Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Samsung Subscribe
Filtered by product Galaxy Store
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-21433 1 Samsung 1 Galaxy Store 2023-02-17 N/A 7.8 HIGH
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
CVE-2023-21434 1 Samsung 1 Galaxy Store 2023-02-17 N/A 6.1 MEDIUM
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
CVE-2022-28791 1 Samsung 1 Galaxy Store 2022-05-11 2.1 LOW 5.5 MEDIUM
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
CVE-2022-28544 1 Samsung 1 Galaxy Store 2022-04-21 5.0 MEDIUM 5.5 MEDIUM
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.
CVE-2022-28542 1 Samsung 1 Galaxy Store 2022-04-20 2.1 LOW 5.5 MEDIUM
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
CVE-2022-28776 1 Samsung 1 Galaxy Store 2022-04-19 4.6 MEDIUM 7.8 HIGH
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
CVE-2022-22288 1 Samsung 1 Galaxy Store 2022-01-19 5.0 MEDIUM 7.5 HIGH
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
CVE-2021-25499 1 Samsung 1 Galaxy Store 2021-10-14 2.1 LOW 5.5 MEDIUM
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.