Google has updated Chrome for Desktop to fix 1 security vulnerability rated High.
More info.

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager that may allow an unauthenticated attacker to upload arbitrary files and get administrative access to the system. CVSSv3 score of 9.8
More info.

Moxa Secure Router EDR and TN Series contain an Improper Input Validation Vulnerability that could allow a remote attacker to cause a buffer overflow that crashes the web service.
More info.

Mageia has updated the kernel and kernel firmware. More info.
Oracle Linux has updated the kernel. More info.

A potential security vulnerability in Apache Tomcat impacts HPE IceWall products. The vulnerability could be exploited resulting in Remote Disclosure of Information. CVSSv3 score of 3.7
More info.

Multiple DoS vulnerabilities was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
More info.

Multiple vulnerabilities exist in Mitsubishi Electric FA engineering software. These vulnerabilities can be exploited by remote attackers to achieve disclosure or alteration of the product's information or view and execute programs. Highest CVSSv3 score of 9.1
More info.

Multiple Moxa Routers contain improper authentication and input validation vulnerabilities in the web service that could allow a remote attacker to execute arbitrary code via malicious requests.
More info.

NetApp has published 4 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 7.8  No patches yet.
More info.

AVEVA Edge (formerly known as InduSoft Web Studio) contains multiple security vulnerabilities. A remote attacker can insert malicious DLL files and trick the application into executing code. Highest CVSSv3 score of 9.8
More info. And here.

Aruba has released patches for Aruba EdgeConnect Enterprise that address multiple security vulnerabilities. Highest CVSSv3 score of 7.5
More info.

Potential security vulnerabilities have been identified in the BMC of HPE CL2100 Gen10 and HPE CL2200 Gen10 servers. The vulnerabilities could be remotely exploited to perform remote code execution or gain elevated privilege. Highest CVSSv3 score of 9.9
More info.

Multiple vulnerabilities were found in the PRA-ES8P2S Ethernet-Switch including a buffer vulnerability. Highest CVSSv3 score of 9.8
Note that the CVEs date back to 2006.
More info.

IBM has published 8 security bulletins for their products identifying vulnerabilities in Apache products.  All rated Critical.
More info.

IBM InfoSphere DataStage is vulnerable to a command injection vulnerability due to improper neutralization of special elements. CVSSv3 score of 9.8
More info.

IBM QRadar Network Security is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM Security Verify Governance is vulnerable to multiple security threats due to use of XStream. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis. Highest CVSSv3 score of 9.8
More info.

SolarWinds has published 8 new security bulletins.  Highest CVSSv3 score of 8.8
More info.

A flaw in the LTE3301-M209 firmware could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled. CVSSv3 score of 9.8
More info.

SUSE has updated grub2, binutils, and others. More info.
OpenSUSE has updated grub2, binutils, and others. More info.
Oracle Linux has updated the kernel, rsync, and others. More info.
Gentoo Linux has updated sudo, xterm, and others. More info.

BD is aware of and currently monitoring a vulnerability affecting all versions of Fortinet FortiOS products in use by BD Kiestra. CVSSv3 score of 9.6
BD has not seen any exploits, but Fortinet reports this is actively exploited.  The Fortinet bulletin was published 10 Oct 2022.
More info. And here.

Insecure configuration of REST API authentication provides access to the log settings in XMPL.
More info.

Xerox FreeFlow Print Server v2 has been updated for Microsoft and OpenJDK, and Firefox security updates.
More info.

Xerox FreeFlow Print Server v7 has been updated for Solaris, OpenJDK, and Firefox security updates.
More info.

NetApp has published 8 new bulletins identifying security vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8.  Only one has patches available.
More info.

SUSE has updated the kernel, grub2, and others. More info.

Red Lion Controls Crimson is vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. CVSSv3 score of 7.5
More info.

SUSE has updated the kernel and others. More info.
OpenSUSE has updated the kernel and others. More info.
Ubuntu has updated the kernel. More info.
Mageia has updated systemd, sudo, and others. More info.

BD has published security bulletins for updates to Microsoft and third-party software in Identity Provider Manager, Alaris, Pyxis, and Data Agent products.
More info.

A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8
More info.

Ubuntu has updated the kernel. More info.

Mozilla has published security bulletins for Firefox, Firefox ESR, and Thunderbird, all rated High. Highest CVSSv3 score of 8.1
More info.

BD has published security bulletins for updates to Microsoft and third-party software in FACSAria, FACS Sample Prep Assistant Systems, FACSLyric, Pyxis, and Alaris products.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel and others. More info.
Oracle Linux has updated the kernel. More info.

A denial of service of the HTTPS management interface of FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections, incoming from different source IPs. CVSSv3 score of 7.5
More info. And here.

Arbitrary command execution vulnerability due to OpenSSL vulnerability exists in GT SoftGOT2000. An attacker could execute malicious OS commands by sending a specially crafted certificate. CVSSv3 score of 9.8
More info. And here.

An improper authentication vulnerability in the NE-4100T Series allows a remote attacker to access the device.
More info.

Google has updated ChromeOS LTS with two security fixes rated High.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel and others. More info.
Oracle Linux has updated the kernel. More info.

A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8
More info.

Alpine Linux has released version 3.16.3. More info.

An Active Debug Code vulnerability exists in the NJ/NX-series Machine Automation Controllers. A remote attacker can illegally access the controllers and use the vulnerability to cause a DoS or RCE.  CVSSv3 score of 8.3
More info. And here.

