Vulnerabilities > GOG > Galaxy > 2.0.17

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-24574 Use of Hard-coded Credentials vulnerability in GOG Galaxy
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands.
local
low complexity
gog CWE-798
7.8
7.8
2020-07-05 CVE-2020-15529 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17
An issue was discovered in GOG Galaxy Client 2.0.17.
local
low complexity
gog CWE-732
7.8
7.8
2020-07-05 CVE-2020-15528 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17
An issue was discovered in GOG Galaxy Client 2.0.17.
local
low complexity
gog CWE-732
7.8
7.8