IDCVSSSummaryLast (major) updatePublished
CVE-2019-12171 4.3
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.
08-07-2019 - 09:29 08-07-2019 - 09:15
CVE-2018-12446 3.3
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attac
20-06-2018 - 08:29 20-06-2018 - 08:29
CVE-2018-12445 3.3
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenti
20-06-2018 - 08:29 20-06-2018 - 08:29
CVE-2018-12271 6.9
** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSec
13-06-2018 - 19:29 13-06-2018 - 19:29
CVE-2014-8889 2.6
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2010-3354 6.9
dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
03-11-2010 - 00:00 20-10-2010 - 14:00
Back to Top Mark selected
Back to Top