GLSA 200405-10 (normal) - Icecast denial of service vulnerability
Icecast is vulnerable to a denial of service attack allowing remote users to crash the application.

GLSA 200405-09 (high) - ProFTPD Access Control List bypass vulnerability
Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based Access Control Lists (ACLs) to be treated as "AllowAll", thereby allowing remote users full access to files available to the FTP daemon.

GLSA 200405-08 (high) - Pound format string vulnerability
There is a format string flaw in Pound, allowing remote execution of arbitrary code with the rights of the Pound process.

GLSA 200405-07 (high) - Exim verify=header_syntax buffer overflow
When the verify=header_syntax option is set, there is a buffer overflow in Exim that allows remote execution of arbitrary code.

GLSA 200405-06 (normal) - libpng denial of service vulnerability
A bug in the libpng library can be abused to crash programs making use of that library to decode PNG images.

GLSA 200405-05 (normal) - Utempter symlink vulnerability
Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack.

GLSA 200405-04 (high) - OpenOffice.org vulnerability when using DAV servers
Several format string vulnerabilities are present in the Neon library included in OpenOffice.org, allowing remote execution of arbitrary code when connected to an untrusted WebDAV server.

GLSA 200405-03 (high) - ClamAV VirusEvent parameter vulnerability
With a specific configuration (using %f in the VirusEvent parameter), Clam AntiVirus is vulnerable to an attack allowing execution of arbitrary commands.

GLSA 200405-02 (high) - Multiple vulnerabilities in LHa
Two stack-based buffer overflows and two directory traversal problems have been found in LHa. These vulnerabilities can be used to execute arbitrary code or as a denial of service attack.

GLSA 200405-01 (normal) - Multiple format string vulnerabilities in neon 0.24.4 and earlier
There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code.

GLSA 200404-21 (normal) - Multiple Vulnerabilities in Samba
There is a bug in smbfs which may allow local users to gain root via a setuid file on a mounted Samba share. Also, there is a tmpfile symlink vulnerability in the smbprint script distributed with Samba.

GLSA 200404-20 (normal) - Multiple vulnerabilities in xine
Several vulnerabilities have been found in xine-ui and xine-lib, potentially allowing an attacker to overwrite files with the rights of the user.

GLSA 200404-19 (normal) - Buffer overflows and format string vulnerabilities in LCDproc
Multiple remote vulnerabilities have been found in the LCDd server, allowing execution of arbitrary code with the rights of the LCDd user.

GLSA 200404-18 (high) - Multiple Vulnerabilities in ssmtp
There are multiple format string vulnerabilities in the SSMTP package, which may allow an attacker to run arbitrary code with ssmtp's privileges (potentially root).

GLSA 200404-17 (normal) - ipsec-tools and iputils contain a remote DoS vulnerability
racoon, which is included in the ipsec-tools and iputils packages in Portage, does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resoources, causing a Denial of Service.

GLSA 200404-16 (high) - Multiple new security vulnerabilities in monit
Two new vulnerabilities have been found in the HTTP interface of monit, possibly leading to denial of service or execution of arbitrary code.

GLSA 200404-15 (low) - XChat 2.0.x SOCKS5 Vulnerability
XChat is vulnerable to a stack overflow that may allow a remote attacker to run arbitrary code.

GLSA 200404-14 (normal) - Multiple format string vulnerabilities in cadaver
There are multiple format string vulnerabilities in the neon library used in cadaver, possibly leading to execution of arbitrary code when connected to a malicious server.

GLSA 200404-13 (normal) - CVS Server and Client Vulnerabilities
There are two vulnerabilities in CVS; one in the server and one in the client. These vulnerabilities allow the reading and writing of arbitrary files on both client and server.

GLSA 200404-12 (high) - Scorched 3D server chat box format string vulnerability
Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code.