Vulnerabilities > Dropbox

DATE CVE VULNERABILITY TITLE RISK
2024-02-11 CVE-2024-25718 Insufficient Session Expiration vulnerability in Dropbox Samly
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
network
low complexity
dropbox CWE-613
critical
9.8
2022-12-27 CVE-2022-4768 Injection vulnerability in Dropbox Merou
A vulnerability was found in Dropbox merou.
network
low complexity
dropbox CWE-74
critical
9.8
2022-02-28 CVE-2022-26181 Out-of-bounds Write vulnerability in Dropbox Lepton 1.2.1
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
local
low complexity
dropbox CWE-787
7.8
2019-07-08 CVE-2019-12171 Insufficiently Protected Credentials vulnerability in Dropbox 71.4.108.0
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation.
local
low complexity
dropbox CWE-522
7.8
2019-04-23 CVE-2018-20820 Integer Overflow or Wraparound vulnerability in Dropbox Lepton 1.2.1
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.
local
low complexity
dropbox CWE-190
5.5
2019-04-23 CVE-2018-20819 Out-of-bounds Write vulnerability in Dropbox Lepton 1.2.1
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file.
local
low complexity
dropbox CWE-787
7.8
2018-06-20 CVE-2018-12446 Improper Authentication vulnerability in Dropbox 98.2.2
An issue was discovered in the com.dropbox.android application 98.2.2 for Android.
local
high complexity
dropbox CWE-287
3.6
2018-06-20 CVE-2018-12445 Improper Authentication vulnerability in Dropbox 98.2.2
An issue was discovered in the com.dropbox.android application 98.2.2 for Android.
high complexity
dropbox CWE-287
3.1
2018-06-13 CVE-2018-12271 Improper Authentication vulnerability in Dropbox 100.2
An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS.
high complexity
dropbox CWE-287
6.4
2018-06-11 CVE-2018-12108 Improper Input Validation vulnerability in Dropbox Lepton 1.2.1
An issue was discovered in Dropbox Lepton 1.2.1.
local
low complexity
dropbox CWE-20
5.5