Palm webOS
by Microfocus
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-5098 | 0.03 | — | 0.04 | Sep 13, 2011 | The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception. | |||
| CVE-2010-4025 | 0.01 | — | 0.07 | Oct 28, 2010 | Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document. | |||
| CVE-2009-5097 | 0.00 | — | 0.02 | Sep 13, 2011 | Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. | |||
| CVE-2011-2409 | 0.00 | — | 0.01 | Aug 11, 2011 | Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-2408 | 0.00 | — | 0.01 | Aug 11, 2011 | Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1738 | 0.00 | — | 0.00 | May 13, 2011 | HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access. | |||
| CVE-2011-1737 | 0.00 | — | 0.02 | May 13, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-5071 | 0.00 | — | 0.02 | Apr 19, 2011 | Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file." | |||
| CVE-2010-4109 | 0.00 | — | 0.02 | Dec 8, 2010 | Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | |||
| CVE-2010-4027 | 0.00 | — | 0.01 | Oct 28, 2010 | Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors. | |||
| CVE-2010-4026 | 0.00 | — | 0.00 | Oct 28, 2010 | Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls. |
- CVE-2009-5098Sep 13, 2011risk 0.03cvss —epss 0.04
The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.
- CVE-2010-4025Oct 28, 2010risk 0.01cvss —epss 0.07
Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document.
- CVE-2009-5097Sep 13, 2011risk 0.00cvss —epss 0.02
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
- CVE-2011-2409Aug 11, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-2408Aug 11, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1738May 13, 2011risk 0.00cvss —epss 0.00
HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access.
- CVE-2011-1737May 13, 2011risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-5071Apr 19, 2011risk 0.00cvss —epss 0.02
Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."
- CVE-2010-4109Dec 8, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.
- CVE-2010-4027Oct 28, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors.
- CVE-2010-4026Oct 28, 2010risk 0.00cvss —epss 0.00
Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls.