Search

Find a vulnerability

Search criteria

    20 vulnerabilities by universityofcalifornia

    CVE-2025-0669 (GCVE-0-2025-0669)

    Vulnerability from nvd – Published: 2025-05-07 07:39 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Cross-Site Request Forgery
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , < 1.4.3 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0669",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:55:40.479849Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:24.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_04_CSNC-2025-005_BOINC_CSRF.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.\u003cp\u003eThis issue affects BOINC Server: before 1.4.3.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:39:59.434Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_04_CSNC-2025-005_BOINC_CSRF.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Cross-Site Request Forgery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0669",
        "datePublished": "2025-05-07T07:39:59.434Z",
        "dateReserved": "2025-01-23T09:00:46.523Z",
        "dateUpdated": "2025-05-07T14:00:24.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0668 (GCVE-0-2025-0668)

    Vulnerability from nvd – Published: 2025-05-07 07:39 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Multiple SQL Injections
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , < 1.4.5 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0668",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:56:20.165100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:31.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_03_CSNC-2025-004_BOINC_multiple_SQLi.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThan": "1.4.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.\u003cp\u003eThis issue affects BOINC Server: before 1.4.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:39:26.843Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_03_CSNC-2025-004_BOINC_multiple_SQLi.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Multiple SQL Injections",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0668",
        "datePublished": "2025-05-07T07:39:26.843Z",
        "dateReserved": "2025-01-23T09:00:45.417Z",
        "dateUpdated": "2025-05-07T14:00:31.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0667 (GCVE-0-2025-0667)

    Vulnerability from nvd – Published: 2025-05-07 07:38 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Stored XSS Injection in pm.php
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , ≤ 1.4.7 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0667",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:56:56.167017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:39.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_02_CSNC-2025-003_BOINC_stored_XSS.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.\u003cp\u003eThis issue affects BOINC Server: through 1.4.7.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:38:50.926Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_02_CSNC-2025-003_BOINC_stored_XSS.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Stored XSS Injection in pm.php",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0667",
        "datePublished": "2025-05-07T07:38:50.926Z",
        "dateReserved": "2025-01-23T09:00:44.063Z",
        "dateUpdated": "2025-05-07T14:00:39.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0666 (GCVE-0-2025-0666)

    Vulnerability from nvd – Published: 2025-05-07 07:38 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Stored XSS Injection in host_venue_action.php
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , ≤ 1.4.7 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0666",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:58:54.472025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:48.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_01_CSNC-2025-002_BOINC_multiple_XSS.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.\u003cp\u003eThis issue affects BOINC Server: through 1.4.7.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:38:07.341Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_01_CSNC-2025-002_BOINC_multiple_XSS.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Stored XSS Injection in host_venue_action.php",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0666",
        "datePublished": "2025-05-07T07:38:07.341Z",
        "dateReserved": "2025-01-23T09:00:41.647Z",
        "dateUpdated": "2025-05-07T14:00:48.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2018 (GCVE-0-2013-2018)

    Vulnerability from nvd – Published: 2020-02-19 23:40 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Affected: possibly 7.x and earlier
    Create a notification for this product.
    Date Public
    2013-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BOINC",
              "vendor": "BOINC",
              "versions": [
                {
                  "status": "affected",
                  "version": "possibly 7.x and earlier"
                }
              ]
            }
          ],
          "datePublic": "2013-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-19T23:40:32.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-2018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BOINC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "possibly 7.x and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BOINC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/04/28/3",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/04/29/11",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2018",
        "datePublished": "2020-02-19T23:40:32.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000875 (GCVE-0-2018-1000875)

