Vulnerabilities > Samsung > Galaxy Store > 4.5.36.4

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-21516 Cross-site Scripting vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
network
low complexity
samsung CWE-79
critical
 9.6
9.6
2023-02-09 CVE-2023-21433 Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
local
low complexity
samsung CWE-276
7.8
7.8
2023-02-09 CVE-2023-21434 Cross-site Scripting vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
network
low complexity
samsung CWE-79
6.1
6.1
2022-07-12 CVE-2022-33708 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.8
7.8
2022-07-12 CVE-2022-33709 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.8
7.8
2022-07-12 CVE-2022-33710 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.8
7.8
2022-05-03 CVE-2022-28791 Improper Input Validation vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path.
local
low complexity
samsung CWE-20
5.5
5.5
2022-04-11 CVE-2022-28542 Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
local
low complexity
samsung CWE-863
5.5
5.5
2022-04-11 CVE-2022-28544 Path Traversal vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.
local
low complexity
samsung CWE-22
5.5
5.5
2022-01-10 CVE-2022-22288 Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
network
low complexity
samsung
7.5
7.5