Vulnerabilities > GOG > Galaxy > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-17 CVE-2022-31262 Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46/2.0.51
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46.
local
low complexity
gog CWE-281
7.8
2021-04-30 CVE-2021-26807 Untrusted Search Path vulnerability in GOG Galaxy 2.0.28.9
GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.
local
low complexity
gog CWE-426
7.8
2020-08-21 CVE-2020-24574 Use of Hard-coded Credentials vulnerability in GOG Galaxy
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands.
local
low complexity
gog CWE-798
7.8
2020-08-06 CVE-2020-7352 Use of Hard-coded Credentials vulnerability in GOG Galaxy
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment.
local
low complexity
gog CWE-798
8.8
2020-07-14 CVE-2020-11827 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe.
local
low complexity
gog CWE-732
7.8
2020-07-05 CVE-2020-15529 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17
An issue was discovered in GOG Galaxy Client 2.0.17.
local
low complexity
gog CWE-732
7.8
2020-07-05 CVE-2020-15528 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17
An issue was discovered in GOG Galaxy Client 2.0.17.
local
low complexity
gog CWE-732
7.8
2019-11-21 CVE-2019-15511 Missing Authentication for Critical Function vulnerability in GOG Galaxy
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy.
local
low complexity
gog CWE-306
7.8
2019-05-30 CVE-2018-4048 Exposure of Resource to Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer).
local
low complexity
gog CWE-668
7.8
2019-04-02 CVE-2018-4049 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.48.36
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer).
local
low complexity
gog CWE-732
7.8