    Vulnerability from nvd – Published: 2018-12-20 17:00 – Updated: 2024-09-16 19:52
    VLAI
    Summary
    Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/BOINC/boinc/issues/2907 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.197Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/BOINC/boinc/issues/2907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BOINC/boinc/issues/2907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-12-19T20:52:45.262092",
              "DATE_REQUESTED": "2018-12-13T17:03:00",
              "ID": "CVE-2018-1000875",
              "REQUESTER": "theaspens0@gmail.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/BOINC/boinc/issues/2907",
                  "refsource": "MISC",
                  "url": "https://github.com/BOINC/boinc/issues/2907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000875",
        "datePublished": "2018-12-20T17:00:00.000Z",
        "dateReserved": "2018-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:52:08.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7386 (GCVE-0-2013-7386)

    Vulnerability from nvd – Published: 2014-06-02 15:00 – Updated: 2024-09-16 17:47
    VLAI
    Summary
    Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.408Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"
              },
              {
                "name": "FEDORA-2013-23734",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"
              },
              {
                "name": "FEDORA-2013-23720",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-02T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"
            },
            {
              "name": "FEDORA-2013-23734",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"
            },
            {
              "name": "FEDORA-2013-23720",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7386",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=957795",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"
                },
                {
                  "name": "FEDORA-2013-23734",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"
                },
                {
                  "name": "FEDORA-2013-23720",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7386",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2014-06-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:47:59.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2298 (GCVE-0-2013-2298)

    Vulnerability from nvd – Published: 2014-06-02 15:00 – Updated: 2024-08-06 15:36
    VLAI
    Summary
    Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:36:46.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "name": "FEDORA-2013-23734",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
              },
              {
                "name": "53192",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53192"
              },
              {
                "name": "boinc-cve20132298-bo(83931)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83931"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=2fea03824925cbcb976f4191f4d8321e41a4d95b"
              },
              {
                "name": "[boinc_projects] 20130227 security patches for scheduler",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741"
              },
              {
                "name": "FEDORA-2013-23720",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
              },
              {
                "name": "59539",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59539"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "name": "FEDORA-2013-23734",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
            },
            {
              "name": "53192",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53192"
            },
            {
              "name": "boinc-cve20132298-bo(83931)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83931"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=2fea03824925cbcb976f4191f4d8321e41a4d95b"
            },
            {
              "name": "[boinc_projects] 20130227 security patches for scheduler",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741"
            },
            {
              "name": "FEDORA-2013-23720",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
            },
            {
              "name": "59539",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59539"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2298",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "FEDORA-2013-23734",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
                },
                {
                  "name": "53192",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53192"
                },
                {
                  "name": "boinc-cve20132298-bo(83931)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83931"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b"
                },
                {
                  "name": "[boinc_projects] 20130227 security patches for scheduler",
                  "refsource": "MLIST",
                  "url": "http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741"
                },
                {
                  "name": "FEDORA-2013-23720",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
                },
                {
                  "name": "59539",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59539"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2298",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2013-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:36:46.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2019 (GCVE-0-2013-2019)

    Vulnerability from nvd – Published: 2014-06-02 15:00 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "name": "59565",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59565"
              },
              {
                "name": "boinc-cve20132019-bo(83930)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83930"
              },
              {
                "name": "[oss-security] 20130428 Re: Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "name": "59565",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59565"
            },
            {
              "name": "boinc-cve20132019-bo(83930)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83930"
            },
            {
              "name": "[oss-security] 20130428 Re: Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2019",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5280 (GCVE-0-2011-5280)

    Vulnerability from nvd – Published: 2014-06-02 15:00 – Updated: 2024-09-17 04:14
    VLAI
    Summary
    Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:47.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=5b04b249db166ec38c1ee99a9eadcaa300c0f454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-02T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=5b04b249db166ec38c1ee99a9eadcaa300c0f454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=5b04b249db166ec38c1ee99a9eadcaa300c0f454",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=5b04b249db166ec38c1ee99a9eadcaa300c0f454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5280",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2014-06-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:28.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0669 (GCVE-0-2025-0669)

