Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Galaxy_store
(Samsung)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-07 | CVE-2024-20870 | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | Galaxy_store | 5.5 | ||
| 2025-02-04 | CVE-2025-20895 | Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard. | Galaxy_store | 4.6 | ||
| 2025-04-08 | CVE-2025-20951 | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | Galaxy_store | 5.5 | ||
| 2024-07-02 | CVE-2024-34601 | Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. | Galaxy_store | 5.3 | ||
| 2021-10-06 | CVE-2021-25499 | Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | Galaxy_store | 5.5 | ||
| 2022-01-10 | CVE-2022-22288 | Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | Galaxy_store | 7.5 | ||
| 2022-04-11 | CVE-2022-28542 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | Galaxy_store | 5.5 | ||
| 2022-04-11 | CVE-2022-28544 | Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | Galaxy_store | 5.5 | ||
| 2022-04-11 | CVE-2022-28776 | Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | Galaxy_store | 7.8 | ||
| 2022-05-03 | CVE-2022-28791 | Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. | Galaxy_store | 5.5 |