GLSA 200407-03 (normal) - Apache 2: Remote denial of service attack
A bug in Apache may allow a remote attacker to perform a Denial of Service attack. With certain configurations this could lead to a heap based buffer overflow.

GLSA 200407-02 (high) - Linux Kernel: Multiple vulnerabilities
Multiple vulnerabilities have been found in the Linux kernel used by GNU/Linux systems. Patched, or updated versions of these kernels have been released and details are included in this advisory.

GLSA 200407-01 (normal) - Esearch: Insecure temp file handling
The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files.

GLSA 200406-22 (high) - Pavuk: Remote buffer overflow
Pavuk contains a bug potentially allowing an attacker to run arbitrary code.

GLSA 200406-21 (high) - mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
mit-krb5 contains multiple buffer overflows in the function krb5_aname_to_localname(). This could potentially lead to a complete remote system compromise.

GLSA 200406-20 (normal) - FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling
FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs when authenticating PKCS#7 certificates. This could allow an attacker to authenticate with a fake certificate.

GLSA 200406-19 (low) - giFT-FastTrack: remote denial of service attack
There is a vulnerability where a carefully crafted signal sent to the giFT-FastTrack plugin will cause the giFT daemon to crash.

GLSA 200406-18 (normal) - gzip: Insecure creation of temporary files
gzip contain a bug potentially allowing an attacker to execute arbitrary commands.

GLSA 200406-17 (normal) - IPsec-Tools: authentication bug in racoon
racoon provided as part of IPsec-Tools fails do proper authentication.

GLSA 200406-16 (normal) - Apache 1.3: Buffer overflow in mod_proxy
A bug in mod_proxy may allow a remote attacker to execute arbitrary code when Apache is configured a certain way.

GLSA 200406-15 (normal) - Usermin: Multiple vulnerabilities
Usermin contains two security vulnerabilities which could lead to a Denial of Service attack and information disclosure.

GLSA 200406-14 (normal) - aspell: Buffer overflow in word-list-compress
A bug in the aspell utility word-list-compress can allow an attacker to execute arbitrary code.

GLSA 200406-13 (high) - Squid: NTLM authentication helper buffer overflow
Squid contains a bug where it fails to properly check bounds of the 'pass' variable.

GLSA 200406-12 (normal) - Webmin: Multiple vulnerabilities
Webmin contains two security vulnerabilities which could lead to a Denial of Service attack and information disclosure.

GLSA 200406-11 (normal) - Horde-IMP: Input validation vulnerability
An input validation vulnerability has been discovered in Horde-IMP.

GLSA 200406-10 (normal) - Gallery: Privilege escalation vulnerability
There is a vulnerability in the Gallery photo album software which may allow an attacker to gain administrator privileges within Gallery.

GLSA 200406-09 (high) - Horde-Chora: Remote code execution
A vulnerability in Chora allows remote code execution and file upload.

GLSA 200406-08 (normal) - Squirrelmail: Another XSS vulnerability
Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts.

GLSA 200406-07 (high) - Subversion: Remote heap overflow
Subversion is vulnerable to a remote Denial of Service that may be exploitable to execute arbitrary code on the server running svnserve.

GLSA 200406-06 (high) - CVS: additional DoS and arbitrary code execution vulnerabilities
Several serious new vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server.