RSS   Vulnerabilities for 'Evernote'   RSS

2020-01-31
 
CVE-2013-5116

CWE-287
 

 
Evernote prior to 5.5.1 has insecure password change

 
2019-09-30
 
CVE-2019-17051

CWE-20
 

 
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.

 
2019-05-31
 
CVE-2019-10038

CWE-22
 

 
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

 
2019-05-13
 
CVE-2018-18524

CWE-79
 

 
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.

 
2018-12-11
 
CVE-2018-20058

CWE-22
 

 
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.

 
2017-05-22
 
CVE-2016-4900

 

 
Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

 


Copyright 2024, cxsecurity.com

 

Back to Top