Vendor CVEs
Skype Technologies
All CVEs
23 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-3136 | 0.04 | — | 0.07 | Aug 26, 2010 | Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. | |||
| CVE-2006-5084 | 0.04 | — | 0.16 | Sep 29, 2006 | Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null… | |||
| CVE-2008-5697 | 0.03 | — | 0.02 | Dec 22, 2008 | The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument. | |||
| CVE-2008-0454 | 0.02 | — | 0.25 | Jan 25, 2008 | Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1)… | |||
| CVE-2019-0932 | 0.01 | — | 0.05 | May 16, 2019 | An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'. | |||
| CVE-2005-3267 | 0.01 | — | 0.07 | Oct 27, 2005 | Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a… | |||
| CVE-2019-0622 | 0.00 | — | 0.02 | Jan 8, 2019 | An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35. | |||
| CVE-2011-2074 | 0.00 | — | 0.03 | May 10, 2011 | Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. | |||
| CVE-2011-1717 | 0.00 | — | 0.00 | Apr 18, 2011 | Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information. | |||
| CVE-2009-4741 | 0.00 | — | 0.02 | Mar 26, 2010 | Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. | |||
| CVE-2008-1805 | 0.00 | — | 0.04 | Jun 6, 2008 | Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the… | |||
| CVE-2008-2545 | 0.00 | — | 0.04 | Jun 6, 2008 | Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension… | |||
| CVE-2008-0582 | 0.00 | — | 0.01 | Feb 5, 2008 | Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible… | |||
| CVE-2008-0583 | 0.00 | — | 0.02 | Feb 5, 2008 | Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified… | |||
| CVE-2007-5989 | 0.00 | — | 0.04 | Dec 13, 2007 | Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. | |||
| CVE-2007-4429 | 0.00 | — | 0.02 | Aug 20, 2007 | Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the… | |||
| CVE-2006-2312 | 0.00 | — | 0.04 | May 19, 2006 | Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. | |||
| CVE-2005-3265 | 0.00 | — | 0.06 | Oct 27, 2005 | Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. | |||
| CVE-2005-2300 | 0.00 | — | 0.00 | Jul 19, 2005 | Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file. | |||
| CVE-2005-1407 | 0.00 | — | 0.00 | May 3, 2005 | Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. | |||
| CVE-2004-1114 | 0.00 | — | 0.06 | Jan 10, 2005 | Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777. | |||
| CVE-2004-1777 | 0.00 | — | 0.02 | Dec 31, 2004 | A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | |||
| CVE-2004-1778 | 0.00 | — | 0.00 | Dec 22, 2004 | Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks. |
- CVE-2010-3136Aug 26, 2010risk 0.04cvss —epss 0.07
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.
- CVE-2006-5084Sep 29, 2006risk 0.04cvss —epss 0.16
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null…
- CVE-2008-5697Dec 22, 2008risk 0.03cvss —epss 0.02
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
- CVE-2008-0454Jan 25, 2008risk 0.02cvss —epss 0.25
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1)…
- CVE-2019-0932May 16, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.
- CVE-2005-3267Oct 27, 2005risk 0.01cvss —epss 0.07
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a…
- CVE-2019-0622Jan 8, 2019risk 0.00cvss —epss 0.02
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.
- CVE-2011-2074May 10, 2011risk 0.00cvss —epss 0.03
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message.
- CVE-2011-1717Apr 18, 2011risk 0.00cvss —epss 0.00
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.
- CVE-2009-4741Mar 26, 2010risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
- CVE-2008-1805Jun 6, 2008risk 0.00cvss —epss 0.04
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the…
- CVE-2008-2545Jun 6, 2008risk 0.00cvss —epss 0.04
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension…
- CVE-2008-0582Feb 5, 2008risk 0.00cvss —epss 0.01
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible…
- CVE-2008-0583Feb 5, 2008risk 0.00cvss —epss 0.02
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified…
- CVE-2007-5989Dec 13, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
- CVE-2007-4429Aug 20, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the…
- CVE-2006-2312May 19, 2006risk 0.00cvss —epss 0.04
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
- CVE-2005-3265Oct 27, 2005risk 0.00cvss —epss 0.06
Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.
- CVE-2005-2300Jul 19, 2005risk 0.00cvss —epss 0.00
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
- CVE-2005-1407May 3, 2005risk 0.00cvss —epss 0.00
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
- CVE-2004-1114Jan 10, 2005risk 0.00cvss —epss 0.06
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
- CVE-2004-1777Dec 31, 2004risk 0.00cvss —epss 0.02
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
- CVE-2004-1778Dec 22, 2004risk 0.00cvss —epss 0.00
Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.