F-Secure Atlant has a denial-of-service vulnerability, which can be triggered remotely and could result in a denial-of-service of the antivirus engine.

Sources: f-secure.com

Zoho ManageEngine ADManager Plus version 7110 and before allows unrestricted file upload that can lead to remote code execution.

Sources: manageengine.com

Versions of Acrobat Reader DC are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user.

Sources: helpx.adobe.com

Cisco released security updates for six products to address vulnerabilities that would allow an attacker to take control of an affected system.

Sources: tools.cisco.com

Mozilla released security updates for Firefox and Firefox ESR to address vulnerabilities that would allow an attacker to take control of an affected system.

Sources: us-cert.cisa.gov

The Apache HTTP server was actively exploited before the Apache project was notified in September. On version 2.4.49, a hacker can read arbitrary files and execute arbitrary code on the servers, which can turn into a remote code execution vulnerability on a Linux system if configured to support CGI via mod_cgi. This means that a hacker could have the ability to execute commands at the level the Apache process has.

Sources: bleepingcomputer.com

Moxa Mxview Network Management software has an ICS advisory out due to path traversal, use of hard-coded passwords, unprotected transport of credentials, injection and improper access control vulnerabilities.

Sources: us-cert.cisa.gov

CISA released an ICS advisory due to multiple vulnerabilities, such as unrestricted upload of file with dangerous type, relative path traversal, improper neutralization of special elements in output used by a downstream component, affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300 and ACE controllers that would allow an attacker to gain control of an affected system.

Sources: us-cert.cisa.gov