Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version.

Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.

Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).

Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.

Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.