Google has updated Chrome for Desktop to fix 2 security vulnerabilities, one of which is rated Critical.
More info.

Microsoft is aware. More info.

Two vulnerabilities have been patched in Spring Security. Highest CVSSv3 score of 7.4
More info.

SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Amazon Linux has updated the kernel. More info.

LoadMaster has been updated to fix a vulnerability that allows a remote attacker to issue a crafted HTTP request that causes a stack-based buffer overflow and potentially execute arbitrary system commands. CVSSv3 score of 9.8
More info.

Atlassian Monthly Patches include updates for Bamboo Data Center and Server, Bitbucket Data Center and Server, Crowd Data Center and Server, Jira Data Center and Server, and Jira Service Management Data Center and Server. Highest CVSSv3 score of 8.8
More info.

IBM has published Critical bulletins for Rapid Infrastructure Automation, and AIX.
More info.

Ricoh MFP and Printers contain vulnerabilities in the PostScript interpreter and embeded webserver that could result in RCE. Highest CVSSv3 score of 9.1
More info.

The data24 service that is bundled with every installation of mbCONNECT24/mymbCONNECT24 has two vulnerabilities in core components that can lead to a complete loss of confidentiality, integrity and availability. Highest CVSSv3 score of 9.1
More info.

IBM has published a Critical bulletin for Rapid Infrastructure Automation.
More info.

The data24 service that is bundled with every installation of myREX24/myREX24.virtual has two vulnerabilities in core components that can lead to a complete loss of confidentiality, integrity and availability. Highest CVSSv3 score of 9.1
More info.

Due to an insecure standard configuration of the CODESYS Gateway, it is accessible remotely by default. CVSSv3 score of 5.3
More info.

The OPC UA contains an optional security policy that is vulnerable against attacks on the private key, resulting in loss of confidentiality or authentication bypass. The affected policy may be enabled by a customer configuration. CVSSv3 score of 7.5
More info.

Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx that could allow a remote attacker to impact availabiltiy, integrity and confidentaility of the products. Highest CVSSv3 score of 9.8
No patches, use good security.
More info.

Multiple vulnerabilities have been discovered in Sante PACS Server, the most severe of which could allow for remote code execution. CVSSv3 score of 9.8
More info. And here.

IBM has published Critical bulletins for watsonx Assistant Cartridge, Observability with Instana, API Connect, App Connect, CloudPak for Data, Qiskit SDK OPY, and ISSC/IMC.
More info.

Dell has published Critical bulletins for APEX Cloud Platform, and VxRail.
More info.

Amazon Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.

PHP has been updated to fix several vulnerabilities. Highest CVSSv3 score of 7.5
More info.

expat has been updated to fix a DoS vulnerability. CVSSv3 score of 7.5
More info. And here.

Microsoft has updated Edge with the latest chromium updates.
More info.

Arista EOS with Traffic Policies configured contains a vulnerability that will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. CVSSv3 score of 7.5
More info.

Updates in Shibboleth fix several security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

NetApp has published 7 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.9
No patches yet.
More info.

SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.

Cisco has published 11 bulletins, 8 rated High and 3 rated Medium. Highest CVSSv3 score of 8.6
More info.

Vulnerabilities in the IPv4 ACL feature, QoS policy feature, and Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000, ASR 9902 Compact, and ASR 9903 Compact could allow a remote attacker to cause a line card to reset, resulting in a DoS. CVSSv3 score of 8.6
More info. And here.

A vulnerability in the IKEv2 function of Cisco IOS XR Software could allow a remote attacker to prevent an affected device from processing any control plane UDP packets. CVSSv3 score of 7.5
More info.

Palo Alto Networks has published 6 bulletins, 1 rated High, 4 rated Medium, and 1 rated Low. Highest CVSSv3 score of 7.6
More info.

Microsoft has updated Edge with the latest chromium updates.
More info.

Xerox has published Security updates for FreeFlow Print Server.
More info.

RMC-100 and RMC-100 LITE has been updated to fix a vulnerability that allows a remote attacker to send a specially crafted message to the web UI node, causing a DoS. CVSSv3 score of 7.5
More info.

Lenovo has published a bulletin for BIOS from vendors that could allow a remote attacker to cause a DoS.
More info.

An authentication bypass vulnerability in the MegaRAC Redfish Host Interface affects Lenovo products. CVSSv3 score of 9.8
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Monthly Patches include 51 fixes with 6 rated Critical.  Six vulnerabilities are actively exploited. Highest CVSSv3 score of 8.8
More info. And here.

Microsoft is aware of exploits in the wild for Edge vulnerabilities.
No patch yet.
More info.

Monthly Patches include updates for Acrobat Reader, 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer. Highest CVSSv3 score of 7.8
More info.

