Vulnerabilities > Samsung > Galaxy Store > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-42581 Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
network
low complexity
samsung
7.5
7.5
2023-05-26 CVE-2023-21514 Improper Input Validation vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
network
low complexity
samsung CWE-20
8.8
8.8
2023-05-26 CVE-2023-21515 Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
network
low complexity
samsung
8.8
8.8
2023-02-09 CVE-2023-21433 Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
local
low complexity
samsung CWE-276
7.8
7.8
2022-07-12 CVE-2022-33708 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.2
7.2
2022-07-12 CVE-2022-33709 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.2
7.2
2022-07-12 CVE-2022-33710 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.2
7.2
2022-04-11 CVE-2022-28776 Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
local
low complexity
samsung
7.8
7.8
2022-01-10 CVE-2022-22288 Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
network
low complexity
samsung
7.5
7.5