GLSA 200410-30 (normal) - GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF files, making them vulnerable to execution of arbitrary code upon viewing a malicious PDF file.

GLSA 200410-29 (normal) - PuTTY: Pre-authentication buffer overflow
PuTTY contains a vulnerability allowing an SSH server to execute arbitrary code on the connecting client.

GLSA 200410-28 (high) - rssh: Format string vulnerability
rssh is vulnerable to a format string vulnerability that allows arbitrary execution of code with the rights of the connected user, thereby bypassing rssh restrictions.

GLSA 200410-27 (normal) - mpg123: Buffer overflow vulnerabilities
Buffer overflow vulnerabilities have been found in mpg123 which could lead to execution of arbitrary code.

GLSA 200410-26 (normal) - socat: Format string vulnerability
socat contains a format string vulnerability that can potentially lead to remote or local execution of arbitrary code with the privileges of the socat process.

GLSA 200410-25 (normal) - Netatalk: Insecure tempfile handling in etc2ps.sh
The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200410-24 (normal) - MIT krb5: Insecure temporary file use in send-pr.sh
The send-pr.sh script, included in the mit-krb5 package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200410-23 (high) - Gaim: Multiple vulnerabilities
Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application, or possibly execute arbitrary code.

GLSA 200410-22 (high) - MySQL: Multiple vulnerabilities
Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in MySQL.

GLSA 200410-21 (low) - Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl.

GLSA 200410-20 (normal) - Xpdf, CUPS: Multiple integer overflows
Multiple integer overflows were discovered in Xpdf, potentially resulting in execution of arbitrary code upon viewing a malicious PDF file. CUPS includes Xpdf code and therefore is vulnerable to the same issues.

GLSA 200410-19 (normal) - glibc: Insecure tempfile handling in catchsegv script
The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

GLSA 200410-18 (normal) - Ghostscript: Insecure temporary file use in multiple scripts
Multiple scripts in the Ghostscript package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

GLSA 200410-17 (low) - OpenOffice.org: Temporary files disclosure
OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.

GLSA 200410-16 (normal) - PostgreSQL: Insecure temporary file use in make_oidjoins_check
The make_oidjoins_check script, part of the PostgreSQL package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

GLSA 200410-15 (normal) - Squid: Remote DoS vulnerability
Squid contains a vulnerability in the SNMP module which may lead to a denial of service.

GLSA 200410-14 (high) - phpMyAdmin: Vulnerability in MIME-based transformation system
A vulnerability has been found in the MIME-based transformation system of phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's "safe mode" is disabled.

GLSA 200410-13 (normal) - BNC: Input validation flaw
BNC contains an input validation flaw which might allow a remote attacker to issue arbitrary IRC related commands.

GLSA 200410-12 (low) - WordPress: HTTP response splitting and XSS vulnerabilities
WordPress contains HTTP response splitting and cross-site scripting vulnerabilities.

GLSA 200410-11 (normal) - tiff: Buffer overflows in image decoding
Multiple heap-based overflows have been found in the tiff library image decoding routines, potentially allowing to execute arbitrary code with the rights of the user viewing a malicious image.