Cacti
A command injection vulnerability allows a remote attacker to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. CVSSv3 score of 9.8
More info.
BIG-IP and BIG-IQ are vulnerable to an issue in Java SE that could allow an attacker to create, delete or modify access to critical data. CVSSv3 score of 5.3
More info. And here.
Oracle Linux has updated the kernel. More info.
Red Hat has updated kpatch, grub2. More info.
Ubuntu has updated u-boot and others. More info.