GLSA 200409-13 (normal) - LHa: Multiple vulnerabilities
Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code.

GLSA 200409-12 (normal) - ImageMagick, imlib, imlib2: BMP decoding buffer overflows
ImageMagick, imlib and imlib2 contain exploitable buffer overflow vulnerabilities in the BMP image processing code.

GLSA 200409-11 (high) - star: Suid root vulnerability
star contains a suid root vulnerability which could potentially grant unauthorized root access to an attacker.

GLSA 200409-10 (normal) - multi-gnome-terminal: Information leak
Active keystroke logging in multi-gnome-terminal has been discovered in potentially world-readable files. This could allow any authorized user on the system to read sensitive data, including passwords.

GLSA 200409-09 (high) - MIT krb5: Multiple vulnerabilities
MIT krb5 contains several double-free vulnerabilities, potentially allowing the execution of arbitrary code, as well as a denial of service vulnerability.

GLSA 200409-08 (normal) - Ruby: CGI::Session creates files insecurely
When used for CGI scripting, Ruby creates session files in /tmp with the permissions of the default umask. Depending on that umask, local users may be able to read sensitive data stored in session files.

GLSA 200409-07 (normal) - xv: Buffer overflows in image handling
xv contains multiple exploitable buffer overflows in the image handling code.

GLSA 200409-06 (normal) - eGroupWare: Multiple XSS vulnerabilities
The eGroupWare software contains multiple cross site scripting vulnerabilities.

GLSA 200409-05 (normal) - Gallery: Arbitrary command execution
The Gallery image upload code contains a temporary file handling vulnerability which could lead to execution of arbitrary commands.

GLSA 200409-04 (normal) - Squid: Denial of service when using NTLM authentication
Squid is vulnerable to a denial of service attack which could crash its NTLM helpers.

GLSA 200409-03 (high) - Python 2.2: Buffer overflow in getaddrinfo()
Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().

GLSA 200409-02 (normal) - MySQL: Insecure temporary file creation in mysqlhotcopy
The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data.

GLSA 200409-01 (high) - vpopmail: Multiple vulnerabilities
vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.

GLSA 200408-27 (normal) - Gaim: New vulnerabilities
Gaim contains several security issues that might allow an attacker to execute arbitrary code or commands.

GLSA 200408-26 (normal) - zlib: Denial of service vulnerability
The zlib library contains a Denial of Service vulnerability.

GLSA 200408-25 (normal) - MoinMoin: Group ACL bypass
MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.

GLSA 200408-24 (normal) - Linux Kernel: Multiple information leaks
Multiple information leaks have been found in the Linux kernel, allowing an attacker to obtain sensitive data which may be used for further exploitation of the system.

GLSA 200408-23 (low) - kdelibs: Cross-domain cookie injection vulnerability
The cookie manager component in kdelibs contains a vulnerability allowing an attacker to potentially gain access to a user's session on a legitimate web server.

GLSA 200408-22 (normal) - Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
New releases of Mozilla, Epiphany, Galeon, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including remote DoS and buffer overflows.

GLSA 200408-21 (normal) - Cacti: SQL injection vulnerability
With special configurations of Cacti it is possible to change passwords via a SQL injection attack.