Lucene search
K

51 matches found

NVD
NVD
added 2022/04/15 9:15 p.m.12 views

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

8.8CVSS0.01483EPSS
Exploits0References2
Prion
Prion
added 2022/04/15 9:15 p.m.17 views

Input validation

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

6.8CVSS8.7AI score0.01483EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/04/15 8:41 p.m.89 views

CVE-2022-29281

Notable (Notable-insiders) contains a vulnerability tracked as CVE-2022-29281, affecting versions prior to 1.9.0-beta.8. The issue stems from improper validation of the file URI scheme, allowing executable files to be opened when clicking a link and potentially enabling UNC/SMB path abuse. Impact...

8.8CVSS8.6AI score0.01483EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.7 views

Notable 路径遍历漏洞

Notable is a Markdown-based note-taking software with cross-platform support from the individual developers of Notable. A path traversal vulnerability exists in Notable-insiders that stems from incorrect validation of the file URI scheme. Hyperlinks pointing to SMB shares could lead to the...

8.8CVSS8.2AI score0.01483EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/04/15 12:0 a.m.6 views

PT-2022-19521 · Notable +1 · Notable +1

Name of the Vulnerable Software and Affected Versions: Notable versions prior to 1.9.0-beta.8 Description: The issue arises from improper validation of the file URI scheme, allowing the opening of executable files when clicking on a link. This could lead to the execution of an arbitrary program o...

8.8CVSS8.5AI score0.01483EPSS
Exploits0References7
NVD
NVD
added 2022/03/27 12:15 a.m.8 views

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

9.8CVSS0.01582EPSS
Exploits1References1
Prion
Prion
added 2022/03/27 12:15 a.m.11 views

Code injection

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

7.5CVSS9.5AI score0.01582EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/03/27 12:0 a.m.3 views

Notable 安全漏洞

Notable is a Markdown-based note-taking software with cross-platform support from the individual developers of Notable. A security vulnerability exists in Notable version 1.8.4, which stems from unfiltered text editing and allows an attacker to execute arbitrary code via a crafted payload injecte...

9.8CVSS8.8AI score0.01582EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/26 11:18 p.m.16 views

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

9.8AI score0.01582EPSS
Exploits1References1
CVE
CVE
added 2022/03/26 11:18 p.m.83 views

CVE-2022-26198

Notable CVE-2022-26198 affects Notable 1.8.4. The issue is that the Title field allows crafted payloads due to lack of filtering of text editing, enabling arbitrary code execution. There is no exploit detail in the provided data. Remediation guidance from PT-2022-17717 recommends disabling the Ti...

9.8CVSS9.5AI score0.01582EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/03/26 11:18 p.m.15 views

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

9.8CVSS7.7AI score0.01582EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/03/26 12:0 a.m.5 views

PT-2022-17717 · Notable · Notable

Name of the Vulnerable Software and Affected Versions: Notable version 1.8.4 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the Title text field, due to a lack of filtering for text editing. Recommendations: For Notable version 1.8.4, conside...

9.8CVSS9.6AI score0.01582EPSS
Exploits1References4
CNVD
CNVD
added 2022/02/22 12:0 a.m.11 views

Command Execution Vulnerability in Notable

Notable is a Markdown-based note-taking software with cross-platform support. Notable suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/14 2:10 p.m.41 views

Automated remediation level 1: Lock down fundamentals

Non-calamitous conclusions When teams work in silos, they often can have different interpretations of the same data. There’s no way to leverage the real benefits of automated remediation if this is your reality. Ensuring visibility across teams is a critical component in a shared data set where...

0.8AI score
Exploits0
OSV
OSV
added 2020/12/10 11:15 p.m.18 views

CVE-2020-16608

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

9.6CVSS6.8AI score0.0434EPSS
Exploits1References2
NVD
NVD
added 2020/12/10 11:15 p.m.14 views

CVE-2020-16608

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

9.6CVSS9.3AI score0.0434EPSS
Exploits1References2
Prion
Prion
added 2020/12/10 11:15 p.m.14 views

Design/Logic Flaw

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

9.3CVSS9.1AI score0.0434EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/12/10 9:8 p.m.143 views

CVE-2020-16608

CVE-2020-16608 affects Notable 1.8.4. The vulnerability arises from allowing XSS through crafted Markdown text, which can lead to remote code execution because nodeIntegration in webPreferences is set to true. The available connected documents confirm the technical details (Notable 1.8.4, XSS in ...

9.6CVSS9.2AI score0.0434EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/12/10 9:8 p.m.21 views

CVE-2020-16608

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

9.3AI score0.0434EPSS
Exploits1References2
Circl
Circl
added 2020/12/10 7:13 p.m.8 views

CVE-2020-17128

creationtimestamp| type| source ---|---|--- 2020-12-10 19:13:18+00:00| seen| https://t.me/reconshell/60...

9.3CVSS7.4AI score0.02618EPSS
Exploits0References1
Rows per page
Query Builder