Ubuntu Security Notice 2980-1 – Julien Bernard discovered that libndp incorrectly performed origin checks when receiving Neighbor Discovery Protocol (NDP) messages. A remote attacker outside of the local network could use this issue to advertise a node as a router, causing a denial of service, or possibly to act as a man in the middle.

Apple Security Advisory 2016-05-16-4 – OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities.

Red Hat Security Advisory 2016-1083-01 – Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix: An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database.

Apple Security Advisory 2016-05-16-3 – watchOS 2.2.1 is now available and addresses information leakage, code execution, and various other vulnerabilities.

Bugzilla versions 2.16rc1 to 4.4.11 and 4.5.1 to 5.0.2 suffer from a cross site scripting vulnerability.

Apple Security Advisory 2016-05-16-2 – iOS 9.3.2 is now available and addresses buffer overflow, information leakage, and various other vulnerabilities.

Apple Security Advisory 2016-05-16-1 – tvOS 9.2.1 is now available and addresses information disclosure, code execution issues, and more.

WSO2 SOA Enablement server suffers from a cross site scripting vulnerability.

7-Zip versions prior to 16.00 suffer from code execution and various other vulnerabilities.