Filtered by vendor Samsung
Subscriptions
Filtered by product Galaxy Store
Subscriptions
Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42581 | 1 Samsung | 1 Galaxy Store | 2024-08-29 | 7.5 High |
| Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. | ||||
| CVE-2021-25499 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 7.1 High |
| Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | ||||
| CVE-2022-33710 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 7.8 High |
| Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | ||||
| CVE-2022-33708 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 7.8 High |
| Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | ||||
| CVE-2022-33709 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 7.8 High |
| Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | ||||
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 5.9 Medium |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | ||||
| CVE-2022-28791 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 6.2 Medium |
| Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. | ||||
| CVE-2022-28544 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 6.2 Medium |
| Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | ||||
| CVE-2022-28542 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 6.8 Medium |
| Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | ||||
| CVE-2022-22288 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 7.5 High |
| Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | ||||
| CVE-2023-42580 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 7.5 High |
| Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. | ||||
| CVE-2023-30705 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 6.8 Medium |
| Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission. | ||||
| CVE-2023-21515 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 7.5 High |
| InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2023-21514 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 7.5 High |
| Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2023-21516 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 7.5 High |
| XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2023-21434 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 6.2 Medium |
| Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | ||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 7.8 High |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | ||||
| CVE-2024-20825 | 1 Samsung | 1 Galaxy Store | 2024-08-01 | 5.5 Medium |
| Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | ||||
| CVE-2024-20823 | 1 Samsung | 1 Galaxy Store | 2024-08-01 | 5.5 Medium |
| Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | ||||
| CVE-2024-20824 | 1 Samsung | 1 Galaxy Store | 2024-08-01 | 5.5 Medium |
| Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | ||||