GLSA 200406-17 (normal) - IPsec-Tools: authentication bug in racoon
racoon provided as part of IPsec-Tools fails do proper authentication.

GLSA 200406-16 (normal) - Apache 1.3: Buffer overflow in mod_proxy
A bug in mod_proxy may allow a remote attacker to execute arbitrary code when Apache is configured a certain way.

GLSA 200406-15 (normal) - Usermin: Multiple vulnerabilities
Usermin contains two security vulnerabilities which could lead to a Denial of Service attack and information disclosure.

GLSA 200406-14 (normal) - aspell: Buffer overflow in word-list-compress
A bug in the aspell utility word-list-compress can allow an attacker to execute arbitrary code.

GLSA 200406-13 (high) - Squid: NTLM authentication helper buffer overflow
Squid contains a bug where it fails to properly check bounds of the 'pass' variable.

GLSA 200406-12 (normal) - Webmin: Multiple vulnerabilities
Webmin contains two security vulnerabilities which could lead to a Denial of Service attack and information disclosure.

GLSA 200406-11 (normal) - Horde-IMP: Input validation vulnerability
An input validation vulnerability has been discovered in Horde-IMP.

GLSA 200406-10 (normal) - Gallery: Privilege escalation vulnerability
There is a vulnerability in the Gallery photo album software which may allow an attacker to gain administrator privileges within Gallery.

GLSA 200406-09 (high) - Horde-Chora: Remote code execution
A vulnerability in Chora allows remote code execution and file upload.

GLSA 200406-08 (normal) - Squirrelmail: Another XSS vulnerability
Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts.

GLSA 200406-07 (high) - Subversion: Remote heap overflow
Subversion is vulnerable to a remote Denial of Service that may be exploitable to execute arbitrary code on the server running svnserve.

GLSA 200406-06 (high) - CVS: additional DoS and arbitrary code execution vulnerabilities
Several serious new vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server.

GLSA 200406-05 (high) - Apache: Buffer overflow in mod_ssl
A bug in mod_ssl may allow a remote attacker to execute remote code when Apache is configured a certain way.

GLSA 200406-04 (normal) - Mailman: Member password disclosure vulnerability
Mailman contains a bug allowing 3rd parties to retrieve member passwords.

GLSA 200406-03 (normal) - sitecopy: Multiple vulnerabilities in included libneon
sitecopy includes a vulnerable version of the neon library.

GLSA 200406-02 (high) - tripwire: Format string vulnerability
A vulnerability allowing arbitrary code execution under certain circumstances has been found.

GLSA 200406-01 (high) - Ethereal: Multiple security problems
Multiple vulnerabilities including one buffer overflow exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program.

GLSA 200405-25 (normal) - tla: Multiple vulnerabilities in included libneon
tla includes a vulnerable version of the neon library.

GLSA 200405-24 (high) - MPlayer, xine-lib: vulnerabilities in RTSP stream handling
Multiple vulnerabilities, including remotely exploitable buffer overflows, have been found in code common to MPlayer and the xine library.

GLSA 200405-23 (high) - Heimdal: Kerberos 4 buffer overflow in kadmin
A possible buffer overflow in the Kerberos 4 component of Heimdal has been discovered.