    Vulnerability from cvelistv5 – Published: 2025-05-07 07:39 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Cross-Site Request Forgery
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , < 1.4.3 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0669",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:55:40.479849Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:24.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_04_CSNC-2025-005_BOINC_CSRF.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.\u003cp\u003eThis issue affects BOINC Server: before 1.4.3.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:39:59.434Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_04_CSNC-2025-005_BOINC_CSRF.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Cross-Site Request Forgery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0669",
        "datePublished": "2025-05-07T07:39:59.434Z",
        "dateReserved": "2025-01-23T09:00:46.523Z",
        "dateUpdated": "2025-05-07T14:00:24.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0668 (GCVE-0-2025-0668)

    Vulnerability from cvelistv5 – Published: 2025-05-07 07:39 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Multiple SQL Injections
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , < 1.4.5 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0668",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:56:20.165100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:31.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_03_CSNC-2025-004_BOINC_multiple_SQLi.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThan": "1.4.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.\u003cp\u003eThis issue affects BOINC Server: before 1.4.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:39:26.843Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_03_CSNC-2025-004_BOINC_multiple_SQLi.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Multiple SQL Injections",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0668",
        "datePublished": "2025-05-07T07:39:26.843Z",
        "dateReserved": "2025-01-23T09:00:45.417Z",
        "dateUpdated": "2025-05-07T14:00:31.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0667 (GCVE-0-2025-0667)

    Vulnerability from cvelistv5 – Published: 2025-05-07 07:38 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Stored XSS Injection in pm.php
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , ≤ 1.4.7 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0667",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:56:56.167017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:39.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_02_CSNC-2025-003_BOINC_stored_XSS.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.\u003cp\u003eThis issue affects BOINC Server: through 1.4.7.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:38:50.926Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_02_CSNC-2025-003_BOINC_stored_XSS.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Stored XSS Injection in pm.php",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0667",
        "datePublished": "2025-05-07T07:38:50.926Z",
        "dateReserved": "2025-01-23T09:00:44.063Z",
        "dateUpdated": "2025-05-07T14:00:39.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0666 (GCVE-0-2025-0666)

    Vulnerability from cvelistv5 – Published: 2025-05-07 07:38 – Updated: 2025-05-07 14:00
    VLAI
    Title
    BOINC Server Stored XSS Injection in host_venue_action.php
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Server Affected: 0 , ≤ 1.4.7 (custom)
    Create a notification for this product.
    Date Public
    2025-03-27 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0666",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:58:54.472025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T14:00:48.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_01_CSNC-2025-002_BOINC_multiple_XSS.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BOINC Server",
              "repo": "https://github.com/BOINC/boinc",
              "vendor": "BOINC",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-03-27T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.\u003cp\u003eThis issue affects BOINC Server: through 1.4.7.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T07:38:07.341Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2025_01_CSNC-2025-002_BOINC_multiple_XSS.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BOINC Server Stored XSS Injection in host_venue_action.php",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-0666",
        "datePublished": "2025-05-07T07:38:07.341Z",
        "dateReserved": "2025-01-23T09:00:41.647Z",
        "dateUpdated": "2025-05-07T14:00:48.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2018 (GCVE-0-2013-2018)

    Vulnerability from cvelistv5 – Published: 2020-02-19 23:40 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    BOINC BOINC Affected: possibly 7.x and earlier
    Create a notification for this product.
    Date Public
    2013-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BOINC",
              "vendor": "BOINC",
              "versions": [
                {
                  "status": "affected",
                  "version": "possibly 7.x and earlier"
                }
              ]
            }
          ],
          "datePublic": "2013-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-19T23:40:32.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-2018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BOINC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "possibly 7.x and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BOINC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/04/28/3",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/04/29/11",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2018",
        "datePublished": "2020-02-19T23:40:32.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000875 (GCVE-0-2018-1000875)

