GLSA 200408-20 (normal) - Qt: Image loader overflows
There are several bugs in Qt's image-handling code which could lead to crashes or arbitrary code execution.

GLSA 200408-19 (high) - courier-imap: Remote Format String Vulnerability
There is a format string vulnerability in non-standard configurations of courier-imapd which may be exploited remotely. An attacker may be able to execute arbitrary code as the user running courier-imapd (oftentimes root).

GLSA 200408-18 (normal) - xine-lib: VCD MRL buffer overflow
xine-lib contains an exploitable buffer overflow in the VCD handling code

GLSA 200408-17 (normal) - rsync: Potential information leakage
rsync fails to properly sanitize paths. This vulnerability could allow the listing of arbitrary files and allow file overwriting outside module's path on rsync server configurations that allow uploading.

GLSA 200408-16 (low) - glibc: Information leak with LD_DEBUG
glibc contains an information leak vulnerability allowing the debugging of SUID binaries.

GLSA 200408-15 (normal) - Tomcat: Insecure installation
Improper file ownership may allow a member of the tomcat group to execute scripts as root.

GLSA 200408-14 (normal) - acroread: UUDecode filename buffer overflow
acroread contains two errors in the handling of UUEncoded filenames that may lead to execution of arbitrary code or programs.

GLSA 200408-13 (normal) - kdebase, kdelibs: Multiple security issues
KDE contains three security issues that can allow an attacker to compromise system accounts, cause a Denial of Service, or spoof websites via frame injection.

GLSA 200408-12 (normal) - Gaim: MSN protocol parsing function buffer overflow
Gaim contains a remotely exploitable buffer overflow vulnerability in the MSN-protocol parsing code that may allow remote execution of arbitrary code.

GLSA 200408-11 (normal) - Nessus: "adduser" race condition vulnerability
Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.

GLSA 200408-10 (normal) - gv: Exploitable Buffer Overflow
gv contains an exploitable buffer overflow that allows an attacker to execute arbitrary code.

GLSA 200408-09 (low) - Roundup: Filesystem access vulnerability
Roundup will make files owned by the user that it's running as accessable to a remote attacker.

GLSA 200408-08 (high) - Cfengine: RSA Authentication Heap Corruption
Cfengine is vulnerable to a remote root exploit from clients in AllowConnectionsFrom.

GLSA 200408-07 (normal) - Horde-IMP: Input validation vulnerability for Internet Explorer users
An input validation vulnerability has been discovered in Horde-IMP. This only affects users of Internet Explorer.

GLSA 200408-06 (normal) - SpamAssassin: Denial of Service vulnerability
SpamAssassin is vulnerable to a Denial of Service attack when handling certain malformed messages.

GLSA 200408-05 (normal) - Opera: Multiple new vulnerabilities
Several new vulnerabilities were found and fixed in Opera, including one allowing an attacker to read the local filesystem remotely.

GLSA 200408-04 (normal) - PuTTY: Pre-authentication arbitrary code execution
PuTTY contains a vulnerability allowing a SSH server to execute arbitrary code on the connecting client.

GLSA 200408-03 (normal) - libpng: Numerous vulnerabilities
libpng contains numerous vulnerabilities potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.

GLSA 200408-02 (normal) - Courier: Cross-site scripting vulnerability in SqWebMail
The SqWebMail web application, included in the Courier suite, is vulnerable to cross-site scripting attacks.

GLSA 200408-01 (normal) - MPlayer: GUI filename handling overflow
When compiled with GUI support MPlayer is vulnerable to a remotely exploitable buffer overflow attack.