) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:samsung:galaxy_store:4.5.41.8:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-20825 |
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Published: February 05, 2024; 10:15:10 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2024-20824 |
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Published: February 05, 2024; 10:15:10 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2024-20823 |
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Published: February 05, 2024; 10:15:10 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2024-20822 |
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Published: February 05, 2024; 10:15:09 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2023-42581 |
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. Published: December 04, 2023; 10:15:19 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-42580 |
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. Published: December 04, 2023; 10:15:19 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-30705 |
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission. Published: August 09, 2023; 10:15:12 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2023-21516 |
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Published: May 26, 2023; 6:15:14 PM -0400 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
| CVE-2023-21515 |
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Published: May 26, 2023; 6:15:14 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-21514 |
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Published: May 26, 2023; 6:15:14 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-21434 |
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. Published: February 09, 2023; 2:15:15 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-21433 |
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. Published: February 09, 2023; 2:15:15 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |