Rockwell Automation is aware of multiple products that are affected by vulnerabilities in the GoAhead web server. Exploitation of these vulnerabilities could potentially have a high impact on the confidentiality, integrity and availability of the vulnerable devices. Highest CVSSv3 score of 9.8
Some products are patched, some not.
More info. And here.

Econolite EOS contains Improper Access Control and Use of Weak Hash vulnerabilities. Successful exploitation of these vulnerabilities could result in a remote attacker gaining full control over traffic control functions performed by Econolite hardware. Highest CVSSv3 score of 9.8
No response from Econolite.
More info.

Microsoft has published a security advisory for Windows PPTP.  A remote attacker could send a specially crafted connection request to a RAS server, which could lead to RCE on the RAS server machine. CVSSv3 score of 8.1
More info.

Microsoft has updated Edge with the latest chromium vulnerability fixes.
More info.

There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation.  Highest CVSSv3 score of 10
More info.

HCL BigFix WebUI is affected by security vulnerabilities in BigFix WebUI source code and open source components. Highest CVSSv3 score of 9.8
More info.

ISC has published 4 new bulletins identifying DoS vulnerabilities in BIND 9.  Highest CVSSv3 score of 7.5
More info.

An authentication bypass vulnerability exists in the robot controller of industrial robot MELFA SD/SQ series and F-series. An attacker can gain unauthorized access to a robot controller by performing an unauthorized telnet login. CVSSv3 score of 7.5
More info.

Tenable has published a bulletin identifying 4 vulnerabiliities in Tenable.sc, as well as vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Scientific Linux has updated the kernel. More info.

Multiple vulnerabilities in VMware vRealize Log Insight could allow a remote attacker to collect sensitive information, achieve DoS, or perform RCE. Highest CVSSv3 score of 9.8
More info.

Google has updated Chrome for Desktop to fix 6 security vulnerabilitiesm the most severe of which could allow for arbitrary code execution.
More info.

Microsoft is aware.  More info.

Apple has published updates for tvOS.
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel, the kernel-rt, and kpatch. More info.
Oracle Linux has updated the kernel. More info.

Crestron has patched the UC-engine product line for OpenSSL vulnerabilities. CVSSv3 score of 5.3
More info.

Lexmark has patched their printers to fix a vulnerability that allows an attacker to bypass protections on the device that protect local accounts against brute-force guessing attacks.. CVSSv3 score of 5.3
More info.

A Server-Side Request Forgery vulnerability has been identified in the Web Services feature of newer Lexmark devices. This vulnerability can be leveraged by an attacker to gain arbitrary code execution on the device. CVSSv3 score of 9.0
More info.

Apple has published updates for Safari, iOS, macOS, and watchOS. iOS includes fixes for older versions for actively exploited vulnerabilities.  Highest CVSSv3 score of 9.8.
More info.

DS Agile SMT is built on the Windows-10 operating system and is using an older version of Log4j, allowing a remote attacker to perform RCE.  CVSSv3 score of 10.
More info.

HCL BigFix WebUI is affected by security vulnerabilities in source code and open source components. Highest CVSSv3 score of 9.8
More info.

Red Hat has updated the kernel. More info.
Debian has updated the kernel. More info.

NetApp has published 9 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8  Only 1 bulletin includes patched software.
More info.

Mageia has updated the kernel and kernel firmware. More info.

TP-Link router WR710N-V1-151022 and Archer-C5-V2-160201 are susceptible to two vulnerabilities, including a buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a heap causing DoS or RCE, and a side-channel attack allowing deterministic guessing of each byte of a username and password input during authentication. Highest CVSSv3 score of 9.8
More info.

All versions of the superDimension navigation system run on Microsoft Window’s operating system platforms that are no longer supported, leaving the system with security vulnerabilities which could allow an unauthorized user to execute code on the system.  There is no way to update the system, they recommend not connecting the systems to the hospital network.
More info.

BD has updated Microsoft and third-party software in Kiestra TLA/WCA, Kiestra InoqulA+, Kiestra InoqulA, and Kiestra ReadA.
More info.

PowerDNS Recursor contains a DoS vulnerability.  This problem can be triggered by a remote attacker with access to the recursor by querying names from specific mis-configured domains. CVSSv3 score of 8.2
More info.

Microsoft has updated Edge to fix one security vulnerability.  CVSSv3 score of 6.5
More info.

Ubuntu has updated the kernel. More info.

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. CVSSv3 score of 4.7
More info.

A DoS vulnerability was discovered in WithSecure products whereby the aerdl.dll unpacker handler crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
More info.

A vulnerability in the ccmweb component of MiContact Center Business server could allow an unauthenticated attacker to download arbitrary files due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. 
More info.

Wireshark has published 7 new bulletins identifying memory leaks and software crash vulnerabilities. Highest CVSSv3 score of 4.3
More info.

GE Digital Proficy Historian contains multiple vulnerabilities, including Authentication Bypass using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, Improper Access Control, and Weak Encoding for Password. Successful exploitation of these vulnerabilities could crash the device after access, cause a buffer overflow condition, and allow remote code execution. Highest CVSSv3 score of 9.8
More info.

There is a vulnerability in min-dash that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. CVSSv3 score of 9.8
More info.

Mutliple vulnerabilities have been corrected in DIR-1360 hardware.
More info.

Security updates have been published for Firefox and Firefox ESR.
More info.

Two vulnerabilities in Git could allow a remote attacker to execute arbitrary code on the system. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSSv3 score of 9.8
More info. And here.

Three moderate vulnerabilities have been patched in Apache HTTP Server.
More info.

An authorization bypass vulnerability exists in the WEB server function of the MELSEC iQ-F/iQ-R Series. An unauthenticated remote attacker may be able to access the WEB server function by guessing the random numbers used for authentication from several used random numbers. CVSSv3 score of 5.9
More info.

Oracle Quarterly Patches are expected out this afternoon.  The pre-release notice lists 323 new security patches, with 216 being remotely exploitable without authentication.  Highest CVSSv3 score of 9.9
More info.

Vulnerabilities in libExpat affect IBM Tivoli Network Manager IP Edition. CVSSv3 score of 9.8
More info.

Red Hat has updated the kernel. More info.

Xerox has updated Xerox WorkCentre models to correct vulnerabilities including insecure password encryption, show embedded system accounts, and remove the ability to disable functionality.
More info.

Google has published a security update for ChromeOS / ChromeOS Flex.
More info.

Oracle Linux has updated the kernel. More info.