Security Vulnerabilities, CVEs, Published In August 2015 CVSS score >= 7
CVE-2015-6522
Public exploit
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
Max CVSS
7.5
EPSS Score
97.06%
Published
2015-08-19
Updated
2016-12-09
CVE-2015-3760
Public exploit
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.05%
Published
2015-08-16
Updated
2017-09-21
CVE-2015-3246
Public exploit
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-08-11
Updated
2018-05-20
CVE-2015-1489
Public exploit
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
Max CVSS
8.5
EPSS Score
40.57%
Published
2015-08-01
Updated
2017-09-21
CVE-2015-1486
Public exploit
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
Max CVSS
7.5
EPSS Score
61.62%
Published
2015-08-01
Updated
2017-09-21
CVE-2015-1171
Public exploit
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
Max CVSS
10.0
EPSS Score
67.23%
Published
2015-08-28
Updated
2015-08-31
6 vulnerabilities found