Filtered by vendor Evernote
Subscriptions
Filtered by product Evernote
Subscriptions
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12489 | 1 Evernote | 1 Evernote | 2025-11-07 | N/A |
| evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the openBrowser function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-27913. | ||||
| CVE-2023-50643 | 1 Evernote | 1 Evernote | 2025-06-03 | 9.8 Critical |
| An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | ||||
| CVE-2016-4900 | 1 Evernote | 1 Evernote | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2020-17759 | 2 Evernote, Microsoft | 4 Evernote, Windows 10, Windows 7 and 1 more | 2024-11-21 | 8.8 High |
| An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | ||||
| CVE-2019-17051 | 1 Evernote | 1 Evernote | 2024-11-21 | 7.8 High |
| Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. | ||||
| CVE-2019-10038 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | ||||
| CVE-2018-20351 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. | ||||
| CVE-2018-20058 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | ||||
| CVE-2018-18524 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. | ||||
| CVE-2013-5116 | 1 Evernote | 1 Evernote | 2024-11-21 | 7.1 High |
| Evernote prior to 5.5.1 has insecure password change | ||||
| CVE-2013-5112 | 1 Evernote | 1 Evernote | 2024-11-21 | 4.6 Medium |
| Evernote before 5.5.1 has insecure PIN storage | ||||
Page 1 of 1.