CVE Tools

dropbox

Cloud & SaaSUScommercial

5

Cumulative CVEs

2

Monthly snapshots

#57

Peak rank

Top products

dropbox3 lepton1

Latest CVEs

The 15 most recently published vulnerabilities affecting dropbox.

CVE-2024-5924Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability8.8Jun 13, 2024
CVE-2024-25718In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session a...9.8Feb 11, 2024
CVE-2022-4768Dropbox merou SSH Public Key public_key.py add_public_key injection6.3Dec 27, 2022
CVE-2022-26181Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.7.8Feb 28, 2022
CVE-2019-12171Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These a...7.8Jul 8, 2019
CVE-2018-20820read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.5.5Apr 23, 2019
CVE-2018-20819io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspec...7.8Apr 23, 2019
CVE-2018-12445An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method fro...3.1Jun 20, 2018
CVE-2018-12446An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return v...3.6Jun 20, 2018
CVE-2018-12271An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boole...6.4Jun 13, 2018
CVE-2018-12108An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malforme...5.5Jun 11, 2018
CVE-2014-8889Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.5.3Sep 25, 2017
CVE-2017-8891Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.5.5May 10, 2017
CVE-2017-7448The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via...5.5Apr 5, 2017
CVE-2010-3354dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.6.9Oct 20, 2010