Cisco released security updates for Enterprise NFV infrastructure software due to vulnerabilities found that an attacker could use to gain control of affected systems.

Sources: Cisco, CISA

CISA added five vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources: Known Exploited Vulnerabilities Catalog, CISA

Mozilla released security updates for Firefox, Firefox ESR and Thunderbird due to vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources: Firefox, Firefox ESR, Thunderbird, CISA

F5 released security advisories on vulnerabilities affecting multiple products that could permit undisclosed requests to bypass the iControl REST authentication in BIG-IP.

Sources: F5, CISA

The Yokogawa CENTUM and ProSafe-RS contain vulnerabilities, such as OS command injection, improper authentication, NULL pointer dereference, improper input validation and resource management errors.

Sources: Yokogawa, CISA

The Java Remote Management Interface of all versions of Orlansoft ERP contains a vulnerability that could lead to an attacker executing arbitrary code.

Sources: GitHub, NIST

Delta Electronics DIAEnergie contains a bling SQL injection vulnerability.

Sources: NIST

IBM ICP4A - User Management System Component could allow an attacker with physical access to the system to perform unauthorized actions or gain private information due to insufficient validation vulnerabilities.

Sources: IBM, NIST