Microsoft has updated Edge based on chromium for the latest chromium security update.
More info.

Multiple components within Dell EMC DCA require a security update to address various vulnerabilities.  Dell rates this Critical.
More info.

Hardware BIOS firmware within Dell EMC Integrated Data Protection Appliance require a security update to address various vulnerabilities.
More info.

Operations Bridge Manager and Operations Bridge Reporter have been updated to address a vulnerability in Apache Tomcat. The vulnerability could be exploited to file content disclosure of the web application or remote code execution.
More info.  And here.

NETGEAR has released fixes for an unauthenticated remote buffer overflow attack in PPPD security vulnerability WAC510 models.
More info.

NetApp has published four bulletins addressing security vulnerabilities in third party software included in their products.  No patches yet.
More info.

SUSE has updates for haproxy, python, and others.  More info.
Oracle Linux has updated haproxy and nodejs.  More info.
Gentoo Linux has updated GnuTLS.  More info.
Mageia has updated the kernel, weechat, and others.  More info.

ABB has released three bulletins for vulnerabilities in the SECURITY System 800xA product, the most critical of which allows RCE. Highest CVSSv3 score of 8.8.  No patch yet for the RCE vulnerability, one of the others is patched, workarounds for the third.
More info.  And here.  And here.

ABB has also reported vulnerabilities in Telephone Gateway TG/S 3.2, which was EOL in 2015.  No plans to fix.
More info.

B&R has published a bulletin for multiple vulnerabilities in Automation Studio.  Highest CVSSv3 of 7.5.  Patches for some versions are out, more are planned.
More info.

SUSE has updates for memcached and others.  More info.
RedHat has updated a critical vulnerability in haproxy.  More info.
Gentoo Linux has updated haproxy and others.  More info.

Exploiting of DrayTek Vigor2960 / 3900 / 300B RCE vulnerabilities continues.  Patches were made available by DrayTek in February, but unpatched systems are a problem. 
More info.  And here.

Google has released an update for Chrome for Desktop that includes eight security fixes.
More info.

A potential remote session token reuse and session logic security vulnerabilities has been identified in HPE MSA 1040, HPE MSA 2040, HPE MSA 2042, HPE MSA 1050, HPE MSA 2050, and HPE MSA 2052. CVSSv3 score of 8.8
More info.

IBM Aspera has a buffer overflow security vulnerability, which could allow an attacker with intimate knowledge of the system to execute commands in a restricted shell (aspshell).
More info.

Public Proof Of Concept is available for two bulletins that were reported by CODESYS in the last few weeks.
More info.

Multiple components within Dell EMC PowerProtect Cyber Recovery require a security update to address various vulnerabilities.  This is rated Critical.
More info.

The embedded operating system components in RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG require a security update to address various vulnerabilities. This is rated Critical.
More info.

SUSE has updates for mariadb, icu, glibc, the kernel, and others.  More info.
OpenSUSE has updated phpmyadmin and others.  More info.
Arch Linux has updated the kernel, chromium, and others.  More info.
RedHat has updated the kernel, chromium, python, and others.  More info.
Debian has updated libpam-krb5.  More info.
Ubuntu has pam-krb5.  More info.
Mageia has updated vim, chromium, php, and others.  More info.
Gentoo Linux has updated qemu and others.  More info.

WeOS is vulnerable to the PPP security vulnerability published 2020-03-02.  CVSSv3 score of 9.8. This vulnerability could allow a remote attacker to crash parts of WeOS or run remote code execution.
More info.

There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus.  Highest CVSSv3 score is 8.4
More info.

IBM Security Guardium is affected by a DoS vulnerability in the Linux Kernel. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
More info.

Multiple components within the Dell EMC VNX2 Product Family require a security update to address various vulnerabilities.  These include OpenSSL and Java SE.  Dell has rated this critical.
More info.

GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol.
More info.

