GLSA 200411-07 (normal) - Proxytunnel: Format string vulnerability
Proxytunnel is vulnerable to a format string vulnerability, potentially allowing a remote server to execute arbitrary code with the rights of the Proxytunnel process.

GLSA 200411-06 (low) - MIME-tools: Virus detection evasion
MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent some virus-scanning programs which use MIME-tools from detecting certain viruses.

GLSA 200411-05 (high) - libxml2: Remotely exploitable buffer overflow
libxml2 contains multiple buffer overflows which could lead to the execution of arbitrary code.

GLSA 200411-04 (high) - Speedtouch USB driver: Privilege escalation vulnerability
A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges.

GLSA 200411-03 (normal) - Apache 1.3: Buffer overflow vulnerability in mod_include
A buffer overflow vulnerability exists in mod_include which could possibly allow a local attacker to gain escalated privileges.

GLSA 200411-02 (high) - Cherokee: Format string vulnerability
Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code.

GLSA 200411-01 (low) - ppp: No denial of service vulnerability
pppd contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.

GLSA 200410-31 (low) - Archive::Zip: Virus detection evasion
Email virus scanning software relying on Archive::Zip can be fooled into thinking a ZIP attachment is empty while it contains a virus, allowing detection evasion.

GLSA 200410-30 (normal) - GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF files, making them vulnerable to execution of arbitrary code upon viewing a malicious PDF file.

GLSA 200410-29 (normal) - PuTTY: Pre-authentication buffer overflow
PuTTY contains a vulnerability allowing an SSH server to execute arbitrary code on the connecting client.

GLSA 200410-28 (high) - rssh: Format string vulnerability
rssh is vulnerable to a format string vulnerability that allows arbitrary execution of code with the rights of the connected user, thereby bypassing rssh restrictions.

GLSA 200410-27 (normal) - mpg123: Buffer overflow vulnerabilities
Buffer overflow vulnerabilities have been found in mpg123 which could lead to execution of arbitrary code.

GLSA 200410-26 (normal) - socat: Format string vulnerability
socat contains a format string vulnerability that can potentially lead to remote or local execution of arbitrary code with the privileges of the socat process.

GLSA 200410-25 (normal) - Netatalk: Insecure tempfile handling in etc2ps.sh
The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200410-24 (normal) - MIT krb5: Insecure temporary file use in send-pr.sh
The send-pr.sh script, included in the mit-krb5 package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200410-23 (high) - Gaim: Multiple vulnerabilities
Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application, or possibly execute arbitrary code.

GLSA 200410-22 (high) - MySQL: Multiple vulnerabilities
Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in MySQL.

GLSA 200410-21 (low) - Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl.

GLSA 200410-20 (normal) - Xpdf, CUPS: Multiple integer overflows
Multiple integer overflows were discovered in Xpdf, potentially resulting in execution of arbitrary code upon viewing a malicious PDF file. CUPS includes Xpdf code and therefore is vulnerable to the same issues.

GLSA 200410-19 (normal) - glibc: Insecure tempfile handling in catchsegv script
The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.