Monthly Patches are out with 19 new bulletins and 1 updated bulletin. Updated products include FortiAnalyzer, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb API, FortiSiem, FortiIsolator, FortiOS, FOrtiProxy, FOrtiPAM, FortiSRA, FortiManager CLI, FortiMail CLI, and FortiADC GUI. Highest CVSSv3 score of 9.8
More info. And here.

Apple has published security bulletins for Safari, iOS, iPadOS, macOS, and visionOS. Highest CVSSv3 score of 8.8
More info.

A security vulnerability in HPE Cray XD670 server using AMI BMC Redfish API could allow a remote attacker to achieve authentication bypass. CVSSv3 score of 10.
More info.

Vulnerabilities have been identified in HPE ProLiant DX Servers that allow a remote attacker to cause a DoS. Highest CVSSv3 score of 5.5
More info.

Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool contain several vulnerabilities, including Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel. Highest CVSSv4 score of 9.3
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.

Monthly Patches include 27 bulletins, 11 new and 16 updated. Highest CVSSv4 score of 9.5
More info.

Multiple products contain two authentication bypass vulnerabilities that could allow a remote attacker to gain access to the data managed by the server. CVSSv3 score of 9.1
More info.

SINAMICS S200 devices contain an unlocked bootloader vulnerability that could allow a remote attacker to download untrusted firmware that could damage or compromise the device. CVSSv4 score of 9.5
More info.

SINEMA Remote Connect Client is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.

SiPass integrated ACC devices contain multiple vulnerabilities that could allow a remote attacker to access sensitive data. Highest CVSSv4 score of 9.4
More info.

Monthly Patches include 5 bulletins, 3 new and 2 updated. Of the new bulletins, highest CVSSv4 score of 9.2
More info.

A vulnerability in WebHMI component used in EcoStruxure Power Automation System User Interface and EcoStruxure Microgrid Operation Large (EMO-L) solution allows a remote attacker to execute unauthorized commands. Requires default password credentials. CVSSv4 score of 9.2
More info.

Security Patch Day saw the release of 21 new Security Notes and 3 updated. Five are rated High, 14 rated Medium, and 5 rated Low. Of the new bulletins, highest CVSSv3 score of 8.8
More info.

Chrome for Desktop has been updated to fix 5 security vulnerabilities, 3 rated High, 2 rated Medium.
More info.

Microsoft is aware. More info.

Tomcat has been updated to fix an RCE vulnerability.
More info.

Zoom has published 5 bulletins for Apps and Workplace Apps for iOS, 4 rated High and 1 rated Medium.
More info.

Insufficient verification of data authenticity in some Zoom Workplace Apps may allow a remote attacker to conduct a denial of service via network access. CVSSv3 score of 6.5
More info.

Red Hat has updated the kernel and kernel-rt. More info.
Oracle Linux has updated the kernel. More info.

Brocade ASCG contains a vulnerability that allows a remote attacker to cause a DoS.  CVSSv3 score of 7.5
More info.

Microsoft has updated Edge with the latest chromium fixes and one Edge-specific fix.
More info.

BIG-IP Next contains a vulnerability that allows a remote attacker to cause a DoS. CVSSv3 score of 5.3
No patches yet.
More info.

HPE Telco Service Activator contains several vulnerabilities. Highest CVSSv3 score of 7.5
More info.

QNAP has published 10 new bulletins identifying vulnerabilities in QVPN Device Client, Qsync Client, Qfinder Pro for Mac, QuLog Center, QTS, QuTS hero, File Station 5, QuRouter, Helpdesk, and HPS 3.
More info.

IBM has published Critical bulletins for Aspera Shares, Engineering Requirements Management DOORS Next, Guardium Data Security Center, and Watson Discovery for Cloud Pak for Data. Highest CVSSv3 score of 10.
More info.

Red Hat has updated the kernel. More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.1
Only 1 has patches.
More info.

Dell has published a Critical bulletin for PowerStore Family.
More info.

Ubuntu has updated the kernel. More info.

Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism. CVSSv4 score of 9.2
More info.

DSM product contain a vulnerability that allows a remote attacker to read any file via NFS. This is rated Important.
More info.

Several vulnerabilities have been patched in Jenkins core.
More info.

IBM has published Critical bulletins for SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem.
More info.

Dell has published a Critical bulletin for Secure Connect Gateway Security.
More info.

SUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Pixel Monthly Patch bulletin includes 7 vulnerabilities, 1 rated Critical, 2 rated High, and 4 rated Moderate, plus Android patches.
More info.

Chrome for Desktop has been updated to fix 14 security vulnerabilities.
More info.

Microsoft is aware. More info.