Researchers have identified vulnerabilities in the AVN systems in Lexus and Toyota, both which can allow unsecure bluetooth connections to access.
More info.

RedHat has updated the kernel, wireshark, samba, twisted, and others.  More info.
Ubuntu has updated timeshift, webkitgtk+, and others.  More info.
Gentoo Linux has updated qemu and others.  More info.

Raelize has provided detailed information for security vulnerabilities in the DSL-2640B gateway.  This device is EOL, and D-Link doesn't plan for patches.
More info.

A bug in the opkg command allowed downloading of malicious packages.  This was patched the beginning of Feb, details of the exploit are out now.
More info.

Mitsubishi Electric is aware of a vulnerability of Uncontrolled Resource Consumption in MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L and F series programmable controllers. When an attacker sends a large amount of data to the MELSOFT transmission port it may enter an unprocessable condition, resulting in a DoS. No fix, put in a firewall.
More info.

A vulnerability in Apache Tomcat was addressed by Database and Middleware Automation. The vulnerability could be exploited to remote code execution.
More info.

Multiple NetApp products incorporate the Apache Struts libraries. Apache Struts versions prior to 2.3.20 are susceptible to vulnerability which when successfully exploited could result in arbitrary code execution.  No patches yet.
More info.

SUSE has updated spamassassin.  More info.
OpenSUSE has updated ruby, strongswan, phpmyadmin, and others.  More info.

Apache Traffic Server is vulnerable to various smuggling attacks.  There are 3 different vulnerabilities, each with a CVSSv3 score of 9.8.
More info.

BIG-IP virtual servers that contain an HTTP profile are vulnerable to a DoS. An HTTP profile is required and any BIG-IP module that uses the HTTP profile is impacted.
More info.

Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel (TMM) in BIG-IP to produce a core file. TMM may restart and temporarily fail to process traffic on BIG-IP hosts with the HTTP/3 QUIC profile configured. High availability (HA) configurations will fail over the the standby host.
Note that HTTP/3 QUIC profile is experimental, and not likely to be enabled in production.
More info.

BIG-IP contains a vulnerability in the AWS driver. A remote attacker may be able to cause TMM to stop processing new traffic and effect a remote denial of service (DoS).
More info.

Multiple vulnerabilities in HTTP2 affect WebSphere Liberty.
More info.

NetApp has published seven new bulletins regarding security vulnerabilities in third-party packages.  Only one patched so far.
More info.

SUSE has updated tomcat and ldns.  More info.
OpenSUSE has updated the kernel, chromium, and mcpp.  More info.
Debian has updated icu.  More info.
Oracle Linux has updated ipmitool.  More info.
Gentoo Linux has updated flash, unzip, php, and others.  More info.
Amazon Linux 2 has updated the kernel, thunderbird, openssl, and qemu.  More info.

The CODESYS web server is used by the CODESYS WebVisu to display CODESYS visualization screens in a web browser. Specific crafted requests may cause a heap-based buffer overflow. Further on this could crash the web server, lead to a denial-of-service condition or may be utilized for remote code execution. CVSSv3 of 10.
More info.

Apple has published security updates for iCloud for Windows.
More info.

Multiple vulnerabilities exist in the Kubernetes component used by Micro Focus CDF platform. The vulnerabilities may lead to DoS, unauthorized access, RCE, improper access control, uncontrolled resource consumption, improper symbolic link resolution, and unauthorized privilege escalation.
More info.

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones.  The bulletin was just published, but says March 2019 in several places, possibly typos.  This is the first update bulletin in 2020.
More info.

Multiple vulnerabilities were identified in TP-Link Archer A7 AC1750 routers. The vulnerabilities include RCE, hardcoded cryptographic key, firewall bypass, buffer overflow, and others.
More info.

SUSE has updated python crypto pieces.  More info.
RedHat has updated zsh, postgresql, ipmitool, and openshift.  More info.
CentOS has updated the kernel, python, libvncserver, firefox, tomcat, and others.  More info.
Debian has updated icu.  More info.
Oracle Linux has updated libvncserver.  More info.
Gentoo Linux has updated tor, samba, chromium, pureftpd, and others.  More info.

