VYPR

Galaxy Store

by Samsung Mobile

CVEs (31)

  • CVE-2023-21434Feb 9, 2023
    risk 0.00cvss epss 0.13

    Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

  • CVE-2023-21433Feb 9, 2023
    risk 0.00cvss epss 0.04

    Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.

  • CVE-2022-33710Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

  • CVE-2022-33709Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

  • CVE-2022-33708Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

  • CVE-2022-28791May 3, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.

  • CVE-2022-28776Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.

  • CVE-2022-28544Apr 11, 2022
    risk 0.00cvss epss 0.01

    Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.

  • CVE-2022-28542Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

  • CVE-2022-22288Jan 7, 2022
    risk 0.00cvss epss 0.01

    Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

  • CVE-2021-25499Oct 6, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.

Page 2 of 2