145 matches found
CVE-2023-50914
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...
CVE-2022-31262
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as...
CVE-2020-24574
The client aka GalaxyClientService.exe in GOG GALAXY through 2.0.41 as of 12:58 AM Eastern, 9/26/21 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
PT-2025-45152
Name of the Vulnerable Software and Affected Versions GOG Galaxy version 2.0.0.2 Description GOG Galaxy version 2.0.0.2 is susceptible to a missing SSL certificate validation issue. An attacker with control over the local network, DNS, or a proxy can conduct a man-in-the-middle MitM attack. This...
GOG Galaxy 安全漏洞
GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy version 2.0.0.2, which stems from a lack of SSL certificate validation, and could lead to a man-in-the-middle attack that could...
EUVD-2025-37923
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
CVE-2025-56232
GOG Galaxy 2.0.0.2 is affected by a Missing SSL certificate validation vulnerability that enables local-network/MITM interception of update requests, potentially replacing installers or updates with malicious files. The issue is documented across multiple feeds (NVD, Red Hat, CNNVD, EUVD) with no...
EUVD-2020-4167
Malware in sbrugna...
EUVD-2018-15760
Malware in sbrugna...
EUVD-2018-15837
Malware in sbrugna...
EUVD-2018-15834
Malware in sbrugna...
EUVD-2018-15838
Malware in sbrugna...
EUVD-2018-15836
Malware in sbrugna...
EUVD-2020-7516
Malware in sbrugna...
EUVD-2020-7515
Malware in sbrugna...