CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12271
https://notcve.org/view.php?id=CVE-2018-12271
13 Jun 2018 — An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on w... • https://gist.github.com/tanprathan/6e8ed195a2e05b7f9d9a342dbdacb349 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12108
https://notcve.org/view.php?id=CVE-2018-12108
11 Jun 2018 — An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file. Se ha descubierto un problema en Dropbox Lepton 1.2.1. La función validateAndCompress en validation.cc permite que atacantes remotos provoquen una denegación de servicio (SIGFPE y cierre inesperado de la aplicación) mediante un archivo mal formado. • https://github.com/dropbox/lepton/issues/107 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8891
https://notcve.org/view.php?id=CVE-2017-8891
10 May 2017 — Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. Dropbox Lepton 1.2.1 permite DoS (SEGV y parada abrupta de aplicación) a través de un archivo lepton malformado porque el código no asegura la configuración de un número correcto de hilos. • http://openwall.com/lists/oss-security/2017/05/10/1 • CWE-1187: DEPRECATED: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7448
https://notcve.org/view.php?id=CVE-2017-7448
05 Apr 2017 — The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. La función allocate_channel_framebuffer en uncompressed_components.hh en Dropbox Lepton 1.2.1 permite atacantes remotos provocar una denegación de servicio (error de división y caída de la aplicación) a través de una imagen JPEG mal formada. • http://www.securityfocus.com/bid/97490 • CWE-369: Divide By Zero •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-8889 – Dropbox SDK for Android Remote Exploitation
https://notcve.org/view.php?id=CVE-2014-8889
11 Mar 2015 — Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. Dropbox SDK para Android en versiones anteriores a la 1.6.2 podría permitir que atacantes remotos obtengan información sensible mediante malware manipulado o un ataque Drive-by Download. • https://packetstorm.news/files/id/130767 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9310 – WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9310
22 Dec 2014 — Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. Vulnerabilidad de tipo Cross-site scripting (XSS) en el plugin WordPress Backup to Dropbox, en versiones anteriores a la 4.1. • http://www.securityfocus.com/bid/75082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3354
https://notcve.org/view.php?id=CVE-2010-3354
20 Oct 2010 — dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. dropboxd en Dropbox v0.7.110 coloca un nombre de directorio con tamaño "zero" en LD_LIBRARY_PATH, lo que permite a usuarios locales obtener privilegios a través de un troyano compartido en la librería del actual directorio de trabajo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287 •