Galaxy Store
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21434 | 0.00 | — | 0.13 | Feb 9, 2023 | Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | |||
| CVE-2023-21433 | 0.00 | — | 0.04 | Feb 9, 2023 | Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||
| CVE-2022-33710 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||
| CVE-2022-33709 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||
| CVE-2022-33708 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||
| CVE-2022-28791 | 0.00 | — | 0.00 | May 3, 2022 | Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. | |||
| CVE-2022-28776 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | |||
| CVE-2022-28544 | 0.00 | — | 0.01 | Apr 11, 2022 | Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | |||
| CVE-2022-28542 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | |||
| CVE-2022-22288 | 0.00 | — | 0.01 | Jan 7, 2022 | Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | |||
| CVE-2021-25499 | 0.00 | — | 0.00 | Oct 6, 2021 | Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. |
- CVE-2023-21434Feb 9, 2023risk 0.00cvss —epss 0.13
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
- CVE-2023-21433Feb 9, 2023risk 0.00cvss —epss 0.04
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
- CVE-2022-33710Jul 11, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
- CVE-2022-33709Jul 11, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
- CVE-2022-33708Jul 11, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
- CVE-2022-28791May 3, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
- CVE-2022-28776Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
- CVE-2022-28544Apr 11, 2022risk 0.00cvss —epss 0.01
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.
- CVE-2022-28542Apr 11, 2022risk 0.00cvss —epss 0.00
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
- CVE-2022-22288Jan 7, 2022risk 0.00cvss —epss 0.01
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
- CVE-2021-25499Oct 6, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.
Page 2 of 2