CVE Vulnerabilities for Evernote
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2023‑50643 | 2024‑01‑09 01:15:39 | CRITICAL (10) | An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | 4 | 6 | NETWORK |
| CVE‑2020‑17759 | 2021‑06‑24 20:15:09 | HIGH (9) | An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | 3 | 6 | NETWORK |
| CVE‑2019‑17051 | 2019‑09‑30 20:15:11 | HIGH (8) | Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. | 2 | 6 | LOCAL |
| CVE‑2019‑10038 | 2019‑05‑31 22:29:01 | MEDIUM (4) | Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | 0 | 0 | LOCAL |
| CVE‑2018‑20351 | 2018‑12‑22 00:29:00 | MEDIUM (4) | The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. | 0 | 0 | NETWORK |
| CVE‑2018‑20058 | 2018‑12‑11 09:29:00 | MEDIUM (5) | In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | 0 | 0 | NETWORK |
| CVE‑2018‑18524 | 2019‑05‑13 14:29:01 | MEDIUM (4) | Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. | 0 | 0 | NETWORK |
| CVE‑2016‑4900 | 2017‑05‑22 16:29:00 | MEDIUM (7) | Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 0 | 0 | NETWORK |
| CVE‑2013‑5116 | 2020‑01‑31 15:15:11 | HIGH (7) | Evernote prior to 5.5.1 has insecure password change | 2 | 5 | LOCAL |
| CVE‑2013‑5112 | 2020‑01‑31 14:15:11 | MEDIUM (5) | Evernote before 5.5.1 has insecure PIN storage | 1 | 4 | PHYSICAL |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.