Lucene search
K
MicrosoftLync Server

16 matches found

CVE
CVE
added 2022/07/12 10:37 p.m.348 views

CVE-2022-33633

CVE-2022-33633 affects Microsoft Skype for Business Server and Microsoft Lync Server (remote code execution). Connected sources reference an input-validation related RCE in Skype/Lync Server components and note affected products include Skype for Business Server 2019 CU6, Server 2015 CU12, and Ly...

7.2CVSS7.4AI score0.01806EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.308 views

CVE-2022-26911

Concrete details for CVE-2022-26911 show an information disclosure vulnerability in Microsoft Skype for Business-related servers. Affected products include Skype for Business Server 2019 (CU6), Skype for Business Server 2015 (CU12), and Microsoft Lync Server 2013 (CU10). The root cause is describ...

6.5CVSS6.5AI score0.03301EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.175 views

CVE-2021-26422

CVE-2021-26422 is a Remote Code Execution vulnerability affecting Microsoft Skype for Business Server and Lync Server. The Nessus plugin confirms exploitability and Microsoft MSRC update guidance ties the CVE-2021-26422 to the May 2021 security update KB5003729, addressing vulnerabilities in Skyp...

7.2CVSS7.2AI score0.02219EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.139 views

CVE-2021-24099

CVE-2021-24099 affects Skype for Business Server and Lync Server. The issue is described as insufficient input validation in the Skype for Business Server/Lync Server stack, enabling a remote attacker to cause a denial of service (availability impact HIGH). Microsoft released security updates (KB...

6.5CVSS6.4AI score0.02887EPSS
CVE
CVE
added 2013/05/15 1:0 a.m.125 views

CVE-2013-1302

The CVE-2013-1302 issue affects Microsoft Lync-related clients and servers (Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, Lync Server 2013). It is a use-after-free in which Lync components fail to handle memory objects that have been deleted, enabling remote code execution when a user is i...

9.3CVSS7.6AI score0.2191EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.113 views

CVE-2021-26421

CVE-2021-26421 affects Microsoft Skype for Business Server and Lync Server components (e.g., Skype for Business Server 2015 CU11, Lync Server 2013 CU10, etc.). The vulnerability is described as a spoofing of the user interface in Skype for Business and Lync, allowing an attacker to mimic another ...

7.1CVSS6.5AI score0.01411EPSS
CVE
CVE
added 2019/04/09 2:33 a.m.111 views

CVE-2019-0798

CVE-2019-0798 is a spoofing vulnerability in Skype for Business Server and Lync Server where an attacker could exploit a specially crafted request URL to cause cross-site scripting or UI spoofing. The issue is tied to improper sanitization of crafted inputs in affected servers, enabling an authen...

6.1CVSS6.2AI score0.02084EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.102 views

CVE-2021-24073

CVE-2021-24073 affects Skype for Business Server / Lync (Microsoft Lync Server). Public docs describe a spoofing vulnerability where the user interface can be manipulated to impersonate another user. Impact described across sources includes spoofing of UI, with broader advisories noting associate...

7.1CVSS6.4AI score0.0162EPSS
CVE
CVE
added 2019/06/12 1:49 p.m.88 views

CVE-2019-1029

CVE-2019-1029 affects Skype for Business and Lync Server. A denial-of-service can be triggered by an attacker who obtains a vulnerable server’s dial-in link and starts a rapid sequence of calls, causing the service to stop responding without code execution or privilege escalation. Root cause desc...

7.1CVSS6AI score0.05281EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.80 views

CVE-2015-2531

CVE-2015-2531 is an XSS vulnerability in the jQuery engine used by Microsoft Lync Server 2013 and Skype for Business Server 2015. The issue allows an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted URL, potentially exposing session information and enabling sc...

4.3CVSS5AI score0.10889EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.78 views

CVE-2015-2536

The CVE-2015-2536 issue is an XSS vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015. The root cause is improper sanitization of input (notably via crafted URLs in the web context), enabling remote attackers to execute arbitrary script or HTML in a logged-in user’s bro...

4.3CVSS5.2AI score0.08863EPSS
CVE
CVE
added 2014/06/11 1:0 a.m.64 views

CVE-2014-1823

CVE-2014-1823 is an XSS vulnerability affecting Microsoft Lync Server 2010 and 2013, specifically in the Web Components Server. A crafted URL containing a valid meeting ID can be used to inject arbitrary web script or HTML remotely. Multiple connected advisories corroborate the issue as an inform...

4.3CVSS5.5AI score0.5109EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.60 views

CVE-2015-2532

Microsoft Lync Server 2013 contains a cross-site scripting vulnerability (CVE-2015-2532) triggered by a crafted URL, due to improper sanitization (jQuery-based context cited). It permits remote attackers to run arbitrary web script in a user’s browser, as described in the CVE record and corrobora...

4.3CVSS4.9AI score0.10889EPSS
CVE
CVE
added 2014/09/10 1:0 a.m.56 views

CVE-2014-4070

CVE-2014-4070 is an XSS vulnerability affecting Microsoft Lync Server 2013 (Web Components Server). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL, stemming from insufficient input sanitization. Multiple connected sources corroborate this, listing Lync ...

4.3CVSS4.9AI score0.10916EPSS
CVE
CVE
added 2014/09/10 1:0 a.m.55 views

CVE-2014-4068

CVE-2014-4068 affects Microsoft Lync Server 2010 and 2013: the Response Group Service (and Core Components in Lync Server 2013) do not properly handle exceptions, enabling remote attackers to cause a denial of service (daemon hang) via a crafted call. The issue is documented with MS14-055; remedi...

5CVSS6.5AI score0.19692EPSS
CVE
CVE
added 2014/09/10 1:0 a.m.50 views

CVE-2014-4071

CVE-2014-4071 concerns a remote denial of service vulnerability in Microsoft Lync Server 2013 caused by a NULL pointer dereference when processing crafted requests, leading to a daemon hang. The vulnerability is described as part of a set of issues affecting Microsoft Lync Server 2010/2013, with ...

5CVSS6.5AI score0.18986EPSS