GLSA 200412-01 (normal) - rssh, scponly: Unrestricted command execution
rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell.

GLSA 200411-38 (normal) - Sun and Blackdown Java: Applet privilege escalation
The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

GLSA 200411-37 (high) - Open DC Hub: Remote code execution
Open DC Hub contains a buffer overflow that can be exploited to allow remote code execution.

GLSA 200411-36 (low) - phpMyAdmin: Multiple XSS vulnerabilities
phpMyAdmin is vulnerable to cross-site scripting attacks.

GLSA 200411-35 (low) - phpWebSite: HTTP response splitting vulnerability
phpWebSite is vulnerable to possible HTTP response splitting attacks.

GLSA 200411-34 (high) - Cyrus IMAP Server: Multiple remote vulnerabilities
The Cyrus IMAP Server contains multiple vulnerabilities which could lead to remote execution of arbitrary code.

GLSA 200411-33 (high) - TWiki: Arbitrary command execution
A bug in the TWiki search function allows an attacker to execute arbitrary commands with the permissions of the user running TWiki.

GLSA 200411-32 (high) - phpBB: Remote command execution
phpBB contains a vulnerability which allows a remote attacker to execute arbitrary commands with the rights of the web server user.

GLSA 200411-31 (normal) - ProZilla: Multiple vulnerabilities
ProZilla contains several buffer overflow vulnerabilities that can be exploited by a malicious server to execute arbitrary code with the rights of the user running ProZilla.

GLSA 200411-30 (normal) - pdftohtml: Vulnerabilities in included Xpdf
pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.

GLSA 200411-29 (normal) - unarj: Long filenames buffer overflow and a path traversal vulnerability
unarj contains a buffer overflow and a directory traversal vulnerability. This could lead to overwriting of arbitrary files or the execution of arbitrary code.

GLSA 200411-28 (normal) - X.Org, XFree86: libXpm vulnerabilities
libXpm contains several vulnerabilities that could lead to a Denial of Service and arbitrary code execution.

GLSA 200411-27 (normal) - Fcron: Multiple vulnerabilities
Multiple vulnerabilities in Fcron can allow a local user to potentially cause a Denial of Service.

GLSA 200411-26 (high) - GIMPS, SETI@home, ChessBrain: Insecure installation
Improper file ownership allows user-owned files to be run with root privileges by init scripts.

GLSA 200411-25 (low) - SquirrelMail: Encoded text XSS vulnerability
Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts.

GLSA 200411-24 (high) - BNC: Buffer overflow vulnerability
BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.

GLSA 200411-23 (normal) - Ruby: Denial of Service issue
The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition.

GLSA 200411-22 (normal) - Davfs2, lvm-user: Insecure tempfile handling
Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them.

GLSA 200411-21 (normal) - Samba: Multiple vulnerabilities
Samba is vulnerable to a buffer overflow that could lead to execution of arbitrary code (CAN-2004-0882). Another flaw in Samba may allow a remote attacker to cause a Denial of Service by excessive consumption of CPU cycles (CAN-2004-0930).

GLSA 200411-20 (high) - ez-ipupdate: Format string vulnerability
ez-ipupdate contains a format string vulnerability that could lead to execution of arbitrary code.