Cisco has updated all the ASA and Firepower bulletins with this notice:   Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 
More info.

B. Braun OnlineSuite contains multiple vulnerabilities.  Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, download and upload arbitrary files, and perform remote code execution. Highest CVSSv3 score of 8.6
More info. And here.

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus contain multiple vulnerabilities, mostly around authorization and authentication best practices. Successful exploitation of these vulnerabilities could allow an attacker to compromise the security of the Space or compactplus communication devices, allowing an attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution. 
More info. And here.

Microsoft has updated chromium-based Edge to correct the latest chromium vulnerabilities.
More info.

NetApp has published four new bulletins regarding third-party software vulnerabilities that affect NetApp products.
More info.

SUSE has updated the kernel, xen, and others. More info.
OpenSUSE has updated mailman. More info.
RedHat has updated firefox and openjdk. More info.
Oracle Linux has updated openjdk. More info.
Ubuntu has updated firefox and others. More info.
Gentoo Linux has updated freetype. More info.

Cisco has published 36 new bulletins, 20 rated High.  Vulnerabilities are addressed in ASA, Firepower, FXOS, and other products.
More info.

Mozilla has published a bulletin for Thunderbird rated High, which could result in DoS or RCE.
More info.

The HPE BlueData EPIC Software Platform and HPE Ezmeral Container Platform use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. CVSSv3 score of 9.9
More info.

Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Media Server.
More info.

SUSE has updated the kernel, tomcat, php, and others. More info.
OpenSUSE has updated chromium. More info.
RedHat has updated openjdk. More info.
Oracle Linux has updated the kernel. More info.
Debian has updated firefox and freetype. More info.
Ubuntu has updated pam-python. More info.

Oracle has released its Quarterly Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. 268 of the vulnerabilities are remotely exploitable without authentication.  A remote attacker could exploit these vulnerabilities to take control of an affected system.
More info.

Adobe has released updates for Creative Cloud Desktop, InDesign, Media Encoder, Premier Pro, Photoshop, After Effects, Animate, Marketo, Dreamweaver and Illustrator.
More info.

Adobe has released updates for Adobe Animate for Windows and macOS. This update resolves multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
More info.

Google has published a new version of Chrome with five security fixes, the most severe of which could allow for arbitrary code execution.
More info.

Cisco has reported public exploits for vulnerability reported and fixed in February.  A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.
More info.

A vulnerability exists in Hitachi ABB XMC20 products. An attacker could exploit the vulnerability by sending a specially crafted message to the XMC20 node, causing the node to allow the attacker to open a communication channel without first performing authentication, resulting in unauthorized access. CVSSv3 score of 9.1
More info.

Mozilla has published security advisories for Firefox and Firefox ESR that are rated High, and outline vulnerabilities that could lead to RCE or DoS.
More info.

Aruba has released updates to Airwave Glass that address multiple security vulnerabilities, including RCE via unauthenticated exposure of services.  Highest CVSSv3 score of 9.8
More info.

SUSE has updated the kernel and others. More info.
OpenSUSE has updated bind and php. More info.
RedHat has updated postgresql. More info.
Debian has updated mariadb. More info.
Ubuntu has updated tomcat and others. More info.
Mageia has updated the kernel, tigervnc, and others. More info.
Scientific Linux has updated squid, libssh2, and others. More info.
Alpine Linux has put out version 3.12.1 More info.

A potential information leakage vulnerability can result in unauthorized access to NetIQ Directory Resource Administrator.
More info.

OpenSLP as used in ESXi has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. CVSSv3 base score of 9.8.
More info.

OpenSUSE has updated bind, the kernel, and transfig. More info.
RedHat has updated the kernel, python, and others. More info.
Debian has updated the kernel. More info.
Ubuntu has updated the kernel and collabtive. More info.
Arch Linux has updated freetype2. More info.
Gentoo Linux has updated ark, libxml, and others. More info.

Multiple components within Dell EMC Integrated Data Protection Appliance (IDPA) require a security update to address various vulnerabilities. 
More info.

Solr prevents some features considered dangerous (which could be used for RCE) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
More info.

The Zerologon vulnerability has been reported to affect some versions of QTS.  If exploited, this vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller. CVSSv3 score of 10
More info.

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones.
More info.

SUSE has updated gcc and others. More info.
OpenSUSE has updated phpmyadmin, rubygem, powerdns, and others. More info.
RedHat has updated nodejs and one other. More info.
Debian has updated yaws. More info.
Arch Linux has updated the kernel, powerdns, lua, and others. More info.
Gentoo Linux has updated chromium, firefox, and thunderbird. More info.
Mageia has updated php, flash, wireshark, and others. More info.

Eaton's XSOFT CODESYS Development System uses 3S’s Codesys Runtime, which uses WIBU CodeMeter Runtime and therefore is impacted by the WIBU vulnerabilities.  Highest CVSSv3 score of 10
More info.

Several IBM products are affected by vulnerabilities in FasterXML jackson-databind.  CVSSv3 score of 9.8
More info.  And here.  And here.

Multiple components within Dell EMC Enterprise Hybrid Cloud require a security update to address various vulnerabilities.
More info.

Multiple components within Dell EMC Integrated Data Protection Appliance require a security update to address various vulnerabilities. 
More info.

