CVE-2019-12171
- EPSS 0.12%
- Veröffentlicht 08.07.2019 13:15:10
- Zuletzt bearbeitet 21.11.2024 04:22:21
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.
CVE-2018-12445
- EPSS 0.05%
- Veröffentlicht 20.06.2018 12:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:13
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded...
CVE-2018-12446
- EPSS 0.05%
- Veröffentlicht 20.06.2018 12:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:14
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authe...
CVE-2018-12271
- EPSS 0.04%
- Veröffentlicht 13.06.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:53
An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUs...
CVE-2010-3354
- EPSS 0.05%
- Veröffentlicht 20.10.2010 18:00:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.