Universityofcalifornia

universityofcalifornia

10 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0669 1Universityofcalifornia 1Boinc Server Jul 8, 2025 May 7, 2025 8.6 HIGH· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.
CVE-2025-0668 1Universityofcalifornia 1Boinc Server Jul 8, 2025 May 7, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5.
CVE-2025-0667 1Universityofcalifornia 1Boinc Server Jul 8, 2025 May 7, 2025 8.7 HIGH· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
CVE-2025-0666 1Universityofcalifornia 1Boinc Server Jul 8, 2025 May 7, 2025 7.0 HIGH· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
CVE-2013-2018 1Universityofcalifornia 1Boinc Client Jul 8, 2025 Feb 20, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-1000875 1Universityofcalifornia 1Boinc Server Jul 8, 2025 Dec 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance...Show more Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.Show less
CVE-2013-7386 1Universityofcalifornia 1Boinc Client May 6, 2026 Jun 2, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code...Show more Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.Show less
CVE-2013-2298 1Universityofcalifornia 1Boinc Client May 6, 2026 Jun 2, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.
CVE-2013-2019 1Universityofcalifornia 1Boinc Client May 6, 2026 Jun 2, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.
CVE-2011-5280 1Universityofcalifornia 1Boinc Client May 6, 2026 Jun 2, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.