Vulnerabilities > Dropbox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2022-26181 | Out-of-bounds Write vulnerability in Dropbox Lepton 1.2.1 Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. | 6.8 |
| 2019-07-08 | CVE-2019-12171 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dropbox 71.4.108.0 Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. | 4.3 |
| 2019-04-23 | CVE-2018-20820 | Integer Overflow or Wraparound vulnerability in Dropbox Lepton 1.2.1 read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file. | 4.3 |
| 2019-04-23 | CVE-2018-20819 | Out-of-bounds Write vulnerability in Dropbox Lepton 1.2.1 io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. | 6.8 |
| 2018-06-13 | CVE-2018-12271 | Improper Authentication vulnerability in Dropbox 100.2 An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. | 6.4 |
| 2018-06-11 | CVE-2018-12108 | Improper Input Validation vulnerability in Dropbox Lepton 1.2.1 An issue was discovered in Dropbox Lepton 1.2.1. | 4.3 |
| 2017-05-10 | CVE-2017-8891 | DEPRECATED: Use of Uninitialized Resource vulnerability in Dropbox Lepton 1.2.1 Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. | 4.3 |
| 2017-04-05 | CVE-2017-7448 | Divide By Zero vulnerability in Dropbox Lepton 1.2.1 The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. | 4.3 |
| 2010-10-20 | CVE-2010-3354 | Unspecified vulnerability in Dropbox 0.7.110 dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. local dropbox | 6.9 |