VISAM Automation Base (VBASE) contains several security vulnerabilities.  Successful exploitation of these vulnerabilities could allow an attacker to read the contents of unexpected files, escalate privileges to system level, execute arbitrary code on the targeted system, bypass security mechanisms, and discover the cryptographic key for the web login.  No response from VISAM.
More info.

Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability.  Successful exploitation could lead to arbitrary file deletion.
More info.

Apple has published security updates for iTunes for Windows, iOS, iPadOS, Safari, watchOS, tvOS, macOS, and xCode.
More info.

OPC has published security updates for OPC UA .NET and Java Client. This security update resolves a vulnerability in OPC UA Clients built with the OPC UA .NET or Java code bases that could result in encrypted password credentials or signed X509 certificate credentials being sent in a form that can be intercepted and reused.
More info.

CODESYS has published a security bulletin addressing all products containing the CmpRouter or CmpRouterEmbedded component.  An out-of-bounds memory buffer access can allow a remote attacker to cause a DoS.
More info.

Dell EMC iDRAC7, iDRAC8 and iDRAC9 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
More info.

SUSE has updated keepalive.  More info.
OpenSUSE has updated glibc, nghttp2, and others.  More info.

Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system.  This is under active exploit, there are workarounds, patch is expected Patch Tuesday.
More info. And here. And here.

Micro Focus has published a security update for iManager that disables AJP ports by default.
More info.

Dell has published four new security bulletins, two rated Critical and two Medium.
More info.

Multiple third party components within EMC Unisphere for PowerMax, Virtual Appliance, EMC Solutions Enabler, Virtual Appliance, and EMC PowerMax Embedded Management require a security update to address various vulnerabilities, including Windows, Java, and OpenSSL.
More info.

The DNS protocol used by SmartConnect within Dell EMC Isilon OneFS requires a security update to address various vulnerabilities, leading to DoS.
More info.

Multiple components within RSA Authentication Manager require a security update to address various vulnerabilities.
More info.

All F5 products are vulnerable to an attacker using JNDI injection to implement remote code execution.  CVSSv3 score of 9.8.  No patches yet.
More info.

SUSE has updated postgresql, strongswan, python, and others.  More info.
Debian has updated chromium, tor, and others.  More info.
Oracle Linux has updated tomcat, thunderbird, and libvncserver.  More info.
Ubuntu has updated vim.  More info.
Alpine Linux has published an update with security fixes for several third-party software pieces.  More info.

Schneider Electric has patched a vulnerability in two versions of Schneider Electric’s Modicon programmable controllers and its EcoStruxureControl Expert (formerly Unity Pro) programming software.  The vulnerability could allow attackers to transfer malicious code to the controller.
Note there are steps to take after the hot fix is applied.
More info.

IBM Jazz for Service Management is vulnerable to Open redirection vulnerabilities which arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way.
More info.

Check Point has begun publishing updates for the PPP EAP vulnerability.
More info.

An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results.
More info.

Caldera contains an Improper Authorization vulnerability that allows a remote attacker to bypass authentication process. The vulnerability exists due to an error in a forged "localhost" string in the HTTP Host header. A remote attacker can bypass authentication process and gain unauthorized access to the application.
More info.

SUSE has updated ruby.  More info.
OpenSUSE has updated chromium and thunderbird.  More info.
RedHat has updated tomcat, thunderbird, and others.  More info.
Debian has updated chromium, tor, and others.  More info.
Oracle Linux has updated tomcat.  More info.

Google has published a new version of Chrome for Desktop with 13 security fixes.
More info.

PHP has published a new version, including a security fix for get_headers. Testing shows that this can cause well-written scripts to get headers for an unexpected domain. Those headers could leak sensitive information or unexpectedly contain attacker-controlled data.
More info.  And here.

