MidnightBSD

Advisories for universityofcalifornia

CVE-2011-5280 MEDIUM

Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
universityofcalifornia boinc_client 6.13.0
universityofcalifornia boinc_client 6.13.1
rom_walton boinc 6.13.1
rom_walton boinc 6.13.0
CVE-2013-2018 HIGH

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
universityofcalifornia boinc_client -
berkeley boinc -
CVE-2013-2019 HIGH

Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
universityofcalifornia boinc_client 6.12.34
universityofcalifornia boinc_client 6.10.58
rom_walton boinc 6.10.58
rom_walton boinc 6.12.34
CVE-2013-2298 HIGH

Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
rom_walton boinc 7.0.27
universityofcalifornia boinc_client 7.2.42
universityofcalifornia boinc_client 7.0.78
universityofcalifornia boinc_client 7.2.34
universityofcalifornia boinc_client 7.1.20
rom_walton boinc 7.0.58
rom_walton boinc 7.3.18
universityofcalifornia boinc_client 7.0.47
rom_walton boinc 7.3.11
universityofcalifornia boinc_client 7.0.64
universityofcalifornia boinc_client 7.3.13
universityofcalifornia boinc_client 7.1.16
universityofcalifornia boinc_client 7.0.54
rom_walton boinc 7.2.17
universityofcalifornia boinc_client 7.2.5
rom_walton boinc 7.0.25
rom_walton boinc 7.2.47
universityofcalifornia boinc_client 7.0.56
universityofcalifornia boinc_client 7.0.59
universityofcalifornia boinc_client 7.2.21
rom_walton boinc 7.2.12
universityofcalifornia boinc_client 7.2.40
universityofcalifornia boinc_client 7.2.22
rom_walton boinc 7.0.23
rom_walton boinc 7.0.3
rom_walton boinc 7.2.32
universityofcalifornia boinc_client 7.0.8
universityofcalifornia boinc_client 7.3.18
universityofcalifornia boinc_client 7.0.32
rom_walton boinc 7.0.17
rom_walton boinc 7.0.56
rom_walton boinc 7.0.69
rom_walton boinc 7.2.40
universityofcalifornia boinc_client 7.3.10
universityofcalifornia boinc_client 7.0.23
universityofcalifornia boinc_client 7.2.24
rom_walton boinc 7.0.15
rom_walton boinc 7.0.72
universityofcalifornia boinc_client 7.2.33
universityofcalifornia boinc_client 7.3.17
rom_walton boinc 7.2.37
rom_walton boinc 7.3.8
universityofcalifornia boinc_client 7.1.3
rom_walton boinc 7.0.66
rom_walton boinc 7.1.2
rom_walton boinc 7.0.73
universityofcalifornia boinc_client 7.0.74
rom_walton boinc 7.1.19
universityofcalifornia boinc_client 7.2.47
rom_walton boinc 7.2.14
universityofcalifornia boinc_client 7.0.52
universityofcalifornia boinc_client 7.0.60
rom_walton boinc 7.2.10
rom_walton boinc 7.1.3
universityofcalifornia boinc_client 7.0.29
rom_walton boinc 7.2.36
rom_walton boinc 7.0.10
rom_walton boinc 7.2.33
universityofcalifornia boinc_client 7.0.12
universityofcalifornia boinc_client 7.1.9
universityofcalifornia boinc_client 7.0.24
universityofcalifornia boinc_client 7.1.6
universityofcalifornia boinc_client 7.3.7
universityofcalifornia boinc_client 7.0.20
rom_walton boinc 7.1.0
rom_walton boinc 7.2.20
rom_walton boinc 7.1.20
universityofcalifornia boinc_client 7.0.68
rom_walton boinc 7.2.3
rom_walton boinc 7.0
rom_walton boinc 7.0.70
universityofcalifornia boinc_client 7.0.16
rom_walton boinc 7.0.9
universityofcalifornia boinc_client 7.1.11
universityofcalifornia boinc_client 7.3.8
universityofcalifornia boinc_client 7.2.14
universityofcalifornia boinc_client 7.0.58
rom_walton boinc 7.2.7
universityofcalifornia boinc_client 7.0.50
universityofcalifornia boinc_client 7.2.18
rom_walton boinc 7.3.1
rom_walton boinc 7.3.14
rom_walton boinc 7.1.7
universityofcalifornia boinc_client 7.0.51
rom_walton boinc 7.1.11
universityofcalifornia boinc_client 7.0.35
rom_walton boinc 7.0.53
rom_walton boinc 7.0.21
universityofcalifornia boinc_client 7.0.70
universityofcalifornia boinc_client 7.0.75
universityofcalifornia boinc_client 7.2.9
universityofcalifornia boinc_client 7.2.41
rom_walton boinc 7.0.34
universityofcalifornia boinc_client 7.0.15
universityofcalifornia boinc_client 7.0.71
rom_walton boinc 7.0.28
rom_walton boinc 7.2.5
rom_walton boinc 7.3.2
rom_walton boinc 7.0.65
