Versions of Radare2 contain a vulnerability that could lead to uncontrolled resource consumption and DoS.

Sources: Github, NIST

Versions of VMWare's paravirtual RDMA device contain an integer overflow vulnerability.

Sources: NIST

Versions of Emerson OpenEnterprise are vulnerable to arbitrary commands with system privileges or remote code execution.

Sources: NIST, CISA

Versions of the IBM Sterling External Authentication server are vulnerable to path traversals.

Sources: X-Force Vulnerability Report, NIST

WatchGuard Firebox and XTM appliances have a stack-based buffer overflow, which would allow an authenticated remote attacker to execute arbitrary code.

Sources: WatchGuard, NIST

Cisco released security updates for multiple products due to vulnerabilities, such as command injection and denial of service found.

Sources: Cisco, CISA

There is a LDAP Java object deserialization remote code execution in the Adobe ColdFusion 11.

Sources: Exploit Database

The United Kingdom's National Cyber Security Center, CISA, NSA and the FBI released a joint CSA stating that the cyber threat actor known as Sandworm or Voodoo Bear is now using malware called Cyclops Blink, which replaces framework for the VPNFilter malware.

Sources: CISA, CISA

CISA added two vulnerabilities to its Known Exploited Vulnerabilities Catalog that is based off of vulnerabilities that are actively being exploited.

Sources: Known Exploited Vulnerabilities Catalog, CISA