Samsung Galaxy Apps vulnerabilities

CVE-2018-20135 [HIGH] CWE-295 CVE-2018-20135: Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on i Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps

CVE-2018-10502 [HIGH] CWE-269 CVE-2018-10502: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sams This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue li

CVE-2018-10500 [HIGH] CWE-284 CVE-2018-10500: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sams This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lie

CVE-2018-10499 [HIGH] CWE-20 CVE-2018-10499: This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of S This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue lies in th