Debian Linux Security Advisory 3605-1 – Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library.

sNews CMS version 1.7.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

Ubuntu Security Notice 3010-1 – It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 3011-1 – Falco Schmutz discovered that HAProxy incorrectly handled the reqdeny filter. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service.

Ubuntu Security Notice 3009-1 – Edwin Toeroek discovered that Dnsmasq incorrectly handled certain CNAME responses. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service.

Ubuntu Security Notice 3012-1 – Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.

Ubuntu Security Notice 3013-1 – It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

ACROS Security 0patch (0PatchServicex64.exe) version 2016.05.19.539 suffers from an unquoted service path privilege escalation vulnerability.

Symphony CMS version 2.6.7 suffers from a session fixation vulnerability.