cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2022-33633,https://securityvulnerability.io/vulnerability/CVE-2022-33633,Skype for Business and Lync Remote Code Execution Vulnerability,Skype for Business and Lync Remote Code Execution Vulnerability,Microsoft,"Microsoft Lync Server 2013 Cu10,Skype For Business Server 2015 Cu12,Skype For Business Server 2019 Cu6",7.2,HIGH,0.04531000182032585,false,false,false,false,,false,false,2022-07-12T23:15:00.000Z,0 CVE-2022-26911,https://securityvulnerability.io/vulnerability/CVE-2022-26911,Skype for Business Information Disclosure Vulnerability,Skype for Business Information Disclosure Vulnerability,Microsoft,"Microsoft Lync Server 2013 Cu10,Skype For Business Server 2015 Cu12,Skype For Business Server 2019 Cu6",6.5,MEDIUM,0.0006900000153109431,false,false,false,false,,false,false,2022-04-15T19:05:48.000Z,0 CVE-2021-26422,https://securityvulnerability.io/vulnerability/CVE-2021-26422,Skype for Business and Lync Remote Code Execution Vulnerability,Skype for Business and Lync Remote Code Execution Vulnerability,Microsoft,"Microsoft Lync Server 2013 Cu10,Skype For Business Server 2019 Cu5,Skype For Business Server 2015 Cu11",7.2,HIGH,0.01874000020325184,false,false,false,false,,false,false,2021-05-11T19:11:13.000Z,0 CVE-2021-26421,https://securityvulnerability.io/vulnerability/CVE-2021-26421,Skype for Business and Lync Spoofing Vulnerability,Skype for Business and Lync Spoofing Vulnerability,Microsoft,"Skype For Business Server 2015 Cu11,Microsoft Lync Server 2013 Cu10",6.5,MEDIUM,0.001769999973475933,false,false,false,false,,false,false,2021-05-11T19:11:12.000Z,0 CVE-2021-24099,https://securityvulnerability.io/vulnerability/CVE-2021-24099,Skype for Business and Lync Denial of Service Vulnerability,Skype for Business and Lync Denial of Service Vulnerability,Microsoft,"Skype For Business Server 2019 Cu2,Skype For Business Server 2015 Cu 8,Microsoft Lync Server 2013",6.5,MEDIUM,0.002420000033453107,false,false,false,false,,false,false,2021-02-25T23:01:51.000Z,0 CVE-2021-24073,https://securityvulnerability.io/vulnerability/CVE-2021-24073,Skype for Business and Lync Spoofing Vulnerability,Skype for Business and Lync Spoofing Vulnerability,Microsoft,"Skype For Business Server 2015 Cu 8,Microsoft Lync Server 2013",6.5,MEDIUM,0.001769999973475933,false,false,false,false,,false,false,2021-02-25T23:01:37.000Z,0 CVE-2020-1025,https://securityvulnerability.io/vulnerability/CVE-2020-1025,Microsoft Office Elevation of Privilege Vulnerability,"An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens. ",Microsoft,"Skype For Business Server 2019 Cu2,Skype For Business Server 2015 Cu 8,Microsoft Lync Server 2013,Microsoft Sharepoint Enterprise Server 2016,Microsoft Sharepoint Server 2019,Microsoft Sharepoint Foundation 2013 Service Pack 1",9.8,CRITICAL,0.004209999926388264,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0 CVE-2019-1209,https://securityvulnerability.io/vulnerability/CVE-2019-1209,,"An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.",Microsoft,Microsoft Lync Server,6.5,MEDIUM,0.03265000134706497,false,false,false,false,,false,false,2019-09-11T21:24:57.000Z,0 CVE-2019-1084,https://securityvulnerability.io/vulnerability/CVE-2019-1084,,"An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.",Microsoft,"Microsoft Exchange Server,Microsoft Outlook,Microsoft Office,Microsoft Lync,Microsoft Lync Basic,Microsoft Outlook For Android,Skype For Business,Skype For Business Basic,Office 365 Proplus,Microsoft Exchange Server 2016,Microsoft Exchange Server 2019,Microsoft Exchange Server 2013,Mail And Calendar,Outlook For iOS",6.5,MEDIUM,0.0025100000202655792,false,false,false,false,,false,false,2019-07-15T18:56:21.000Z,0 CVE-2019-1029,https://securityvulnerability.io/vulnerability/CVE-2019-1029,,"A denial of service vulnerability exists in Skype for Business, aka 'Skype for Business and Lync Server Denial of Service Vulnerability'.",Microsoft,Microsoft Lync Server,5.9,MEDIUM,0.0022499999031424522,false,false,false,false,,false,false,2019-06-12T13:49:40.000Z,0 CVE-2019-0798,https://securityvulnerability.io/vulnerability/CVE-2019-0798,,"A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.",Microsoft,"Skype For Business Server 2015,Microsoft Lync Server 2013",6.1,MEDIUM,0.0014299999456852674,false,false,false,false,,false,false,2019-04-09T02:33:50.000Z,0 CVE-2018-8546,https://securityvulnerability.io/vulnerability/CVE-2018-8546,,"A denial of service vulnerability exists in Skype for Business, aka ""Microsoft Skype for Business Denial of Service Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.",Microsoft,"Skype,Microsoft Office,Office,Microsoft Lync",5.9,MEDIUM,0.007269999943673611,false,false,false,false,,false,false,2018-11-14T01:00:00.000Z,0 CVE-2018-8474,https://securityvulnerability.io/vulnerability/CVE-2018-8474,,"A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka ""Lync for Mac 2011 Security Feature Bypass Vulnerability."" This affects Microsoft Lync.",Microsoft,Microsoft Lync,7.5,HIGH,0.11665000021457672,false,false,false,false,,false,false,2018-09-13T00:00:00.000Z,0 