Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17051 | 1 Evernote | 1 Evernote | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. | |||||
CVE-2020-17759 | 2 Evernote, Microsoft | 4 Evernote, Windows 10, Windows 7 and 1 more | 2021-07-01 | 6.8 MEDIUM | 8.8 HIGH |
An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | |||||
CVE-2018-20058 | 1 Evernote | 1 Evernote | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | |||||
CVE-2019-10038 | 1 Evernote | 1 Evernote | 2020-05-11 | 4.4 MEDIUM | 7.8 HIGH |
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | |||||
CVE-2013-5112 | 1 Evernote | 1 Evernote | 2020-02-10 | 2.1 LOW | 4.6 MEDIUM |
Evernote before 5.5.1 has insecure PIN storage | |||||
CVE-2013-5116 | 1 Evernote | 1 Evernote | 2020-02-03 | 6.6 MEDIUM | 7.1 HIGH |
Evernote prior to 5.5.1 has insecure password change | |||||
CVE-2018-18524 | 1 Evernote | 1 Evernote | 2019-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. | |||||
CVE-2018-20351 | 1 Evernote | 1 Evernote | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. | |||||
CVE-2016-4900 | 1 Evernote | 1 Evernote | 2017-06-01 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. |