16 matches found
CVE-2022-33633
CVE-2022-33633 affects Microsoft Skype for Business Server and Microsoft Lync Server (remote code execution). Connected sources reference an input-validation related RCE in Skype/Lync Server components and note affected products include Skype for Business Server 2019 CU6, Server 2015 CU12, and Ly...
CVE-2022-26911
Concrete details for CVE-2022-26911 show an information disclosure vulnerability in Microsoft Skype for Business-related servers. Affected products include Skype for Business Server 2019 (CU6), Skype for Business Server 2015 (CU12), and Microsoft Lync Server 2013 (CU10). The root cause is describ...
CVE-2021-26422
CVE-2021-26422 is a Remote Code Execution vulnerability affecting Microsoft Skype for Business Server and Lync Server. The Nessus plugin confirms exploitability and Microsoft MSRC update guidance ties the CVE-2021-26422 to the May 2021 security update KB5003729, addressing vulnerabilities in Skyp...
CVE-2021-24099
CVE-2021-24099 affects Skype for Business Server and Lync Server. The issue is described as insufficient input validation in the Skype for Business Server/Lync Server stack, enabling a remote attacker to cause a denial of service (availability impact HIGH). Microsoft released security updates (KB...
CVE-2013-1302
The CVE-2013-1302 issue affects Microsoft Lync-related clients and servers (Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, Lync Server 2013). It is a use-after-free in which Lync components fail to handle memory objects that have been deleted, enabling remote code execution when a user is i...
CVE-2021-26421
CVE-2021-26421 affects Microsoft Skype for Business Server and Lync Server components (e.g., Skype for Business Server 2015 CU11, Lync Server 2013 CU10, etc.). The vulnerability is described as a spoofing of the user interface in Skype for Business and Lync, allowing an attacker to mimic another ...
CVE-2019-0798
CVE-2019-0798 is a spoofing vulnerability in Skype for Business Server and Lync Server where an attacker could exploit a specially crafted request URL to cause cross-site scripting or UI spoofing. The issue is tied to improper sanitization of crafted inputs in affected servers, enabling an authen...
CVE-2021-24073
CVE-2021-24073 affects Skype for Business Server / Lync (Microsoft Lync Server). Public docs describe a spoofing vulnerability where the user interface can be manipulated to impersonate another user. Impact described across sources includes spoofing of UI, with broader advisories noting associate...
CVE-2019-1029
CVE-2019-1029 affects Skype for Business and Lync Server. A denial-of-service can be triggered by an attacker who obtains a vulnerable server’s dial-in link and starts a rapid sequence of calls, causing the service to stop responding without code execution or privilege escalation. Root cause desc...
CVE-2015-2531
CVE-2015-2531 is an XSS vulnerability in the jQuery engine used by Microsoft Lync Server 2013 and Skype for Business Server 2015. The issue allows an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted URL, potentially exposing session information and enabling sc...
CVE-2015-2536
The CVE-2015-2536 issue is an XSS vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015. The root cause is improper sanitization of input (notably via crafted URLs in the web context), enabling remote attackers to execute arbitrary script or HTML in a logged-in user’s bro...
CVE-2014-1823
CVE-2014-1823 is an XSS vulnerability affecting Microsoft Lync Server 2010 and 2013, specifically in the Web Components Server. A crafted URL containing a valid meeting ID can be used to inject arbitrary web script or HTML remotely. Multiple connected advisories corroborate the issue as an inform...
CVE-2015-2532
Microsoft Lync Server 2013 contains a cross-site scripting vulnerability (CVE-2015-2532) triggered by a crafted URL, due to improper sanitization (jQuery-based context cited). It permits remote attackers to run arbitrary web script in a user’s browser, as described in the CVE record and corrobora...
CVE-2014-4070
CVE-2014-4070 is an XSS vulnerability affecting Microsoft Lync Server 2013 (Web Components Server). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL, stemming from insufficient input sanitization. Multiple connected sources corroborate this, listing Lync ...
CVE-2014-4068
CVE-2014-4068 affects Microsoft Lync Server 2010 and 2013: the Response Group Service (and Core Components in Lync Server 2013) do not properly handle exceptions, enabling remote attackers to cause a denial of service (daemon hang) via a crafted call. The issue is documented with MS14-055; remedi...
CVE-2014-4071
CVE-2014-4071 concerns a remote denial of service vulnerability in Microsoft Lync Server 2013 caused by a NULL pointer dereference when processing crafted requests, leading to a daemon hang. The vulnerability is described as part of a set of issues affecting Microsoft Lync Server 2010/2013, with ...