Skip to main content

Galaxy

14 CVEs product

Monthly

CVE-2024-42351 CRITICAL PATCH Act Now

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Galaxy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-42346 PyPI MEDIUM PATCH This Month

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Galaxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-42812 MEDIUM POC This Month

Galaxy is an open-source platform for FAIR data analysis. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Galaxy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-27578 HIGH PATCH This Week

Galaxy is an open-source platform for data analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Galaxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23470 HIGH PATCH This Week

Galaxy is an open-source platform for data analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Apache Nginx Galaxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-31262 HIGH POC This Week

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Galaxy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-26807 HIGH POC This Week

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Galaxy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24574 HIGH POC This Week

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Authentication Bypass Galaxy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-7352 HIGH POC PATCH Act Now

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Galaxy
NVD GitHub
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-11827 HIGH This Week

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15529 HIGH This Week

An issue was discovered in GOG Galaxy Client 2.0.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-15528 HIGH This Week

An issue was discovered in GOG Galaxy Client 2.0.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-15511 HIGH This Week

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Privilege Escalation Galaxy
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-1000516 PyPI MEDIUM PATCH This Month

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Galaxy
NVD
CVSS 3.0
6.1
EPSS
1.0%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Galaxy
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Galaxy
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Galaxy is an open-source platform for FAIR data analysis. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Galaxy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Galaxy is an open-source platform for data analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Galaxy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Galaxy is an open-source platform for data analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Apache Nginx +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Galaxy
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Galaxy
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Authentication Bypass +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH Act Now

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Galaxy
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in GOG Galaxy Client 2.0.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in GOG Galaxy Client 2.0.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Privilege Escalation +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Galaxy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy