Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11330
HistoryOct 09, 2018 - 12:00 a.m.

KLA11330 Multiple vulnerabilities in Microsoft Developer Tools

2018-10-0900:00:00
Kaspersky Lab
threats.kaspersky.com
519

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Azure IoT Device Client SDK can be exploited remotely to obtain sensitive information.
  2. An information disclosure vulnerability in .NET Core can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2018-8531

CVE-2018-8292

Related products

Microsoft-Edge

Microsoft-Azure

CVE list

CVE-2018-8531 critical

CVE-2018-8292 warning

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

  • Azure IoT EdgeHub Device Client SDK for Azure IoT.NET Core 1.0PowerShell Core 6.0.NET Core 1.1.NET Core 2.1

Related

redhat 1
prion 2
cvelist 2
cve 2
mscve 2
veracode 2
symantec 2
nessus 3
openvas 4
ibm 2
ubuntucve 1
github 1
osv 2
nvd 2
redhatcve 1
thn 1
talosblog 1
redhat
redhat
(RHSA-2018:2902) Moderate: .NET Core on Red Hat Enterprise Linux security update
2018-10-09 23:59:43
prion
prion
Information disclosure
2018-10-10 13:29:00
Remote code execution
2018-10-10 13:29:00
cvelist
cvelist
CVE-2018-8292
2018-10-10 13:00:00
CVE-2018-8531
2018-10-10 13:00:00
cve
cve
CVE-2018-8292
2018-10-10 13:29:01
CVE-2018-8531
2018-10-10 13:29:06
mscve
mscve
.NET Core Information Disclosure Vulnerability
2018-10-09 07:00:00
Azure IoT Device Client SDK Memory Corruption Vulnerability
2018-10-09 07:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:25:05
Information Disclosure
2018-10-11 08:16:36
symantec
symantec
Microsoft .NET Core CVE-2018-8292 Information Disclosure Vulnerability
2018-10-09 00:00:00
Microsoft Azure IoT Device Client SDK CVE-2018-8531 Remote Memory Corruption Vulnerability
2018-10-09 00:00:00
nessus
nessus
Security Update for .NET Core (October 2018)
2018-10-16 00:00:00
Security Update for .NET Core SDK (October 2018)
2018-10-16 00:00:00
RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2018:2902)
2018-10-16 00:00:00
openvas
openvas
Microsoft PowerShell Core Information Disclosure Vulnerability (Oct 2018) - Windows
2018-10-11 00:00:00
.NET Core Information Disclosure Vulnerability (Oct 2018) - Windows
2018-10-11 00:00:00
Microsoft PowerShell Core Information Disclosure Vulnerability (Oct 2018) - Linux
2018-10-11 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Microsoft .NET Core may affect IBM Robotic Process Automation and result in a remote attacker obtaining sensitive information (CVE-2018-8292).
2023-09-11 16:02:31
Security Bulletin: Multiple Security vulnerabilities may affect IBM Robotic Process Automation
2022-05-12 01:34:52
ubuntucve
ubuntucve
CVE-2018-8292
2018-10-10 00:00:00
github
github
.NET Core Information Disclosure
2021-04-21 19:16:06
osv
osv
CVE-2018-8292
2018-10-10 13:29:01
.NET Core Information Disclosure
2021-04-21 19:16:06
nvd
nvd
CVE-2018-8531
2018-10-10 13:29:06
CVE-2018-8292
2018-10-10 13:29:01
redhatcve
redhatcve
CVE-2018-8292
2020-01-18 15:58:08
thn
thn
Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
2018-10-09 18:40:00
talosblog
talosblog
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
2018-10-09 11:38:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON
Related for KLA11330
redhat1prion2cvelist2cve2mscve2veracode2symantec2nessus3openvas4ibm2ubuntucve1github1osv2nvd2redhatcve1thn1talosblog1