universityofcalifornia boinc_client 7.2.28
rom_walton boinc 7.0.19
universityofcalifornia boinc_client 7.2.6
rom_walton boinc 7.0.20
rom_walton boinc 7.2.21
universityofcalifornia boinc_client 7.3.11
universityofcalifornia boinc_client 7.2.36
universityofcalifornia boinc_client 7.0.21
rom_walton boinc 7.0.60
universityofcalifornia boinc_client 7.3.14
rom_walton boinc 7.0.71
universityofcalifornia boinc_client 7.2.4
rom_walton boinc 7.2.18
rom_walton boinc 7.2.44
rom_walton boinc 7.2.26
rom_walton boinc 7.0.13
universityofcalifornia boinc_client 7.1.13
rom_walton boinc 7.0.52
universityofcalifornia boinc_client 7.1.5
rom_walton boinc 7.1.4
universityofcalifornia boinc_client 7.0.49
universityofcalifornia boinc_client 7.2.1
universityofcalifornia boinc_client 7.2.25
universityofcalifornia boinc_client 7.0.14
rom_walton boinc 7.1.21
universityofcalifornia boinc_client 7.0.77
universityofcalifornia boinc_client 7.2.27
universityofcalifornia boinc_client 7.0.6
rom_walton boinc 7.2.34
universityofcalifornia boinc_client 7.0.66
rom_walton boinc 7.0.12
rom_walton boinc 7.0.77
universityofcalifornia boinc_client 7.3.3
universityofcalifornia boinc_client 7.2.39
rom_walton boinc 7.2.28
universityofcalifornia boinc_client 7.3.5
rom_walton boinc 7.0.8
universityofcalifornia boinc_client 7.0.69
rom_walton boinc 7.2.1
universityofcalifornia boinc_client 7.2.37
rom_walton boinc 7.3.7
rom_walton boinc 7.3.16
universityofcalifornia boinc_client 7.0.10
rom_walton boinc 7.0.45
rom_walton boinc 7.0.5
rom_walton boinc 7.0.36
rom_walton boinc 7.0.67
universityofcalifornia boinc_client 7.0.27
rom_walton boinc 7.2.38
universityofcalifornia boinc_client 7.2.8
universityofcalifornia boinc_client 7.0.26
universityofcalifornia boinc_client 7.0.18
universityofcalifornia boinc_client 7.0.55
universityofcalifornia boinc_client 7.0.61
rom_walton boinc 7.3.9
rom_walton boinc 7.3.19
universityofcalifornia boinc_client 7.2.26
universityofcalifornia boinc_client 7.3.4
universityofcalifornia boinc_client 7.2.16
universityofcalifornia boinc_client 7.2.44
universityofcalifornia boinc_client 7.3.19
rom_walton boinc 7.0.24
rom_walton boinc 7.1.12
universityofcalifornia boinc_client 7.3.16
rom_walton boinc 7.0.18
universityofcalifornia boinc_client 7.0.9
universityofcalifornia boinc_client 7.0.11
universityofcalifornia boinc_client 7.2.19
universityofcalifornia boinc_client 7.0.36
universityofcalifornia boinc_client 7.2.29
rom_walton boinc 7.2.27
rom_walton boinc 7.0.54
rom_walton boinc 7.0.68
universityofcalifornia boinc_client 7.0.48
universityofcalifornia boinc_client 7.3.1
rom_walton boinc 7.3.4
rom_walton boinc 7.3.6
rom_walton boinc 7.2.41
universityofcalifornia boinc_client 7.2.13
rom_walton boinc 7.2.24
universityofcalifornia boinc_client 7.3.12
universityofcalifornia boinc_client 7.1.19
universityofcalifornia boinc_client 7.2.31
rom_walton boinc 7.2.25
universityofcalifornia boinc_client 7.2.0
rom_walton boinc 7.2.31
universityofcalifornia boinc_client 7.1.7
rom_walton boinc 7.0.55
rom_walton boinc 7.2.11
universityofcalifornia boinc_client 7.1.12
universityofcalifornia boinc_client 7.0.34
universityofcalifornia boinc_client 7.1.17
rom_walton boinc 7.0.50
rom_walton boinc 7.0.51
rom_walton boinc 7.0.22
universityofcalifornia boinc_client 7.2.43
rom_walton boinc 7.0.6
universityofcalifornia boinc_client 7.1.14
rom_walton boinc 7.1.16
rom_walton boinc 7.2.9
universityofcalifornia boinc_client 7.1.21
rom_walton boinc 7.0.14
universityofcalifornia boinc_client 7.0.76
rom_walton boinc 7.0.1
universityofcalifornia boinc_client 7.2.15
universityofcalifornia boinc_client 7.2.11
universityofcalifornia boinc_client 7.2.32
rom_walton boinc 7.2.23
universityofcalifornia boinc_client 7.0.53
universityofcalifornia boinc_client 7.3.2
rom_walton boinc 7.0.80
universityofcalifornia boinc_client 7.0.33
universityofcalifornia boinc_client 7.2.10
rom_walton boinc 7.0.61
rom_walton boinc 7.0.76
universityofcalifornia boinc_client 7.0.2
universityofcalifornia boinc_client 7.2.35
