GLSA 200408-12 (normal) - Gaim: MSN protocol parsing function buffer overflow
Gaim contains a remotely exploitable buffer overflow vulnerability in the MSN-protocol parsing code that may allow remote execution of arbitrary code.

GLSA 200408-11 (normal) - Nessus: "adduser" race condition vulnerability
Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.

GLSA 200408-10 (normal) - gv: Exploitable Buffer Overflow
gv contains an exploitable buffer overflow that allows an attacker to execute arbitrary code.

GLSA 200408-09 (low) - Roundup: Filesystem access vulnerability
Roundup will make files owned by the user that it's running as accessable to a remote attacker.

GLSA 200408-08 (high) - Cfengine: RSA Authentication Heap Corruption
Cfengine is vulnerable to a remote root exploit from clients in AllowConnectionsFrom.

GLSA 200408-07 (normal) - Horde-IMP: Input validation vulnerability for Internet Explorer users
An input validation vulnerability has been discovered in Horde-IMP. This only affects users of Internet Explorer.

GLSA 200408-06 (normal) - SpamAssassin: Denial of Service vulnerability
SpamAssassin is vulnerable to a Denial of Service attack when handling certain malformed messages.

GLSA 200408-05 (normal) - Opera: Multiple new vulnerabilities
Several new vulnerabilities were found and fixed in Opera, including one allowing an attacker to read the local filesystem remotely.

GLSA 200408-04 (normal) - PuTTY: Pre-authentication arbitrary code execution
PuTTY contains a vulnerability allowing a SSH server to execute arbitrary code on the connecting client.

GLSA 200408-03 (normal) - libpng: Numerous vulnerabilities
libpng contains numerous vulnerabilities potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.

GLSA 200408-02 (normal) - Courier: Cross-site scripting vulnerability in SqWebMail
The SqWebMail web application, included in the Courier suite, is vulnerable to cross-site scripting attacks.

GLSA 200408-01 (normal) - MPlayer: GUI filename handling overflow
When compiled with GUI support MPlayer is vulnerable to a remotely exploitable buffer overflow attack.

GLSA 200407-23 (normal) - SoX: Multiple buffer overflows
SoX contains two buffer overflow vulnerabilities in the WAV header parser code.

GLSA 200407-22 (normal) - phpMyAdmin: Multiple vulnerabilities
Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a valid user account to alter configuration variables and execute arbitrary PHP code.

GLSA 200407-21 (high) - Samba: Multiple buffer overflows
Two buffer overflows vulnerabilities were found in Samba, potentially allowing the remote execution of arbitrary code.

GLSA 200407-20 (low) - Subversion: Vulnerability in mod_authz_svn
Users with write access to parts of a Subversion repository may bypass read restrictions in mod_authz_svn and read any part of the repository they wish.

GLSA 200407-19 (normal) - Pavuk: Digest authentication helper buffer overflow
Pavuk contains a bug that can allow an attacker to run arbitrary code.

GLSA 200407-18 (normal) - mod_ssl: Format string vulnerability
A bug in mod_ssl may allow a remote attacker to execute arbitrary code when Apache is configured to use mod_ssl and mod_proxy.

GLSA 200407-17 (high) - l2tpd: Buffer overflow
A buffer overflow in l2tpd could lead to remote code execution. It is not known whether this bug is exploitable.

GLSA 200407-16 (high) - Linux Kernel: Multiple DoS and permission vulnerabilities
Multiple permission vulnerabilities have been found in the Linux kernel, allowing an attacker to change the group IDs of files mounted on a remote filesystem (CAN-2004-0497), as well as an issue in 2.6 series kernels which allows /proc permissions to be bypassed. A context sharing vulnerability in vserver-sources is also handled by this advisory as well as CAN-2004-0447, CAN-2004-0496 and CAN-2004-0565. Patched, or updated versions of these kernels have been released and details are included along with this advisory.