OPC UA Tunneller contains several vulnerabilities which could allow an attacker to disclose sensitive information, remotely execute arbitrary code, or crash the device. Highest CVSSv3 score of 9.8
More info.

Microsoft has updated chromium-based Edge to include the latest fixes for vulnerabilities.
More info.

Dell has updated EMC Secure Remote Services Virtual Edition to fix vulnerabilities in several third-party components included in the product. Dell rates this Critical.
More info.

Xerox has updated FreeFlow Print Server on Windows 7 to fix several vulnerabilities in third-party software used in the product.
More info.

NetApp has published bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.

Cisco has published 31 new bulletins, 4 rated Critical, 9 rated High, the rest Medium.
More info.

Multiple buffer overflow vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. Highest CVSSv3 score of 8.6
More info.

Mitsubishi Electric has reported a DoS vulnerability in the robot controller of MELFA FR Series and CR Series as well as cooperative robot ASSISTA due  to resource management errors. An attacker can cause a DoS by sending a large amount of packets in burst over a short period of time.  CVSSv3 score of 7.5
More info.

IBM has published two Critical security bulletins for third-party software vulnerabilities innIBM App Connect Enterprise, IBM Integration Bus, and IBM Cloud Pak. CVSSv3 scores of 9.8
More info. And here.

NETGEAR has released fixes for a stack-based buffer overflow remote code execution security vulnerability on several product models.  CVSSv3 score of 8.8
More info.

Arch Linux has updated dnsmasq and several other packages. More info.
Ubuntu has updated the kernel and others. More info.
Mageia has updated the kernel. More info.

Oracle Quarterly Patches are out.  This Critical Patch Update contains 329 new security patches, 209 of these vulnerabilities may be remotely exploitable without authentication. Highest CVSSv3 score of 9.8
More info.

Oracle Solaris third-party bulletin is also out.  There are 5 new security patches, 4 of which may be remotely exploitable without authentication. Highest CVSSv3 score of 7.5
More info.

Cisco has updated a bulletin for Small Business RV110W, RV130, RV130W, and RV215W Routers, raising the level to Critical.  Multiple vulnerabilities in the Universal Plug and Play (UPnP) service and the web-based management interface could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.
More info.

Google has updated Chrome for the Desktop to include 36 security fixes, at least one rated Critical.
More info.

Two vulnerabilties have been discovered affecting the Bosch Fire Monitoring System (FSM-2500 and FSM-5000). Use of Hard-coded Credentials and Use of Password Hash With Insufficient Computational Effort in the database allows an unauthenticated remote attacker to log into the database with admin-privileges. Highest CVSSv3 score of 10
More info.

A vulnerability in AC500 allows attackers to stop the PLC by sending an unauthenticated crafted packet over the network. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This vulnerability has been publicly reported. CVSSv3 score of 7.5
More info.

Thales CPL Team identified a vulnerability in Luna Network HSM 5/6, Luna PCIe, G5 USB HSM and G5 Backup HSM products.
More info.

Sierra Wireless has confirmed two security issues in ALEOS, one of which is remotely exploitable. A buffer overflow exists in the ACENet service, and this buffer overflow may allow remote code execution on some devices. CVSSv3 score of 5.3
More info.

Oracle Linux has updated dnsmasq. More info.

Multiple vulnerabilities in the DNSSEC implementation of dnsmasq could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.  The vulnerabilities are grouped and named DNSpooq.
The detailed description of the graphic elements indicates way too much thought about it...
Dnsmasq has an update, vendors will roll out their updates over time.
More info. Dnsmasq home page.

Cisco bulletin here.
Sophos bulletin here.
Siemens bulletin here.
RedHat bulletins here.

SUSE has updated dnsmasq. More info.
Ubuntu has updated dnsmasq and other packages. More info.
RedHat has updated dnsmasq and openshift. More info.

Researchers have identified a number of vulnerabilities, including backdoors, hardcoded credentials, authentication bypass, and unauthorized access.  FiberHome websites are unresponsive at the moment.
More info.

There is a missing authorization vulnerability in the Apache Solr service that is distributed as part of Watson Knowledge Catalog for IBM Cloud Pak for Data. CVSSv3 score of 9.4
More info.

NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products.
More info.

Apache Tomcat could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker can view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system.
More info.

SUSE has updated the kernel and several other packages. More info.
Ubuntu has updated the kernel and several other packages. More info.
RedHat has updated the kernel and openshift. More info.
Mageia has updated the kernel. More info.
Amazon Linux has updated the kernel and several other packages. More info.
Alpine Linux has released version 3.13.0. More info.

