Show filters
85 Total Results
Displaying 21-30 of 85
Sort by:
Attacker Value
Unknown
CVE-2020-1025
Disclosure Date: July 14, 2020 (last updated February 21, 2025)
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
0
Attacker Value
Unknown
CVE-2019-1490
Disclosure Date: December 10, 2019 (last updated November 27, 2024)
A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.
0
Attacker Value
Unknown
CVE-2019-1084
Disclosure Date: July 15, 2019 (last updated November 27, 2024)
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
0
Attacker Value
Unknown
CVE-2019-0932
Disclosure Date: May 16, 2019 (last updated November 27, 2024)
An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.
0
Attacker Value
Unknown
CVE-2019-0798
Disclosure Date: April 09, 2019 (last updated November 27, 2024)
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
0
Attacker Value
Unknown
CVE-2019-0624
Disclosure Date: January 17, 2019 (last updated November 27, 2024)
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
0
Attacker Value
Unknown
CVE-2019-0622
Disclosure Date: January 08, 2019 (last updated November 27, 2024)
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.
0
Attacker Value
Unknown
CVE-2018-8546
Disclosure Date: November 14, 2018 (last updated November 27, 2024)
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
0
Attacker Value
Unknown
CVE-2018-8238
Disclosure Date: July 11, 2018 (last updated November 27, 2024)
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
0
Attacker Value
Unknown
CVE-2018-8311
Disclosure Date: July 11, 2018 (last updated November 27, 2024)
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
0