CVE-2024-42351

< 21.05

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing i

6.5MEDIUM

CVE-2024-42346

< 24.1.1

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing i

7.6HIGH

CVE-2023-42812

< 22.05

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forg

6.3MEDIUM

CVE-2023-27578

< 22.01

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0

9.1CRITICAL

CVE-2015-10062

< 14.10.1

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown par

5.5MEDIUM

CVE-2022-23470

>= 22.01 and <= 22.05

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the swi

8.6HIGH

CVE-2022-31262

>= 2.0.46 and <= 2.0.51

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an at

7.8HIGH

CVE-2021-26807

all versions

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which a

7.8HIGH

CVE-2020-24574

>= 2.0.13 and <= 2.0.41

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege esc

7.8HIGH

CVE-2020-7352

>= 1.2.0 and <= 1.2.64

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software

8.4HIGH

CVE-2020-11827

< 1.2.67

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker

7.8HIGH

CVE-2020-15529

all versions

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or per

7.8HIGH

CVE-2020-15528

all versions

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a

7.8HIGH

CVE-2019-15511

< 1.2.60

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper

7.8HIGH

CVE-2018-4048

all versions

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Temp directory in GOG Galaxy

7.8HIGH

CVE-2018-4053

all versions

An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 fo

5.5MEDIUM

CVE-2018-4052

all versions

An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for

5.5MEDIUM

CVE-2018-4051

all versions

An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47

5.5MEDIUM

CVE-2018-4049

all versions

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory

7.8HIGH

CVE-2018-3974

all versions

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An

7.8HIGH

CVE-2018-4050

all versions

An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47

7.8HIGH

CVE-2018-1000516

all versions

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerabil

6.1MEDIUM