Palo Alto Networks Monthly patches are two vulnerability bulletins and one informational. Highest CVSSv3 score of 4.4
More info.

Juniper Quarterly Patches are out, with 23 bulletins.  Several remote, unauthenticated DoS vulnerabilities are addressed, as well as third-party software vulnerabilities in the products.
More info.

A vulnerability that allows an unauthenticated remote attacker to obtain access that would otherwise be denied in the Simple Authentication and Security Layer (SASL) implementation that is part of the OpenLDAP third party software package has been resolved in Juniper Networks SRX Series configured with Integrated User Firewall. CVSSv3 score of 7.4
More info.

An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. CVSSv3 score of 6.8
More info.

Cisco has published 23 new bulletins, four are rated High.
More info.

A remote, authenticated or anonymous attacker can exploit a vulnerability in Nagios Enterprises Nagios XI to execute arbitrary program code with administrator rights, to reveal information and to carry out a cross-site scripting attack.
More info.

IBM has published new bulletins, seven with a Critical rating. All the Critical bulletins have CVSSv3 scores of 9.8.  Products include MaaS360 Cloud Extender, App Connect Enterprise, Integration Bus, Guardium Data Encryption, and Security Privileged Identity Manager.
More info.

Multiple security vulnerabilities (Ripple20) have been identified in the optional HP/HPE R7000 and R5000 Uninterruptable Power System Network Module Firmware (AF465A). The vulnerabilities could be remotely exploited to execute code, cause denial of service, and expose sensitive information.
More info.

Dell has updated EMC Enterprise Hybrid Cloud to patch multiple VMWare vulnerabilities. Dell rates this Critical.
More info.

Dell EMC Avamar Server contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical. Highest CVSSv3 score of 10
More info.

Aruba has released updates to Airwave Glass that address multiple security vulnerabilities that would allow an unauthenticated remote attacker to bypass authentication, arbitrary code execution, and arbitrary command execution. Highest CVSSv3 score of 9.8
More info.

Huawei has updated their products to fix an Apache Struts2 remote code execution vulnerability.  CVSSv3 score of 9.8
More info.

SUSE has updated the kernel, crmsh, and others. More info.
Arch Linux has updated nodejs, atftp, and several others.  More info.
Oracle Linux has updated the kernel. More info.
RedHat has updated the kernel and others. More info.

Microsoft Monthly Patches are out, with patches for 83 vulnerabilities, 10 of which are rated Critical, one has been previously disclosed, and one is actively being exploited.  Highest CVSSv3 score of 8.8
There are security updates for Windows, Edge (EdgeHTML-based), Office and Office Services and Web Apps, Windows Codecs Library, Visual Studio, SQL Server, Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.
More info. And here. And here.

SAP Monthly Patches are out, with 10 new Security Notes and 7 updated Notes.  Five are rated Hot News, 1 High, 10 Medium, and 1 Low.  Four address missing authorization vulnerabilities.
More info.

It's Adobe Patch Day, and they have published seven updates, including updates for Bridge, Captivate, InCopy, Campaign Classic, Animate, Illustrator, and Photoshop.  All the vulnerabilities are rate Critical.
More info.

Siemens Monthly Patches have been published, with four new bulletins and eight updated bulletins. 
More info.

Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact thesystem by other means through heap and buffer overflow vulnerabilities. CVSSv3 score of 9.8
More info.

Scalance X devices might not generate a unique random key after factory reset, and use a private keyshipped with the firmware. CVSSv3 score of 9.1
More info.

Schneider Electric Monthly Patches consist of three new bulletins and four updated bulletins.
More info.

Schneider Electric uses Treck Inc.’s HTTP Server component in the Sepam ACE850, which contains a heap-based buffer overflow.  CVSSv3 score of 10
More info.

EcoStruxure Operator Terminal Expert (formerly known as Vijeo XD) and Pro-face BLUE products contain an Improper Input Validation vulnerability exists that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI. CVSSv3 score of 8.8
More info.

Mozilla has published an update for Thunderbird, rated Critical, which could be used for RCE.
More info.

HCL Commerce contains an unspecified vulnerability that could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. CVSSv3 score of 9.8
More info.

HCL Commerce contains an information disclosure vulnerability that could allow a remote attacker to obtain user personal data. CVSSv3 score of 7.5
More info.

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. 
More info.

Gentoo Linux has published 8 new security updates. More info.