.
OpenSUSE has updated systemd. More info.
Red Hat has updated the microcode. More info.
Ubuntu has updated the kernel. More info.

BD has published Microsoft and third-party software updates for their products that fix known security vulnerabilities.  The products include FACSAria, Max, Accuri C6 Plus, and EpiCenter.
More info.

A DoS vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker.
More info.

Mageia has updated the kernel. More info.