 IC-7100 IP Camera contains a vulnerability that allows a remote attacker to send specially crafted requests to achieve remote code execution on the device. CVSSv4 score of 9.3
Exploits are available, no response from vendor.
More info.

Two bulletins have been published that identify hard-coded credentials in PROCON-WIN and a DoS vulnerability in OpenSSL, used in Weidmueller products. Highest CVSSv3 score of 9.8
More info. And here. And here.

Mozilla has published Critical and High bulletins for Thunderbird, Thunderbird ESR, Firefox, and Firefox ESR.
More info.

A vulnerability in NGINX Unit allows a remote attacker to cause a degradation that can lead to a limited DoS. CVSSv4 score of 6.9
More info.

BD has published Critical bulletins for BD MAX, IDM, Pyxis, Data Agent, Alaris, and CCE.
More info.

Ubuntu has updated the kernel. More info.

Google has published the Android Monthly Patch bulletin, with 35 vulnerabilities plus MediaTek and Qualcomm patches. The most Critical vulnerabilities allow RCE.
More info.

Monthly Patches for Android include 6 vulnerabilities, 1 rated High and 5 rated Moderate, plus Android patches.
More info.

Meinberg has updated LANTIME firmware to fix vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.

ThinPro has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.

IBM has published Critical bulletins for Watson Studio in Cloud Pak for Data, and Instana Observability. Highest CVSSv3 score of 9.8
More info.

BD has published Critical bulletins for BACTEC FX and Assurity Linc.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.

Qualcomm has published Monthly Patches, 7 rated Critical, 5 rated High, and 2 rated Medium. Highest CVSSv4 score of 7.9
More info.

Monthly Patches include 10 bulletins, 3 rated High and 7 rated Medium. Highest CVSSv3 score of 8.2
More info.

Samsung Semiconductor Monthly Patches include 6 bulletins, all rated Medium.
More info.

A vulnerability in Arctera InfoScale where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. CVSSv3 score of 9.8
Only mitigations, no patches.
More info.

IBM has published Critical bulletins for SPSS Collaboration and Deployment Services, watsonx.data, and Cloud Pak for Business Automation.
More info.

Dell has published a Critical bulletin for Data Protection Search.
More info.

USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure contain several vulnerabilities, including Information Disclosure, Improper storage of sensitive data, cleartext transmission of sensitive information, among others. Highest CVSSv4 score of 8.7
More info.

A vulnerability allows attackers to read any file via writable Network File System (NFS) service.
More info.

IBM has published Critical bulletins for Software Support, Cognos Analytics, and Watson Speech Services Cartridge.
More info.

NetApp has published 10 new bulletins identifying third-party software included in their products. Highest CVSSv3 score of 9.8
One bulletin includes patches.
More info.

Ubuntu has updated the kernel. More info.

ExtremeCloud IQ Controller contains a race condition in sshd that allows a remote attacker to achieve RCE as root.
More info.

Philips is reporting malicious, unauthorized versions of DICOM viewer have been identified.
Only download DICOM viewer from authorized Philips sources.
More info.

IBM has published Critical bulletins for IBM JRS, watsonx Orchestrate Cartridge, and TXSeries for Multiplatforms.
More info.

Dell has published Critical bulletins for Integrated System for Microsoft Azure Stack Hub and Secure Connect Gateway Policy Manager.
More info.

Chrome for Desktop has been updated to fix 1 security vulnerability.
More info.

Microsoft is aware. More info.

HPE NonStop CLIM has two OpenSSH vulnerabilities that could lead to remote code execution. Highest CVSSv3 score of 9.8
More info.

Security vulnerabilities have been identified in HPE Telco Service Activator. Highest CVSSv3 score of 7.5
More info.

Multiple vulnerabilities related to OpenSSL exist in components used in PCU400. CVSSv3 score of 7.5
More info.

Multiple vulnerabilities in open-source Apache Tomcat affect the Service Suite products. Highest CVSSv3 score of 9.8
More info.

Hitachi has published 2 new bulletins identifying vulnerabilities in Apache Tomcat and Oracle Java included in their products.
More info.

DoS and Information Disclosure vulnerabilities exist in Ruby.
More info.

Ubuntu has updated the kernel. More info.
Mageia has updated the kernel. More info.

A Windows TCP/IP RCE vulnerability exists in HMI devices. CVSSv3 score of 9.8
Update WIndows, no actual response from the vendor.
More info.

Ubuntu has updated the kernel. More info.

EN 50155 Switches are affected by an out-of-bounds write vulnerability that allows a remote attacker to cause a DoS. CVSSv4 score of 8.7
More info.

IBM has published Critical security bulletins for Cloud Pak for Multicloud Management, Data Virtualization on Cloud Pak for Data, and MaaS360 Cloud Extender.
More info.

Ubuntu has updated microcode. More info.