Vulnerabilities > Microsoft > Lync Server > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-15 | CVE-2022-26911 | Unspecified vulnerability in Microsoft Lync Server and Skype for Business Server Skype for Business Information Disclosure Vulnerability | 6.5 |
2021-05-11 | CVE-2021-26421 | Unspecified vulnerability in Microsoft Lync Server and Skype for Business Server Skype for Business and Lync Spoofing Vulnerability | 6.5 |
2021-02-25 | CVE-2021-24099 | Unspecified vulnerability in Microsoft Lync Server and Skype for Business Server Skype for Business and Lync Denial of Service Vulnerability | 6.5 |
2021-02-25 | CVE-2021-24073 | Unspecified vulnerability in Microsoft Lync Server and Skype for Business Server Skype for Business and Lync Spoofing Vulnerability | 6.5 |
2019-04-09 | CVE-2019-0798 | Cross-site Scripting vulnerability in Microsoft Lync Server and Skype FOR Business Server A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'. | 4.3 |
2015-09-09 | CVE-2015-2536 | Cross-site Scripting vulnerability in Microsoft Lync Server and Skype for Business Server Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability." | 4.3 |
2015-09-09 | CVE-2015-2532 | Cross-site Scripting vulnerability in Microsoft Lync Server 2013 Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability." | 4.3 |
2015-09-09 | CVE-2015-2531 | Cross-site Scripting vulnerability in Microsoft Lync Server and Skype for Business Server Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability." | 4.3 |
2014-09-10 | CVE-2014-4071 | Remote Denial of Service vulnerability in Microsoft Lync Server 2013 The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability." <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a> | 5.0 |
2014-09-10 | CVE-2014-4070 | Cross-Site Scripting vulnerability in Microsoft Lync Server 2013 Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability." | 4.3 |