CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50643
https://notcve.org/view.php?id=CVE-2023-50643
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. Un problema en Evernote Evernote para MacOS v.10.68.2 permite a un atacante remoto ejecutar código arbitrario a través de los componentes RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2023-50643 http://evernote.com https://github.com/V3x0r/CVE-2023-50643 https://www.electronjs.org/blog/statement-run-as-node-cves •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17759
https://notcve.org/view.php?id=CVE-2020-17759
An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. Se encontró un problema en el cliente de Evernote para Windows versiones 10, 7 y 2008 en el manejador de protocolo. Esto permite a atacantes una ejecución de comandos arbitrarios si el usuario hace clic en una URL especialmente diseñada. • https://evernote.com/intl/zh-cn/security/updates • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17051
https://notcve.org/view.php?id=CVE-2019-17051
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. Evernote versiones anteriores a 7.13 GA en macOS, permite la ejecución de código porque el atributo com.apple.quarantine no se utiliza para archivos adjuntos, como es demostrado por un ataque de un clic que implica una operación de arrastrar y soltar en un archivo Terminal creado. • https://evernote.com/security/updates#MACOSNOTE-28956 https://www.youtube.com/watch?v=OG2tKlZX5bg • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18524
https://notcve.org/view.php?id=CVE-2018-18524
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. Evernote versión 6.15 en Windows, tiene una vulnerabilidad guardada de tipo XSS reparada incorrectamente. Un atacante puede usar este problema XSS para inyectar el código Node.js en modo Presentación. • https://evernote.com/intl/en/security/updates https://paper.seebug.org/737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 20%CPEs: 1EXPL: 1CVE-2019-10038 – Evernote 7.9 - Code Execution via Path Traversal
https://notcve.org/view.php?id=CVE-2019-10038
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. En Evernote versión 7.9 en macOS, permite a los atacantes ejecutar programas arbitrarios insertando una referencia al archivo ejecutable local como es el archivo /Applications/Calculator.app/Contents/MacOS/Calculator. Evernote version 4.9 suffers from a path traversal that can allow for code execution. • https://www.exploit-db.com/exploits/46724 https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing https://evernote.com/security/updates https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •