Vulnerabilities > GOG > Galaxy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-31262 | Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46/2.0.51 An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. | 7.8 |
| 2021-04-30 | CVE-2021-26807 | Untrusted Search Path vulnerability in GOG Galaxy 2.0.28.9 GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. | 7.8 |
| 2020-08-21 | CVE-2020-24574 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. | 7.8 |
| 2020-08-06 | CVE-2020-7352 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. | 8.8 |
| 2020-07-14 | CVE-2020-11827 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. | 7.8 |
| 2020-07-05 | CVE-2020-15529 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17 An issue was discovered in GOG Galaxy Client 2.0.17. | 7.8 |
| 2020-07-05 | CVE-2020-15528 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 2.0.17 An issue was discovered in GOG Galaxy Client 2.0.17. | 7.8 |
| 2019-11-21 | CVE-2019-15511 | Missing Authentication for Critical Function vulnerability in GOG Galaxy An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. | 7.8 |
| 2019-05-30 | CVE-2018-4048 | Exposure of Resource to Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36 An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). | 7.8 |
| 2019-04-02 | CVE-2018-4049 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.48.36 An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). | 7.8 |