rom_walton boinc 7.0.31
rom_walton boinc 7.2.39
universityofcalifornia boinc_client 7.1.8
rom_walton boinc 7.1.9
rom_walton boinc 7.2.19
universityofcalifornia boinc_client 7.3.6
universityofcalifornia boinc_client 7.0.67
rom_walton boinc 7.0.59
universityofcalifornia boinc_client 7.0.28
universityofcalifornia boinc_client 7.1.2
universityofcalifornia boinc_client 7.1.4
universityofcalifornia boinc_client 7.0.5
universityofcalifornia boinc_client 7.0.7
universityofcalifornia boinc_client 7.2.17
universityofcalifornia boinc_client 7.0.1
universityofcalifornia boinc_client 7.0.46
universityofcalifornia boinc_client 7.2.20
rom_walton boinc 7.2.43
rom_walton boinc 7.2.16
universityofcalifornia boinc_client 7.0.73
rom_walton boinc 7.2.0
universityofcalifornia boinc_client 7.0.3
rom_walton boinc 7.2.8
universityofcalifornia boinc_client 7.0.19
rom_walton boinc 7.3.15
rom_walton boinc 7.0.30
universityofcalifornia boinc_client 7.2.12
rom_walton boinc 7.1.6
rom_walton boinc 7.0.75
rom_walton boinc 7.0.16
universityofcalifornia boinc_client 7.0.79
rom_walton boinc 7.3.10
universityofcalifornia boinc_client 7.0.65
universityofcalifornia boinc_client 7.3.15
rom_walton boinc 7.0.2
rom_walton boinc 7.0.64
rom_walton boinc 7.2.4
rom_walton boinc 7.2.29
universityofcalifornia boinc_client 7.0.25
universityofcalifornia boinc_client 7.2.7
universityofcalifornia boinc_client 7.2.23
rom_walton boinc 7.0.47
universityofcalifornia boinc_client 7.0.63
universityofcalifornia boinc_client 7.1.0
universityofcalifornia boinc_client 7.3.9
rom_walton boinc 7.3.17
universityofcalifornia boinc_client 7.0.45
rom_walton boinc 7.2.35
rom_walton boinc 7.1.8
rom_walton boinc 7.3.13
rom_walton boinc 7.0.35
rom_walton boinc 7.3.12
rom_walton boinc 7.1.17
rom_walton boinc 7.2.13
universityofcalifornia boinc_client 7.0.17
universityofcalifornia boinc_client 7.2.38
rom_walton boinc 7.2.42
rom_walton boinc 7.0.62
rom_walton boinc 7.0.48
rom_walton boinc 7.3.5
rom_walton boinc 7.0.57
rom_walton boinc 7.0.74
rom_walton boinc 7.0.32
rom_walton boinc 7.0.29
universityofcalifornia boinc_client 7.2.2
rom_walton boinc 7.0.26
rom_walton boinc 7.0.78
rom_walton boinc 7.1.10
rom_walton boinc 7.2.6
universityofcalifornia boinc_client 7.0.13
rom_walton boinc 7.1.15
rom_walton boinc 7.2.2
rom_walton boinc 7.3.0
rom_walton boinc 7.0.63
universityofcalifornia boinc_client 7.0
universityofcalifornia boinc_client 7.0.62
rom_walton boinc 7.0.79
universityofcalifornia boinc_client 7.1.10
rom_walton boinc 7.1.5
rom_walton boinc 7.1.1
rom_walton boinc 7.1.13
universityofcalifornia boinc_client 7.2.3
universityofcalifornia boinc_client 7.0.80
rom_walton boinc 7.0.11
rom_walton boinc 7.1.14
universityofcalifornia boinc_client 7.1.1
rom_walton boinc 7.3.3
universityofcalifornia boinc_client 7.0.31
universityofcalifornia boinc_client 7.0.22
rom_walton boinc 7.2.22
rom_walton boinc 7.0.33
universityofcalifornia boinc_client 7.1.18
rom_walton boinc 7.1.18
universityofcalifornia boinc_client 7.3.0
universityofcalifornia boinc_client 7.0.72
universityofcalifornia boinc_client 7.0.57
universityofcalifornia boinc_client 7.1.15
rom_walton boinc 7.2.15
rom_walton boinc 7.0.46
rom_walton boinc 7.0.49
universityofcalifornia boinc_client 7.0.30
rom_walton boinc 7.0.7
CVE-2013-7386 MEDIUM

Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
rom_walton boinc 7.2.33
universityofcalifornia boinc_client 7.2.33
CVE-2018-1000875 HIGH

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
berkeley berkeley_open_infrastructure_for_network_computing *
universityofcalifornia boinc_server *
CVE-2025-0666

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
universityofcalifornia boinc_server *
CVE-2025-0667

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
universityofcalifornia boinc_server *
CVE-2025-0668

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
universityofcalifornia boinc_server *
CVE-2025-0669

Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
universityofcalifornia boinc_server *