Insulet Omnipod's wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
More info.

Eaton is aware of security vulnerability in UPS Companion software used to monitor the UPS. UPS companion software is affected by an ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.
More info.

NetApp has published five bulletins regarding Intel vulnerabilities in NetApp products.  No patches yet.
More info.

FreeBSD has updated tcp, ntp, and others.
More info.

When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized. For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one byte of kernel memory is transmitted over the network.
More info.

SUSE has updated tomcat.  More info.
OpenSUSE has updated wireshark.  More info.
RedHat has updated openshift.  More info.
Oracle Linux has updated thunderbird and python-imaging.  More info.
Ubuntu has updated twisted.  More info.
Gentoo Linux has updated clamav, phpmyadmin, tomcat, and others.  More info.

Dell has published a Critical bulletin for multiple third party components within Dell EMC SRM and Dell EMC SMR which require a security update to address various vulnerabilities.
More info.

New releases of Tor include a security fix for a DoS vulnerability.
More info.

SUSE has updated postgresql, firefox, thunderbird, and nghttp.  More info.
Arch Linux has updated bluez and chromium.  More info.
RedHat has updated thunderbird and others.  More info.
Oracle Linux has updated the kernel, icu, zsh, and others.  More info.
Ubuntu has updated apache, the kernel, and others.  More info.
Amazon Linux has updated java, sudo, and nss.  More info.
Amazon Linux 2 has updated sudo and java.  More info.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS, Photoshop for Windows and macOS, Adobe Bridge, ColdFusion, Adobe Experience Manager, Adobe Genuine Integrity Service for Windows. These updates address critical and important vulnerabilities. Successful exploitation of most of the vulnerabilities could lead to arbitrary code execution in the context of the current user.
More info.

Network Security Manager/Network Security Platform/Network Threat Behavior Analysis update fixes multiple vulnerabilities, including weak ciphers and XSS.
More info.

Huawei has published several new bulletins regarding smartphones and other products.
More info.

Some Huawei products (Secospace AntiDDoS8000) have a security vulnerability due to improper authentication. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.
More info.

Arch Linux has updated thunderbird.  More info.
RedHat has updated zsh and others.  More info.
Ubuntu has updated icu, the kernel, and others.  More info.

Trend Micro has released Critical Patches for Apex One and OfficeScan XG that resolve multiple vulnerabilities in the product – including some critical ones.  Highest CVSSv3 score of 10, in three vulnerabilities.  There have been active attempts to exploit two vulnerabilities.
More info.

Trend Micro has released Critical Patches for Worry-Free Business Security that resolve multiple vulnerabilities in the product – including some critical ones.  Highest CVSSv3 score of 10 for two vulnerabilities.  There have been active attempts to exploit one of the vulnerabilties.
More info.

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow exposure of configuration data.
More info.

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow unauthorized access to configuration data.
More info.

RedHat has updated the kernel.  More info.
Oracle Linux has updated firefox.  More info.

Multiple product vulnerabilities were identified in Moxa’s cellular management software OnCell Central Manager. The vulnerabilities are based on Apache Flex BlazeDS’s, a third-party component, that is embedded on the OnCell central manager.  One of the vulnerabilities allows remote code execution.
More info.

GroupWise has been updated to correct several security vulnerabilties, including information disclosure and authentication bypass.
More info.

SUSE has updated the kernel, firefox, wireshark, and others.  More info.
OpenSUSE has updated firefox, php, tomcat, and others.  More info.
Arch Linux has updated thunderbird and others.  More info.
RedHat has updated firefox.  More info.
Oracle Linux has updated the kernel.  More info.
Gentoo Linux has updated thunderbird, sudo sqlite, ppp, squid, and others.  More info.
Mageia has updated thunderbird, firefox, and flash.  More info.
Amazon Linux has updated tomcat, php, the kernel, and others.  More info.
Amazon Linux 2 has updated tomcat.  More info.