51 matches found
CVE-2022-29281
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...
Input validation
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...
CVE-2022-29281
Notable (Notable-insiders) contains a vulnerability tracked as CVE-2022-29281, affecting versions prior to 1.9.0-beta.8. The issue stems from improper validation of the file URI scheme, allowing executable files to be opened when clicking a link and potentially enabling UNC/SMB path abuse. Impact...
Notable 路径遍历漏洞
Notable is a Markdown-based note-taking software with cross-platform support from the individual developers of Notable. A path traversal vulnerability exists in Notable-insiders that stems from incorrect validation of the file URI scheme. Hyperlinks pointing to SMB shares could lead to the...
PT-2022-19521 · Notable +1 · Notable +1
Name of the Vulnerable Software and Affected Versions: Notable versions prior to 1.9.0-beta.8 Description: The issue arises from improper validation of the file URI scheme, allowing the opening of executable files when clicking on a link. This could lead to the execution of an arbitrary program o...
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
Code injection
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
Notable 安全漏洞
Notable is a Markdown-based note-taking software with cross-platform support from the individual developers of Notable. A security vulnerability exists in Notable version 1.8.4, which stems from unfiltered text editing and allows an attacker to execute arbitrary code via a crafted payload injecte...
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
CVE-2022-26198
Notable CVE-2022-26198 affects Notable 1.8.4. The issue is that the Title field allows crafted payloads due to lack of filtering of text editing, enabling arbitrary code execution. There is no exploit detail in the provided data. Remediation guidance from PT-2022-17717 recommends disabling the Ti...
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
PT-2022-17717 · Notable · Notable
Name of the Vulnerable Software and Affected Versions: Notable version 1.8.4 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the Title text field, due to a lack of filtering for text editing. Recommendations: For Notable version 1.8.4, conside...
Command Execution Vulnerability in Notable
Notable is a Markdown-based note-taking software with cross-platform support. Notable suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...
Automated remediation level 1: Lock down fundamentals
Non-calamitous conclusions When teams work in silos, they often can have different interpretations of the same data. There’s no way to leverage the real benefits of automated remediation if this is your reality. Ensuring visibility across teams is a critical component in a shared data set where...
CVE-2020-16608
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2020-16608
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
Design/Logic Flaw
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2020-16608
CVE-2020-16608 affects Notable 1.8.4. The vulnerability arises from allowing XSS through crafted Markdown text, which can lead to remote code execution because nodeIntegration in webPreferences is set to true. The available connected documents confirm the technical details (Notable 1.8.4, XSS in ...
CVE-2020-16608
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2020-17128
creationtimestamp| type| source ---|---|--- 2020-12-10 19:13:18+00:00| seen| https://t.me/reconshell/60...