Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Galaxy_store
(Samsung)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-26 | CVE-2023-21515 | InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | Galaxy_store | 8.8 | ||
| 2023-05-26 | CVE-2023-21516 | XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | Galaxy_store | 9.6 | ||
| 2023-02-09 | CVE-2023-21433 | Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | Galaxy_store | 7.8 | ||
| 2023-02-09 | CVE-2023-21434 | Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | Galaxy_store | 6.1 | ||
| 2022-07-12 | CVE-2022-33708 | Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | Galaxy_store | 7.8 | ||
| 2022-07-12 | CVE-2022-33709 | Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | Galaxy_store | 7.8 | ||
| 2022-07-12 | CVE-2022-33710 | Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | Galaxy_store | 7.8 | ||
| 2022-05-03 | CVE-2022-28791 | Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. | Galaxy_store | 5.5 | ||
| 2022-04-11 | CVE-2022-28544 | Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | Galaxy_store | 5.5 | ||
| 2022-04-11 | CVE-2022-28542 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | Galaxy_store | 5.5 |