Skype For Business
by Microsoft
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8695 | Med | 0.35 | 5.3 | 0.10 | Sep 13, 2017 | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype… | ||
| CVE-2017-0073 | Med | 0.31 | 4.3 | 0.33 | Mar 17, 2017 | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from… | ||
| CVE-2017-8676 | Low | 0.23 | 3.3 | 0.14 | Sep 13, 2017 | The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for… | ||
| CVE-2023-41763 | 0.13 | — | 0.90 | KEV | Oct 10, 2023 | Skype for Business Elevation of Privilege Vulnerability | ||
| CVE-2022-26911 | 0.02 | — | 0.03 | Apr 15, 2022 | Skype for Business Information Disclosure Vulnerability | |||
| CVE-2015-6108 | 0.02 | — | 0.26 | Dec 9, 2015 | The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4,… | |||
| CVE-2021-24099 | 0.01 | — | 0.03 | Feb 25, 2021 | Skype for Business and Lync Denial of Service Vulnerability | |||
| CVE-2020-1462 | 0.01 | — | 0.04 | Jul 14, 2020 | An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'. | |||
| CVE-2020-1432 | 0.01 | — | 0.04 | Jul 14, 2020 | An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. | |||
| CVE-2020-1025 | 0.01 | — | 0.06 | Jul 14, 2020 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit… | |||
| CVE-2019-1084 | 0.01 | — | 0.05 | Jul 15, 2019 | An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to… | |||
| CVE-2019-1029 | 0.01 | — | 0.05 | Jun 12, 2019 | A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's… | |||
| CVE-2018-8546 | 0.01 | — | 0.05 | Nov 14, 2018 | A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype. | |||
| CVE-2015-6107 | 0.01 | — | 0.18 | Dec 9, 2015 | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for… | |||
| CVE-2015-6106 | 0.01 | — | 0.17 | Dec 9, 2015 | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted… | |||
| CVE-2015-6061 | 0.01 | — | 0.13 | Nov 11, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information… | |||
| CVE-2015-2503 | 0.01 | — | 0.17 | Nov 11, 2015 | Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2,… | |||
| CVE-2015-2536 | 0.01 | — | 0.09 | Sep 9, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability." | |||
| CVE-2015-2531 | 0.01 | — | 0.11 | Sep 9, 2015 | Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information… | |||
| CVE-2024-20695 | 0.00 | — | 0.01 | Feb 13, 2024 | Skype for Business Information Disclosure Vulnerability |
- risk 0.35cvss 5.3epss 0.10
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype…
- risk 0.31cvss 4.3epss 0.33
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from…
- risk 0.23cvss 3.3epss 0.14
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for…
- risk 0.13cvss —epss 0.90
Skype for Business Elevation of Privilege Vulnerability
- CVE-2022-26911Apr 15, 2022risk 0.02cvss —epss 0.03
Skype for Business Information Disclosure Vulnerability
- CVE-2015-6108Dec 9, 2015risk 0.02cvss —epss 0.26
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4,…
- CVE-2021-24099Feb 25, 2021risk 0.01cvss —epss 0.03
Skype for Business and Lync Denial of Service Vulnerability
- CVE-2020-1462Jul 14, 2020risk 0.01cvss —epss 0.04
An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'.
- CVE-2020-1432Jul 14, 2020risk 0.01cvss —epss 0.04
An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.
- CVE-2020-1025Jul 14, 2020risk 0.01cvss —epss 0.06
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit…
- CVE-2019-1084Jul 15, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to…
- CVE-2019-1029Jun 12, 2019risk 0.01cvss —epss 0.05
A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's…
- CVE-2018-8546Nov 14, 2018risk 0.01cvss —epss 0.05
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
- CVE-2015-6107Dec 9, 2015risk 0.01cvss —epss 0.18
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for…
- CVE-2015-6106Dec 9, 2015risk 0.01cvss —epss 0.17
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted…
- CVE-2015-6061Nov 11, 2015risk 0.01cvss —epss 0.13
Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information…
- CVE-2015-2503Nov 11, 2015risk 0.01cvss —epss 0.17
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2,…
- CVE-2015-2536Sep 9, 2015risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."
- CVE-2015-2531Sep 9, 2015risk 0.01cvss —epss 0.11
Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information…
- CVE-2024-20695Feb 13, 2024risk 0.00cvss —epss 0.01
Skype for Business Information Disclosure Vulnerability
Page 2 of 3