GLSA 200411-19 (normal) - Pavuk: Multiple buffer overflows
Pavuk contains multiple buffer overflows that can allow a remote attacker to run arbitrary code.

GLSA 200411-18 (normal) - Apache 2.0: Denial of Service by memory consumption
A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of Service.

GLSA 200411-17 (normal) - mtink: Insecure tempfile handling
mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200411-16 (normal) - zip: Path name buffer overflow
zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code.

GLSA 200411-15 (normal) - OpenSSL, Groff: Insecure tempfile handling
groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200411-14 (normal) - Kaffeine, gxine: Remotely exploitable buffer overflow
Kaffeine and gxine both contain a buffer overflow that can be exploited when accessing content from a malicious HTTP server with specially crafted headers.

GLSA 200411-13 (normal) - Portage, Gentoolkit: Temporary file vulnerabilities
dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

GLSA 200411-12 (normal) - zgv: Multiple buffer overflows
zgv contains multiple buffer overflows that can potentially lead to the execution of arbitrary code.

GLSA 200411-11 (normal) - ImageMagick: EXIF buffer overflow
ImageMagick contains an error in boundary checks when handling EXIF information, which could lead to arbitrary code execution.

GLSA 200411-10 (low) - Gallery: Cross-site scripting vulnerability
Gallery is vulnerable to cross-site scripting attacks.

GLSA 200411-09 (low) - shadow: Unauthorized modification of account information
A flaw in the chfn and chsh utilities might allow modification of account properties by unauthorized users.

GLSA 200411-08 (normal) - GD: Integer overflow
The PNG image decoding routines in the GD library contain an integer overflow that may allow execution of arbitrary code with the rights of the program decoding a malicious PNG image.

GLSA 200411-07 (normal) - Proxytunnel: Format string vulnerability
Proxytunnel is vulnerable to a format string vulnerability, potentially allowing a remote server to execute arbitrary code with the rights of the Proxytunnel process.

GLSA 200411-06 (low) - MIME-tools: Virus detection evasion
MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent some virus-scanning programs which use MIME-tools from detecting certain viruses.

GLSA 200411-05 (high) - libxml2: Remotely exploitable buffer overflow
libxml2 contains multiple buffer overflows which could lead to the execution of arbitrary code.

GLSA 200411-04 (high) - Speedtouch USB driver: Privilege escalation vulnerability
A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges.

GLSA 200411-03 (normal) - Apache 1.3: Buffer overflow vulnerability in mod_include
A buffer overflow vulnerability exists in mod_include which could possibly allow a local attacker to gain escalated privileges.

GLSA 200411-02 (high) - Cherokee: Format string vulnerability
Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code.

GLSA 200411-01 (low) - ppp: No denial of service vulnerability
pppd contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.

GLSA 200410-31 (low) - Archive::Zip: Virus detection evasion
Email virus scanning software relying on Archive::Zip can be fooled into thinking a ZIP attachment is empty while it contains a virus, allowing detection evasion.