CVE-2018-8311,https://securityvulnerability.io/vulnerability/CVE-2018-8311,,"A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka ""Remote Code Execution Vulnerability in Skype For Business and Lync."" This affects Skype, Microsoft Lync.",Microsoft,"Skype,Microsoft Lync",8.8,HIGH,0.5068699717521667,false,false,false,false,,false,false,2018-07-11T00:00:00.000Z,0 CVE-2018-8238,https://securityvulnerability.io/vulnerability/CVE-2018-8238,,"A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka ""Skype for Business and Lync Security Feature Bypass Vulnerability."" This affects Skype, Microsoft Lync.",Microsoft,"Skype,Microsoft Lync",7.8,HIGH,0.00279000005684793,false,false,false,false,,false,false,2018-07-11T00:00:00.000Z,0 CVE-2017-8696,https://securityvulnerability.io/vulnerability/CVE-2017-8696,,"Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka ""Microsoft Graphics Component Remote Code Execution.""",Microsoft,"Office 2010,Live Meeting,Lync,Windows 7,Office Web Apps,Windows Server 2008,Office Word Viewer,Skype For Business,Office 2007",7.5,HIGH,0.7000899910926819,false,false,false,false,,false,false,2017-09-13T01:00:00.000Z,0 CVE-2017-0129,https://securityvulnerability.io/vulnerability/CVE-2017-0129,,"Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka ""Microsoft Lync for Mac Certificate Validation Vulnerability.""",Microsoft,Lync For Mac,7.5,HIGH,0.043529998511075974,false,false,false,false,,false,false,2017-03-17T00:00:00.000Z,0 CVE-2016-3209,https://securityvulnerability.io/vulnerability/CVE-2016-3209,,"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""True Type Font Parsing Information Disclosure Vulnerability.""",Microsoft,"Word Viewer,.net Framework,Live Meeting,Windows Server 2012,Lync,Office,Windows 10,Windows 8.1,Windows Server 2008,Silverlight,Skype For Business,Windows 7,Windows Rt 8.1,Windows Vista",5.5,MEDIUM,0.015790000557899475,false,false,false,false,,false,false,2016-10-14T01:00:00.000Z,0 CVE-2016-7182,https://securityvulnerability.io/vulnerability/CVE-2016-7182,,"The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka ""True Type Font Parsing Elevation of Privilege Vulnerability.""",Microsoft,"Word Viewer,Live Meeting,Windows Server 2012,Lync,Office,Windows 10,Windows 8.1,Windows Server 2008,Skype For Business,Windows 7,Windows Rt 8.1,Windows Vista",9.8,CRITICAL,0.020330000668764114,false,false,false,false,,false,false,2016-10-14T01:00:00.000Z,0 CVE-2016-3396,https://securityvulnerability.io/vulnerability/CVE-2016-3396,,"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""GDI+ Remote Code Execution Vulnerability.""",Microsoft,"Word Viewer,Live Meeting,Windows Server 2012,Lync,Office,Windows 10,Windows 8.1,Windows Server 2008,Skype For Business,Windows 7,Windows Rt 8.1,Windows Vista",7.8,HIGH,0.23093000054359436,false,false,false,false,,false,false,2016-10-14T01:00:00.000Z,0 CVE-2016-3263,https://securityvulnerability.io/vulnerability/CVE-2016-3263,,"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""GDI+ Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-3262.",Microsoft,"Word Viewer,Live Meeting,Windows Server 2012,Lync,Office,Windows 10,Windows 8.1,Windows Server 2008,Skype For Business,Windows 7,Windows Rt 8.1,Windows Vista",5.5,MEDIUM,0.48535001277923584,false,false,false,false,,false,false,2016-10-14T01:00:00.000Z,0 CVE-2016-3262,https://securityvulnerability.io/vulnerability/CVE-2016-3262,,"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""GDI+ Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-3263.",Microsoft,"Word Viewer,Live Meeting,Windows Server 2012,Lync,Office,Windows 10,Windows 8.1,Windows Server 2008,Skype For Business,Windows 7,Windows Rt 8.1,Windows Vista",5.5,MEDIUM,0.48535001277923584,false,false,false,false,,false,false,2016-10-14T01:00:00.000Z,0 CVE-2016-3301,https://securityvulnerability.io/vulnerability/CVE-2016-3301,,"The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""Windows Graphics Component RCE Vulnerability.""",Microsoft,"Windows Rt 8.1,Live Meeting,Windows Server 2012,Lync,Office,Windows 7,Windows 10,Windows 8.1,Skype For Business,Windows Server 2008,Word Viewer,Windows Vista",7.8,HIGH,0.2978399991989136,false,false,false,false,,false,false,2016-08-09T21:00:00.000Z,0 CVE-2016-3304,https://securityvulnerability.io/vulnerability/CVE-2016-3304,,"The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""Windows Graphics Component RCE Vulnerability,"" a different vulnerability than CVE-2016-3303.",Microsoft,"Live Meeting,Lync,Office,Windows 7,Skype For Business,Windows Server 2008,Word Viewer,Windows Vista",7.8,HIGH,0.2978399991989136,false,false,false,false,,false,false,2016-08-09T21:00:00.000Z,0 CVE-2016-3303,https://securityvulnerability.io/vulnerability/CVE-2016-3303,,"The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""Windows Graphics Component RCE Vulnerability,"" a different vulnerability than CVE-2016-3304.",Microsoft,"Live Meeting,Lync,Office,Windows 7,Skype For Business,Windows Server 2008,Word Viewer,Windows Vista",7.8,HIGH,0.2978399991989136,false,false,false,false,,false,false,2016-08-09T21:00:00.000Z,0