Use of Hard-coded Credentials and Authentication Bypass by Capture-replay vulnerabilities exist in the communications functions between the NJ/NX-series Machine Automation Controllers, Automation software Sysmac Studio, and NA-series Programmable Terminals. An attacker may use these vulnerabilities to bypass authentication in the communications connection process and perform unauthorized access to the controller products. Highest CVSSv3 score of 9.4
More info. And here.

Moxa VPort Series contains an Improper Input Validation vulnerability, that could allow a remote attacker to cause the RTSP service to crash.
More info.

Multiple Java SE vulnerabilities in Belden/Hirschmann software products. CVSSv3 score of 7.5
More info.

Microsoft has updated Edge with the latest chromium security fixes.
More info.

Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8  Some patches are available.
More info.

OpenSUSE has updated the kernel. More info.

Apple has published updates for iOS, iPadOS, and macOS Ventura that fixes vulnerabilities in libxml2.
More info. And here. And here.

IBM QRadar Network Packet Capture, IBM QRadar Assistant app for IBM QRadar SIEM, IBM Cloud Pak for Security, includes components with multiple known vulnerabilities. Highest CVSSv3 score of 9.8
More info. And here. And here. And here.

IBM Security Verify Access is vulnerable to execute arbitrary code due to jsr-sasign component. CVSSv3 score of 9.8
More info.

IBM Security Guardium is affected by multiple vulnerabilities.  Highest CVSSv3 score of 9.8
More info.

Multiple security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring. Highest CVSSv3 score of 9.8
More info.

Cisco has published 17 new bulletins and 2 updated bulletins. Of the new bulletins, 7 are rated High, the rest Medium.
More info.

A vulnerability in the processing of SSH connections of Cisco Firepower Management Centerand Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 7.5
More info.

A vulnerability in dynamic access policies functionality of Cisco ASA Software and FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS. CVSSv3 score of 8.6
More info.

A vulnerability in the generic routing encapsulation tunnel decapsulation feature of Cisco FTD Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8.6
More info.

A vulnerability in SNMP access controls for Cisco FirePOWER Software for ASA FirePOWER module, Cisco Firepower Management Center Software, and Cisco Next-Generation Intrusion Prevention System Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. CVSSv3 score of 7.5
More info.

Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. Highest CVSSv3 score of 5.3
More info.

Tenable has updated nessus to fix vulnerabilities in third-party software.  Highest CVSSv3 score of 9.8
More info.

SUSE has updated the kernel. More info.

Monthly Patches are out, with 68 vulnerabilities, 10 rated Critical, 1 previously disclosed, and 4 are being exploited in the wild. Highest CVSSv3 score of 8.8
More info. And here. And here.

Intel has published 24 new bulletins, highest CVSSv3 score of 8.7
More info.

Improper authentication in the Intel(R) SDP Tool may allow a remote attacker to potentially enable information disclosure. CVSSv3 score of 4.3
More info.

Improper buffer restrictions in the Hyperscan library may allow a remote attacker to potentially enable escalation of privilege. CVSSv3 score of 4.3
More info.

Potential security vulnerabilities in some Intel Chipset Firmware in Intel CSME, Intel AMT and Intel SPS may allow escalation of privilege or DoS. Highest CVSSv3 score of 8.7
More info.

Vulnerabilities have been discovered in Citrix Gateway and Citrix ADC that could allow authenticaion bypass, remote desktop takeover, and brute force of logins. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in VMware Workspace ONE Assist could allow authentication bypass.  Highest CVSSv3 score of 9.8
More info.

Google has updated Chrome for Desktop to fix 10 security vulnerabilities.
More info.

Microsoft is aware and working on Edge. More info.

A vulnerability was discovered within the Backup Appliance component of Veeam Backup for Google Cloud that allows users to bypass authentication mechanisms. CVSSv3 score of 10.
More info.

A vulnerability in Brocade Fabric OS software could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. CVSSv3 score of 9.4
More info.

Red Hat has updated the firmware and kpatch. More info.

Monthly Patches are out, with 1 new bulletin and 5 updated bulletins.
More info.

Schneider Electric is aware of multiple vulnerabilities in its NetBotz 4 - 355/450/455/550/570 products. Highest CVSSv3 score of 8.8
More info.

Siemens Monthly Patches include 17 bulletins, 9 new bulletins and 8 updated bulletins. Highest CVSSv3 score of 9.9
More info.

RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. CVSSv3 score of 5.3
More info.

SICAM Q100 devices contain multiple vulnerabilities that could allow an attacker to take over the session of a logged in user or to inject custom code. Highest CVSSv3 score of 9.9
More info.

The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to DoS, unauthenticated RCE, or stored XSS. Highest CVSSv3 score of 9.8
More info.

Qualcomm Monthly Patches include 12 vulnerabilities, 1 rated Critical, 8 rated High, and 3 Medium. Highest CVSSv3 score of 9.8
More info.

Google Android Monthly Patches include 19 vulnerabilities, all rated High, plus Imagination Technologies, Mediatek, Qualcomm, and Unisoc component updates.
More info.

Google Pixel has two additional vulnerabilities rated High, plus Android and Qualcomm updates.
More info.

Samsung has published 26 SVEs, along with Google Android patches.
More info.

SAP Security Patch Day saw the release of 9 new Security Notes and 2 updated Security Notes. Of the new Notes, 2 are rated Hot News, 2 rate High, and 5 rated Medium. Highest CVSSv3 score of 9.9
More info.

NETGEAR has publsihed 59 new bulletins. Highest CVSSv3 score of 8.8
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.