GLSA 200411-27 (normal) - Fcron: Multiple vulnerabilities
Multiple vulnerabilities in Fcron can allow a local user to potentially cause a Denial of Service.

GLSA 200411-26 (high) - GIMPS, SETI@home, ChessBrain: Insecure installation
Improper file ownership allows user-owned files to be run with root privileges by init scripts.

GLSA 200411-25 (low) - SquirrelMail: Encoded text XSS vulnerability
Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts.

GLSA 200411-24 (high) - BNC: Buffer overflow vulnerability
BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.

GLSA 200411-23 (normal) - Ruby: Denial of Service issue
The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition.

GLSA 200411-22 (normal) - Davfs2, lvm-user: Insecure tempfile handling
Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them.

GLSA 200411-21 (normal) - Samba: Multiple vulnerabilities
Samba is vulnerable to a buffer overflow that could lead to execution of arbitrary code (CAN-2004-0882). Another flaw in Samba may allow a remote attacker to cause a Denial of Service by excessive consumption of CPU cycles (CAN-2004-0930).

GLSA 200411-20 (high) - ez-ipupdate: Format string vulnerability
ez-ipupdate contains a format string vulnerability that could lead to execution of arbitrary code.

GLSA 200411-19 (normal) - Pavuk: Multiple buffer overflows
Pavuk contains multiple buffer overflows that can allow a remote attacker to run arbitrary code.

GLSA 200411-18 (normal) - Apache 2.0: Denial of Service by memory consumption
A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of Service.

GLSA 200411-17 (normal) - mtink: Insecure tempfile handling
mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200411-16 (normal) - zip: Path name buffer overflow
zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code.

GLSA 200411-15 (normal) - OpenSSL, Groff: Insecure tempfile handling
groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200411-14 (normal) - Kaffeine, gxine: Remotely exploitable buffer overflow
Kaffeine and gxine both contain a buffer overflow that can be exploited when accessing content from a malicious HTTP server with specially crafted headers.

GLSA 200411-13 (normal) - Portage, Gentoolkit: Temporary file vulnerabilities
dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

GLSA 200411-12 (normal) - zgv: Multiple buffer overflows
zgv contains multiple buffer overflows that can potentially lead to the execution of arbitrary code.

GLSA 200411-11 (normal) - ImageMagick: EXIF buffer overflow
ImageMagick contains an error in boundary checks when handling EXIF information, which could lead to arbitrary code execution.

GLSA 200411-10 (low) - Gallery: Cross-site scripting vulnerability
Gallery is vulnerable to cross-site scripting attacks.

GLSA 200411-09 (low) - shadow: Unauthorized modification of account information
A flaw in the chfn and chsh utilities might allow modification of account properties by unauthorized users.

GLSA 200411-08 (normal) - GD: Integer overflow
The PNG image decoding routines in the GD library contain an integer overflow that may allow execution of arbitrary code with the rights of the program decoding a malicious PNG image.