MediaTek has published their Monthly Patches with 3 vulnerabilities rated High, 9 rated Medium.
More info.

Google Monthly Patches for Android are out, with 1 Critical vulnerability, and 31 High, with Arm, MediaTek, Unisoc, and Qualcomm patches as well.
More info.

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities.  Highest CVSSv3 score of 9.8
More info.

Red Hat has updated the kernel. More info.

A vulnerability in Exim allows remote attackers to execute arbitrary code on affected installations of Exim. CVSSv3 score of 9.8
This was released as a 0-day.
More info. And here.

BD has published security updates for Phoenix M50, Assurity Linc, and BACTEC FX40.
More info.

Qualcomm Monthly Patches are out with 17 vulnerabilities, 3 rated Critical, 13 rated High, and 1 rated Medium. Highest CVSSv3 score of 9.8
More info.

Microsoft has updated Edge to fix the libvpx vulnerability that is being exploited.
More info.

NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Six have patches.
More info.

Vulnerabilities in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface have been identified. Highest CVSSv3 score of 10.
More info.

Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.  Dell rates this Critical.
More info.

Oracle Linux has updated the kernel. More info.
Alpine Linux has published 3.18.4. More info.

Cisco has published 15 new bulletins, 1 rated Critical, 7 rated High, and 7 rated Medium. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager could allow an attacker to access an affected instance or cause a DoS on an affected system. Highest CVSSv3 score of 9.8
More info.

Vulnerabilities in Cisco IOS XE Software could allow a remote attacker to cause a DoS. CVSSv3 score of 8.6
More info. And here. And here. And here.

A vulnerability in Cisco DNA Center could allow a remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. CVSSv3 score of 8.6
More info.

A vulnerability in the networking component of Cisco AP software could allow a remote attacker to cause a DoS. CVSSv3 score of 5.8
More info.

Google has published an update for Chrome for Desktop that fixes 10 security vulnerabilities, one of which is exploited in the wild.
More info.

Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps.  Highest CVSSv3 score of 9.8
More info.

IBM Cloud Pak System has addresssed vulnerabilities in Golang Go.  Highest CVSSv3 score of 9.8
More info.

Security vulnerabilities has been identified in OneView Software. These vulnerabilities could be remotely exploited to allow authentication bypass. CVSSv3 score of 9.8
More info.

Mozilla has updated Firefox, Firefox ESR, Firefox for Android, and Firefox Focus for Android  Mozilla rated this Critical, and it is actively exploited.
More info.

Bently Nevada 3500 Rack (TDI Firmware) contains several vulnerabilities including exposure of sensitive information, cleartext transmission of sensitive information, and authentication bypass by capture-replay.  Highest CVSSv3 score of 7.5
No patches, only mitigation.
More info.

Due to a NULL pointer dereference bug Squid is vulnerable to a DoS attack against Squid's Gopher gateway. CVSSv3 score of 7.5
More info.

Apple has published security updates for Safari and macOS.
More info.

Multiple Expat vulnerabilities exist in Hirschmann HiOS products, HiSecOS products, BAT-C2, and GECKO. Highest CVSSv3 score of 9.8
More info.

A new exploit for a previously reported code execution vulnerability in Junos OS works without a previous file upload. Highest CVSSv3 score of 9.8
More info.

Mozilla has published bulletins rated High for Firefox, Firefox ESR, and Thunderbird.
More info.

SUSE has updated the kernel.  More info.
OpenSUSE has updated the kernel. More info.

Hitachi Energy includes libexpat open-source software in their AFx series products. There are multiple vulnerabilities in the libexpat component that allow a remote attacker to compromise the targeted devices availability, integrity, and confidentiality. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in third-party software affect IBM Application Performance Management products.  Highest CVSSv3 score of 9.8
More info. And here. And here. And here. And here.

Dell EMC VPlex Metro Node remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

Dell Connectrix (Brocade) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this High.
More info.

