dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
oryginał ENCVSS Vector
AV:L/AC:M/Au:N/C:C/I:C/A:CDropbox
APPDropbox0.7.110
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2019-12171HIGH7.8ten sam produkt
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store...
CVE-2018-12271MEDIUM6.4ten sam produkt
An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (To...
CVE-2018-12445LOW3.1ten sam produkt
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager clas...
CVE-2018-12446LOW3.6ten sam produkt
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows...
CVE-2024-25718CRITICAL9.8PL ✓ten sam vendor
Samly (Elixir): wygasłe sesje SAML nie są unieważniane — błąd kontroli dostępu