Vulnerabilities (CVE)

Filtered by vendor Samsung Subscribe
Filtered by product Galaxy Store
Total 21 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-42581 1 Samsung 1 Galaxy Store 2024-08-29 N/A 7.5 HIGH
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
CVE-2024-20824 1 Samsung 1 Galaxy Store 2024-02-28 N/A 5.5 MEDIUM
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2023-42580 1 Samsung 1 Galaxy Store 2024-02-28 N/A 9.8 CRITICAL
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
CVE-2024-20822 1 Samsung 1 Galaxy Store 2024-02-28 N/A 5.5 MEDIUM
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2024-20823 1 Samsung 1 Galaxy Store 2024-02-28 N/A 5.5 MEDIUM
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2024-20825 1 Samsung 1 Galaxy Store 2024-02-28 N/A 5.5 MEDIUM
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2023-30705 1 Samsung 1 Galaxy Store 2024-02-28 N/A 5.5 MEDIUM
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.
CVE-2023-21515 1 Samsung 1 Galaxy Store 2024-02-28 N/A 8.8 HIGH
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21514 1 Samsung 1 Galaxy Store 2024-02-28 N/A 8.8 HIGH
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21516 1 Samsung 1 Galaxy Store 2024-02-28 N/A 9.6 CRITICAL
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21433 1 Samsung 1 Galaxy Store 2024-02-28 N/A 7.8 HIGH
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
CVE-2023-21434 1 Samsung 1 Galaxy Store 2024-02-28 N/A 6.1 MEDIUM
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
CVE-2022-33709 1 Samsung 1 Galaxy Store 2024-02-28 7.2 HIGH 7.8 HIGH
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
CVE-2022-33708 1 Samsung 1 Galaxy Store 2024-02-28 7.2 HIGH 7.8 HIGH
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
CVE-2022-33710 1 Samsung 1 Galaxy Store 2024-02-28 7.2 HIGH 7.8 HIGH
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
CVE-2022-28544 1 Samsung 1 Galaxy Store 2024-02-28 5.0 MEDIUM 5.5 MEDIUM
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.
CVE-2022-28776 1 Samsung 1 Galaxy Store 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
CVE-2022-28791 1 Samsung 1 Galaxy Store 2024-02-28 2.1 LOW 5.5 MEDIUM
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
CVE-2022-28542 1 Samsung 1 Galaxy Store 2024-02-28 2.1 LOW 5.5 MEDIUM
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
CVE-2022-22288 1 Samsung 1 Galaxy Store 2024-02-28 5.0 MEDIUM 7.5 HIGH
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.