Vulnerabilities > GOG > Galaxy

DATE CVE VULNERABILITY TITLE RISK
2022-08-17 CVE-2022-31262 Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46/2.0.51
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46.
local
low complexity
gog CWE-281
7.8
2021-04-30 CVE-2021-26807 Untrusted Search Path vulnerability in GOG Galaxy 2.0.28.9
GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.
local
low complexity
gog CWE-426
7.8
2020-08-21 CVE-2020-24574 Use of Hard-coded Credentials vulnerability in GOG Galaxy
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands.
local
low complexity
gog CWE-798
7.8
2020-08-06 CVE-2020-7352 Use of Hard-coded Credentials vulnerability in GOG Galaxy
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment.
local
low complexity
gog CWE-798
8.8
2020-07-14 CVE-2020-11827 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe.
local
low complexity
gog CWE-732
7.8
2020-07-05 CVE-2020-15529 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17
An issue was discovered in GOG Galaxy Client 2.0.17.
local
low complexity
gog CWE-732
7.8
2020-07-05 CVE-2020-15528 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17
An issue was discovered in GOG Galaxy Client 2.0.17.
local
low complexity
gog CWE-732
7.8
2019-11-21 CVE-2019-15511 Missing Authentication for Critical Function vulnerability in GOG Galaxy
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy.
local
low complexity
gog CWE-306
7.8
2019-05-30 CVE-2018-4048 Exposure of Resource to Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer).
local
low complexity
gog CWE-668
7.8
2019-04-02 CVE-2018-4053 Improper Input Validation vulnerability in GOG Galaxy 1.2.47
An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS.
local
low complexity
gog CWE-20
5.5