CVE-2023-23618

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-426
View all →

Vulnerability Description

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.

Related Vulnerabilities

CVE-2013-2773

HIGH
CVSS:7.8(High)

Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

CWE-4262013

CVE-2013-3494

HIGH
CVSS:7.8(High)

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.

CWE-4262013

CVE-2013-3942

HIGH
CVSS:7.8(High)

Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability

CWE-4262013

CVE-2014-3860

HIGH
CVSS:7.8(High)

Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability

CWE-4262014

CVE-2014-8358

HIGH
CVSS:7.8(High)

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the ...

CWE-4262014

CVE-2015-0974

HIGH
CVSS:7.8(High)

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplay...

CWE-4262015