Every CVE whose affected-product data names Microsoft Lync Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2013-1302 — CVSS 9.3 (critical): Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows…
CVE-2019-0798 — CVSS 6.1 (medium): A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka…
CVE-2019-1029 — CVSS 5.9 (medium): A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype…
CVE-2014-4068 — CVSS 5.0 (medium): The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle…
CVE-2014-4071 — CVSS 5.0 (medium): The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang)…
CVE-2015-2536 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject…
CVE-2015-2532 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a…
CVE-2014-1823 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to…
CVE-2015-2531 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows…
CVE-2014-4070 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject…