Palo Alto Networks patches are expected this afternoon.
Microsoft - Exploit
Microsoft Monthly Patches include 76 vulnerabiltiies, 9 rated Critical and 2 are being Exploited. Highest CVSSv3 score of 9.8
More info. And here.
There is a RCE affecting HTTP Protocol Stack vulnerability. A prerequisite for a server to be vulnerable is that the binding has HTTP/3 enabled and the server uses buffered I/O. HTTP/3 support for services is a new feature of Windows Server 2022. CVSSv3 score of 9.8
More info.
ICMP contains a RCE vulnerability. An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket. CVSSv3 score of 9.8
More info.
Attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim. This is being exploited. CVSSv3 score of 9.8
More info. And here.
There is a RCE vulnerability in RPC. A remote attacker can send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. CVSSv3 score of 9.8
More info.
Adobe has published Monthly Patches for Commerce, Experience Manager, Illustrator, Dimension, Creative Cloud, Substance 3D Stager, Photoshop, and ColdFusion. Highest CVSSv3 score of 9.8, in ColdFusion.
More info. And here.
AVEVA Plant SCADA and Telemetry Server have an Improper Authorization vulnerability. A remote attacker could remotely read data, cause a DoS, and tamper with alarm states. CVSSv3 score of 9.8
More info. And here.
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere contain several vulnerabilities, including a Path Traversal and third-party OpenSSL. CVSSv3 score of 9.8
More info.
Two vulnerabilities affect the NPort 6000 Series and Windows driver manager. An attacker may perform a MitM attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager.
More info.
Aruba
ClearPass Policy Manager has been udpated to address multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Mozilla has published updates for Firefox and Firefox ESR, both rated High.
More info.