PT-2025-4177 · Samsung · Galaxy Store

Name of the Vulnerable Software and Affected Versions: Galaxy Store versions prior to 4.5.87.6 Description: The issue allows physical attackers to install arbitrary applications, bypassing the restrictions of Setupwizard through an alternate path in Galaxy Store. This enables attackers to...

CVE-2023-21433

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store...

Improper access control

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store...

The vulnerability of the omp-appmanager module for mobile applications within the application software “Avora Center” is related to deficiencies in access control in the isolated environment. This vulnerability allows a malicious individual to perform installation or deletion of mobile applications.

The vulnerability of the omp-appmanager module for mobile applications, which is part of the “Avora Center” application software, relates to the provision of unprivileged accounts for the privileged API used for installing and removing applications. Exploiting this vulnerability could allow a...

The vulnerability of the DirectX component in Windows operating systems allows attackers to gain rights to install programs, view, modify, or delete data, as well as create new accounts with full user privileges.

The vulnerability of the DirectX component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to gain privileges to install programs, view, modify, or delete data, and create new user accounts with full user rights using a...

Samsung XCover4 Access Control Error Vulnerability (CNVD-2020-14771)

Samsung XCover4 is a smartphone from Samsung South Korea. An access control error vulnerability exists in the Samsung XCover4. The vulnerability stems from the network system or product not properly restricting access to resources from unauthorized roles. An attacker could exploit the vulnerabili...

CVE-2019-13406

A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication...

Samsung Galaxy Apps URL Handling Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...