Every CVE whose affected-product data names Gog Galaxy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2020-7352 — CVSS 8.4 (high): The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping…
CVE-2018-4048 — CVSS 7.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy…
CVE-2018-4049 — CVSS 7.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version…
CVE-2018-4050 — CVSS 7.8 (high): An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for…
CVE-2022-31262 — CVSS 7.8 (high): An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker…
CVE-2020-24574 — CVSS 7.8 (high): The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation…
CVE-2021-26807 — CVSS 7.8 (high): GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an…
CVE-2018-3974 — CVSS 7.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker…
CVE-2019-15511 — CVSS 7.8 (high): An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access…
CVE-2020-11827 — CVSS 7.8 (high): In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put…
CVE-2020-15528 — CVSS 7.8 (high): An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game…
CVE-2020-15529 — CVSS 7.8 (high): An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a…
CVE-2018-4052 — CVSS 5.5 (medium): An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS…
CVE-2018-4053 — CVSS 5.5 (medium): An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS…
CVE-2018-4051 — CVSS 5.5 (medium): An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for…