Palm
Products
6- 6 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-5098 | 0.03 | — | 0.04 | Sep 13, 2011 | The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception. | |||
| CVE-2003-0293 | 0.03 | — | 0.05 | Jun 16, 2003 | PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets. | |||
| CVE-2000-1008 | 0.03 | — | 0.01 | Dec 11, 2000 | PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. | |||
| CVE-2009-5097 | 0.00 | — | 0.02 | Sep 13, 2011 | Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. | |||
| CVE-2009-5071 | 0.00 | — | 0.02 | Apr 19, 2011 | Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file." | |||
| CVE-2007-4213 | 0.00 | — | 0.02 | Aug 21, 2007 | Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote attackers to cause a denial of service (device reset or hang) via a flood of large ICMP echo requests. NOTE: this is probably a different vulnerability than CVE-2003-0293. | |||
| CVE-2007-0859 | 0.00 | — | 0.01 | Feb 16, 2007 | The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys. | |||
| CVE-2006-6286 | 0.00 | — | 0.00 | Dec 4, 2006 | Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this… | |||
| CVE-2002-0116 | 0.00 | — | 0.02 | Mar 25, 2002 | Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap. | |||
| CVE-2002-0120 | 0.00 | — | 0.00 | Mar 25, 2002 | Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information. | |||
| CVE-2001-1438 | 0.00 | — | 0.02 | Oct 22, 2001 | Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image. | |||
| CVE-2001-0157 | 0.00 | — | 0.01 | Jun 2, 2001 | Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. | |||
| CVE-1999-1065 | 0.00 | — | 0.02 | Nov 4, 1999 | Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. |
- CVE-2009-5098Sep 13, 2011risk 0.03cvss —epss 0.04
The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.
- CVE-2003-0293Jun 16, 2003risk 0.03cvss —epss 0.05
PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets.
- CVE-2000-1008Dec 11, 2000risk 0.03cvss —epss 0.01
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
- CVE-2009-5097Sep 13, 2011risk 0.00cvss —epss 0.02
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
- CVE-2009-5071Apr 19, 2011risk 0.00cvss —epss 0.02
Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."
- CVE-2007-4213Aug 21, 2007risk 0.00cvss —epss 0.02
Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote attackers to cause a denial of service (device reset or hang) via a flood of large ICMP echo requests. NOTE: this is probably a different vulnerability than CVE-2003-0293.
- CVE-2007-0859Feb 16, 2007risk 0.00cvss —epss 0.01
The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.
- CVE-2006-6286Dec 4, 2006risk 0.00cvss —epss 0.00
Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this…
- CVE-2002-0116Mar 25, 2002risk 0.00cvss —epss 0.02
Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap.
- CVE-2002-0120Mar 25, 2002risk 0.00cvss —epss 0.00
Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.
- CVE-2001-1438Oct 22, 2001risk 0.00cvss —epss 0.02
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
- CVE-2001-0157Jun 2, 2001risk 0.00cvss —epss 0.01
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled.
- CVE-1999-1065Nov 4, 1999risk 0.00cvss —epss 0.02
Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode.