Skype
This hub aggregates every CVE we track for Skype, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
16
CVEs tracked
3
Critical
7
High
0
In CISA KEV
Severity distribution
HIGH7MEDIUM4CRITICAL3LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Skype.
- CVE-2024-21411Skype for Consumer Remote Code Execution Vulnerability8.8
- CVE-2020-24003Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera acces...3.3
- CVE-2019-0932An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.5.9
- CVE-2019-0624A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.5.4
- CVE-2019-0622An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This a...4.6
- CVE-2018-8546A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync...5.9
- CVE-2018-8238A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vul...7.8
- CVE-2018-8311A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skyp...8.8
- CVE-2018-0595Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.7.8
- CVE-2018-0594Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.7.8
- CVE-2017-9948A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.8.8
- CVE-2017-6517Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way ....9.8
- CVE-2016-5720Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3)...7.8
- CVE-2005-3265Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due t...9.3
- CVE-2005-3267Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash...10.0
Product normalization is registry-driven with AI assist and human review. How it works