Dell EMC OpenManage Enterprise (OME) has been updated to address a vulnerability in Apache Shiro that may be exploited to compromise the affected systems.
More info.

Security vulnerabilities in HPE Intelligent Management Center (iMC) PLAT  could allow remote code execution. Highest CVSSv3 score of 9.8
More info.

An improper input validation vulnerability exists in UEM Core that could potentially allow a successful attacker to cause a DoS. CVSSv3 score of 7.5
More info.

SUSE has updated rugygem and others. More info.
Debian has updated httpcomponents-client. More info.
Ubuntu has updated php and vim. More info.

Juniper Quarterly Patches are out, with 40 new bulletins for Junos OS, Junos OS Evolved, and Contrail Networking.
More info.

Multiple vulnerabilities in third party software used in Juniper Networks Contrail Networking have been resolved in Release R2008. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities have been resolved in Juniper Networks NFX Series by updating third party software included with NFX Series devices. Highest CVSSv3 score of 8.2
More info.

Juniper Networks Junos OS contains a vulnerability in the telnetd Telnet server which allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. CVSSv3 score of 9.8
More info.

Fieldcomm Group HART-IP and hipserver contain a vulnerability that would allow a malicious attacker to exploit this interface by constructing HART-IP messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device.  CVSSv3 score of 9.8
More info.

Bosch has published a bulletin addressing the Microsoft RDS vulnerability from May 2019 that exists in Rexroth Industrial PCs. Install the Microsoft patches. CVSSv3 score of 9.8
More info.

APTARE version 10.5 contains fixes for Authorization bypass and Login process bypass vulnerabilities that could allow an unauthorized attacker to conduct RCE. Highest CVSSv3 score of 9.8
More info.

SUSE has updated php, tigervnc, the kernel, and others. More info.
OpenSUSE has updated tigervnc. More info.
RedHat has updated flash and others. More info.
Ubuntu has updated python, the kernel, and dom4j. More info.
Mageia has updated mariadb. More info.

Microsoft Monthly Patches are out, with 88 vulnerabilities, 12 rated Critical and 6 Publicly Disclosed.  Highest CVSSv3 score of 9.8
More info.

The Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker can send specially crafted packets to execute code on the target server or client. CVSSv3 score of 9.8
More info.

A RCE vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker could run arbitrary code in the context of the SharePoint application. CVSSv3 score of 8.6
More info. And here.

A RCE vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker could run arbitrary code in the context of the logged in user. CVSSv3 score of 8.1
More info.

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability which could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.
More info.

Schneider Electric Monthly Patches are out with 5 new bulletins and 6 updated bulletins.
More info.

A Credentials Management vulnerability exists in the web server of the Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their communication modules. A remote unauthenticated attacker could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. CVSSv3 score of 10
More info.

WIBU CodeMeter Runtime is included in several SE products.  Highest CVSSv3 score of 10
More info.

SAP Monthly Patches are out, with 15 new Security Notes and 6 updated Notes.  One new note is rated Hot News, with a CVSSv3 score of 10.  Three new notes are rated High, 10 are rated Medium, and one rated Low. Vulnerabilities addressed include OS command injection, hard-coded credentials, and XSS.
More info.

Siemens has published two new bulletins and seven updated bulletins in their Monthly Patches.  New bulletins cover a local authorization bypass,SQL Injection, and clickjacking vulnerabilities.  Updated bulletins address WIBU CodeMeter Runtime, Intel, and others.
More info.

Rockwell Automation has addressed three vulnerabilities in the 1794-AENT Flex I/O Series B  adapter. A a remote, unauthenticated attacker can send a malicious packet resulting in a DoS. CVSSv3 score of 7.5
More info.

A publicly disclosed vulnerability in the kernel affects IBM Netezza Host Management. By sending a specially-crafted beacon packet, a remote attacker could overflow a buffer and execute arbitrary code or cause a DoS. CVSSv3 score of 9.8
More info.

SUSE has updated php. More info.
OpenSUSE has updated qemu. More info.
RedHat has updated chromium, the kernel, and others. More info.
Oracle Linux has updated firefox and thunderbird. More info.
Scientific Linux has updated bind and the kernel. More info.

Three vulnerabilities exist in PcVue 12 that affect the interface between the Web & Mobile back end and the web services hosted in Microsoft IIS.  One of those is an information exposure vulnerability allowing a remote, unauthenticated attacker to access session data of legitimate users. A PoC exists. CVSSv3 score of 7.5
More info. And here.

Weidmüller u-create studio contains vulnerable versions of WIBU-SYSTEMS CodeMeter. Highest CVSSv3 score of 10
More info.

Some Dräger products use WIBU CodeMeter Runtime for license management. Highest CVSSv3 score of 10
More info.

Apache Tomcat contained an Information Exposure vulnerability.  If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection, a subsequent request made on that connection could contain HTTP headers from a previous request.
More info.

An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
More info.

A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature.
More info.

SUSE has updated tigervnc. More info.
OpenSUSE has updated the kernel, nodejs, and others. More info.
Arch Linux has updated chromium. More info.
Oracle Linux has updated the kernel. More info.
Debian has updated spice. More info.