{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:deb/debian/boinc@8.2.13%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"boinc","version":"8.2.13+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61305?format=json","vulnerability_id":"VCID-57w7-va8c-e3gz","summary":"The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0126.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0126","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66425","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66465","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66473","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66457","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66443","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6646","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0126"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=479664","reference_id":"479664","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=479664"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521","reference_id":"511521","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89344?format=json","purl":"pkg:deb/debian/boinc@6.2.14-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@6.2.14-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89345?format=json","purl":"pkg:deb/debian/boinc@7.16.16%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.16.16%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89343?format=json","purl":"pkg:deb/debian/boinc@7.20.5%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.20.5%252Bdfsg-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89347?format=json","purl":"pkg:deb/debian/boinc@8.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:deb/debian/boinc@8.2.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.2.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2009-0126"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57w7-va8c-e3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61314?format=json","vulnerability_id":"VCID-5n4j-gr58-zffe","summary":"Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2019","reference_id":"","reference_type":"","scores":[{"value":"0.01744","scoring_system":"epss","scoring_elements":"0.82875","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01744","scoring_system":"epss","scoring_elements":"0.82901","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01744","scoring_system":"epss","scoring_elements":"0.82897","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01744","scoring_system":"epss","scoring_elements":"0.8289","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01744","scoring_system":"epss","scoring_elements":"0.82903","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2019"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89350?format=json","purl":"pkg:deb/debian/boinc@6.13.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@6.13.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89345?format=json","purl":"pkg:deb/debian/boinc@7.16.16%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.16.16%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89343?format=json","purl":"pkg:deb/debian/boinc@7.20.5%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.20.5%252Bdfsg-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89347?format=json","purl":"pkg:deb/debian/boinc@8.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:deb/debian/boinc@8.2.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.2.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2019"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5n4j-gr58-zffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61320?format=json","vulnerability_id":"VCID-73wx-9dgk-j7aw","summary":"Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7386","reference_id":"","reference_type":"","scores":[{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.86131","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.86152","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.86155","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.86151","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.86139","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89351?format=json","purl":"pkg:deb/debian/boinc@7.1.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.1.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89345?format=json","purl":"pkg:deb/debian/boinc@7.16.16%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.16.16%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89343?format=json","purl":"pkg:deb/debian/boinc@7.20.5%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.20.5%252Bdfsg-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89347?format=json","purl":"pkg:deb/debian/boinc@8.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:deb/debian/boinc@8.2.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.2.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7386"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73wx-9dgk-j7aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61317?format=json","vulnerability_id":"VCID-ecv5-mmqt-cqck","summary":"Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2298","reference_id":"","reference_type":"","scores":[{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81996","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.8203","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82031","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82033","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82026","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82041","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2298"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89349?format=json","purl":"pkg:deb/debian/boinc@7.0.65%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.0.65%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89345?format=json","purl":"pkg:deb/debian/boinc@7.16.16%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.16.16%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89343?format=json","purl":"pkg:deb/debian/boinc@7.20.5%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.20.5%252Bdfsg-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89347?format=json","purl":"pkg:deb/debian/boinc@8.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:deb/debian/boinc@8.2.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.2.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2298"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecv5-mmqt-cqck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61309?format=json","vulnerability_id":"VCID-vy1q-z4kr-syca","summary":"Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5280","reference_id":"","reference_type":"","scores":[{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69369","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69409","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69417","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69407","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69395","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69416","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5280"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89348?format=json","purl":"pkg:deb/debian/boinc@7.0.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.0.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89345?format=json","purl":"pkg:deb/debian/boinc@7.16.16%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.16.16%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89343?format=json","purl":"pkg:deb/debian/boinc@7.20.5%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.20.5%252Bdfsg-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89347?format=json","purl":"pkg:deb/debian/boinc@8.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:deb/debian/boinc@8.2.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.2.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2011-5280"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vy1q-z4kr-syca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61312?format=json","vulnerability_id":"VCID-x4uv-b3m5-8qfe","summary":"Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2018","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69336","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69376","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69384","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69375","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69361","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69381","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89349?format=json","purl":"pkg:deb/debian/boinc@7.0.65%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.0.65%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89345?format=json","purl":"pkg:deb/debian/boinc@7.16.16%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.16.16%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89343?format=json","purl":"pkg:deb/debian/boinc@7.20.5%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@7.20.5%252Bdfsg-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89347?format=json","purl":"pkg:deb/debian/boinc@8.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:deb/debian/boinc@8.2.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.2.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2018"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4uv-b3m5-8qfe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/boinc@8.2.13%252Bdfsg-1%3Fdistro=trixie"}