Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Buffer overflow in University of Washington's implementation of IMAP and POP servers.