    Vulnerability from cvelistv5 – Published: 2018-12-20 17:00 – Updated: 2024-09-16 19:52
    VLAI
    Summary
    Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/BOINC/boinc/issues/2907 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.197Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/BOINC/boinc/issues/2907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BOINC/boinc/issues/2907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-12-19T20:52:45.262092",
              "DATE_REQUESTED": "2018-12-13T17:03:00",
              "ID": "CVE-2018-1000875",
              "REQUESTER": "theaspens0@gmail.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/BOINC/boinc/issues/2907",
                  "refsource": "MISC",
                  "url": "https://github.com/BOINC/boinc/issues/2907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000875",
        "datePublished": "2018-12-20T17:00:00.000Z",
        "dateReserved": "2018-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:52:08.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2019 (GCVE-0-2013-2019)

    Vulnerability from cvelistv5 – Published: 2014-06-02 15:00 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "name": "59565",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59565"
              },
              {
                "name": "boinc-cve20132019-bo(83930)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83930"
              },
              {
                "name": "[oss-security] 20130428 Re: Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "name": "59565",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59565"
            },
            {
              "name": "boinc-cve20132019-bo(83930)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83930"
            },
            {
              "name": "[oss-security] 20130428 Re: Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/29/11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2019",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7386 (GCVE-0-2013-7386)

    Vulnerability from cvelistv5 – Published: 2014-06-02 15:00 – Updated: 2024-09-16 17:47
    VLAI
    Summary
    Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.408Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"
              },
              {
                "name": "FEDORA-2013-23734",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"
              },
              {
                "name": "FEDORA-2013-23720",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-02T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"
            },
            {
              "name": "FEDORA-2013-23734",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"
            },
            {
              "name": "FEDORA-2013-23720",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7386",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=957795",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"
                },
                {
                  "name": "FEDORA-2013-23734",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"
                },
                {
                  "name": "FEDORA-2013-23720",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7386",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2014-06-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:47:59.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5280 (GCVE-0-2011-5280)

    Vulnerability from cvelistv5 – Published: 2014-06-02 15:00 – Updated: 2024-09-17 04:14
    VLAI
    Summary
    Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:47.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=5b04b249db166ec38c1ee99a9eadcaa300c0f454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-02T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=5b04b249db166ec38c1ee99a9eadcaa300c0f454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=5b04b249db166ec38c1ee99a9eadcaa300c0f454",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=5b04b249db166ec38c1ee99a9eadcaa300c0f454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5280",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2014-06-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:28.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2298 (GCVE-0-2013-2298)

    Vulnerability from cvelistv5 – Published: 2014-06-02 15:00 – Updated: 2024-08-06 15:36
    VLAI
    Summary
    Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:36:46.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
              },
              {
                "name": "FEDORA-2013-23734",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
              },
              {
                "name": "53192",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53192"
              },
              {
                "name": "boinc-cve20132298-bo(83931)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83931"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=2fea03824925cbcb976f4191f4d8321e41a4d95b"
              },
              {
                "name": "[boinc_projects] 20130227 security patches for scheduler",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741"
              },
              {
                "name": "FEDORA-2013-23720",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
              },
              {
                "name": "59539",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59539"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
            },
            {
              "name": "FEDORA-2013-23734",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
            },
            {
              "name": "53192",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53192"
            },
            {
              "name": "boinc-cve20132298-bo(83931)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83931"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=2fea03824925cbcb976f4191f4d8321e41a4d95b"
            },
            {
              "name": "[boinc_projects] 20130227 security patches for scheduler",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741"
            },
            {
              "name": "FEDORA-2013-23720",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
            },
            {
              "name": "59539",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59539"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2298",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"
                },
                {
                  "name": "FEDORA-2013-23734",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"
                },
                {
                  "name": "53192",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53192"
                },
                {
                  "name": "boinc-cve20132298-bo(83931)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83931"
                },
                {
                  "name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b",
                  "refsource": "CONFIRM",
                  "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b"
                },
                {
                  "name": "[boinc_projects] 20130227 security patches for scheduler",
                  "refsource": "MLIST",
                  "url": "http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741"
                },
                {
                  "name": "FEDORA-2013-23720",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"
                },
                {
                  "name": "59539",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59539"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2298",
        "datePublished": "2014-06-02T15:00:00.000Z",
        "dateReserved": "2013-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:36:46.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }