Vendor
Dropbox
Products
3
CVEs
5
Across products
5
Status
Private
Products
3- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8891 | Med | 0.36 | 5.5 | 0.00 | May 10, 2017 | Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. | |
| CVE-2017-7448 | Med | 0.36 | 5.5 | 0.00 | Apr 5, 2017 | The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. | |
| CVE-2014-8889 | Med | 0.35 | 5.3 | 0.08 | Sep 26, 2017 | Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. | |
| CVE-2010-3354 | 0.00 | — | 0.00 | Oct 20, 2010 | dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
| CVE-2007-0974 | 0.00 | — | 0.00 | Feb 16, 2007 | Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability. |