Oracle Linux has updated the kernel.  More info.
Amazon Linux has updated the kernel. More info.

WAGO products e!COCKPIT and WAGO-I/O-Pro both include vulnerable WIBU Systems Codemeter product. Highest CVSSv3 of 9.8
More info.

BD has published Microsoft and third-party software updates for FACSCanto 10-Color System, FACSCelesta, FACSAria, FACSCanto II System, LSRFortessa, FocalPoint, EpiCenter, and Totalys.
More info.

A vulnerability exists in how Elasticsearch handled incoming requests on the HTTP layer. A remote attacker could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. CVSSv3 score of 7.5
More info.

Oracle Linux has updated the kernel.  More info.

Apple has updated iOS, iPadOS, watchOS, macOS, and Safari to fix Exploited, Critical vulnerabilities.
More info.

Real Time Automation 460MCBS contains a Cross-site Scripting vulnerability that could allow an attacker to run malicious JavaScript content. CVSSv3 score of 9.4
Public PoC exists.
More info.

D-Link DIR-823G was discovered to contain stack overflow vulnerabilities. CVSSv3 score of 9.8
PoC exists.
More info. And here.

Vulnerabilities in Apache, Legacy QTS, and Multimedia Console affect QNAP products.  These are rated Medium and High.
More info.

NetApp has published 7 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 7.8
No patches yet.
More info.

SUSE has updated the kernel.  More info.

 Three vulnerabilities have been identified in Ingeteam INGEPAC DA 3451 and INGEPAC EF MD.  Highest CVSSv3 score of 8.6
More info.

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi are prone to multiple vulnerabilities which could lead up to a full compromise of the FDS101 device. Highest CVSSv3 score of 9.8
More info.

Dell Secure Connect Gateway has been updated to correct multiple security vulnerabilities in third-party software.  Dell rates this Critical.
More info.

A buffer overflow vulnerability exists in Logix communication devices. If exploited, a remote attacker could leverage this vulnerability to perform RCE. CVSSv3 score of 9.8
More info.

Connected Components Workbench utilizes CefSharp that contains a use after free vulnerability in Google Chrome. A remote attacker could perform a sandbox escape via a crafted HTML page. CVSSv3 score of 9.6
More info.

An input/output validation vulnerability exists in third-party software used inPanelView 800 that could lead to a disclosure of sensitive information, addition or modification of data, or a DoS.  CVSSv3 score of 9.8
More info.

Oracle Linux has updated the kernel. More info.

Omron CJ/CS/CP series programmable logic controllers use the FINS protocol, which is vulnerable to brute-force attacks. The controllers do not enforce any rate limit on password guesses to password-protected memory regions. CVSSv3 score of 7.5
More info.

Four high-severity vulnerabilities have been fixed in Atlassian products. Highest CVSSv3 score of 8.5
More info.

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. CVSSv3 score of 7.5
More info.

An issue with Recursion depth may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. CVSSv3 score of 7.5
More info.

SUSE has updated the kernel and kernel-rt. More info.
OpenSUSE has updated the kernel and kernel-rt. More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Multiple products are affected by WIBU Codemeter vulnerabilities. Highest CVSSv3 score of 10.
More here.

Google updates for Pixel include Android security patches and 1 Pixel-specific security vulnerability rated High, currently being exploited.
More info.

Vulnerabilities in Bash affect ProtecTIER.  Note these are the ShellShock vulnerabilities, 9 years later. Highest CVSSv3 score of 10.
More info.

Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products. Highest CVSSv3 score of 9.8
More info.

Vulnerabilities in "Go" affect IBM CICS TX Standard and Advanced. Highest CVSSv3 score of 9.8
More info. And here.

Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Apple has published iOS 17, iPadOS 17, watchOS 10, and tvOS 17, all in the security updates table, but with no details.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Free5Gc contains a CSRF vulnerability that could allow a remote attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". CVSSv3 score of 9.8
More info. And here.

NetApp has published 14 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.8
No patches yet.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.