Vulnerabilities > GOG > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-17 CVE-2022-31262 Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46.
local
low complexity
gog CWE-281
7.8
2020-08-06 CVE-2020-7352 Use of Hard-coded Credentials vulnerability in GOG Galaxy
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment.
local
low complexity
gog CWE-798
7.2
2020-07-14 CVE-2020-11827 Improper Privilege Management vulnerability in GOG Galaxy
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe.
local
low complexity
gog CWE-269
7.2
2019-11-21 CVE-2019-15511 Improper Privilege Management vulnerability in GOG Galaxy
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy.
local
low complexity
gog CWE-269
7.2
2019-05-30 CVE-2018-4048 Exposure of Resource to Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer).
local
low complexity
gog CWE-668
7.2
2019-04-02 CVE-2018-4049 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.48.36
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer).
local
low complexity
gog CWE-732
7.2
2019-04-02 CVE-2018-3974 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.45.61
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory.
local
low complexity
gog CWE-732
7.8
2019-04-01 CVE-2018-4050 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.47
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS.
local
low complexity
gog CWE-732
7.2