Vulnerabilities > GOG
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-31262 | Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46 An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. | 7.8 |
| 2021-04-30 | CVE-2021-26807 | Untrusted Search Path vulnerability in GOG Galaxy 2.0.28.9 GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. | 4.4 |
| 2020-08-21 | CVE-2020-24574 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. | 6.9 |
| 2020-08-06 | CVE-2020-7352 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. | 7.2 |
| 2020-07-14 | CVE-2020-11827 | Improper Privilege Management vulnerability in GOG Galaxy In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. | 7.2 |
| 2020-07-05 | CVE-2020-15529 | Improper Privilege Management vulnerability in GOG Galaxy 2.0.17 An issue was discovered in GOG Galaxy Client 2.0.17. | 9.3 |
| 2020-07-05 | CVE-2020-15528 | Improper Privilege Management vulnerability in GOG Galaxy 2.0.17 An issue was discovered in GOG Galaxy Client 2.0.17. | 9.3 |
| 2019-11-21 | CVE-2019-15511 | Improper Privilege Management vulnerability in GOG Galaxy An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. | 7.2 |
| 2019-05-30 | CVE-2018-4048 | Exposure of Resource to Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36 An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). | 7.2 |
| 2019-04-02 | CVE-2018-4053 | Improper Input Validation vulnerability in GOG Galaxy 1.2.47 An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 2.1 |