#microsoft

By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 (released September 8th 2021).

Apple Security Advisory 2021-10-26-11 - tvOS 15 addresses bypass, code execution, denial of service, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2021-10-26-10 - watchOS 8 addresses bypass, code execution, denial of service, out of bounds read, and use-after-free vulnerabilities.

Virus.Win32.Ipamor.c malware suffers from an unauthenticated remote system reboot vulnerability.

Backdoor.Win32.Antilam.14.o malware suffers from an unauthenticated remote command execution vulnerability.

Apple Security Advisory 2021-10-26-9 - iOS 15 and iPadOS 15 addresses code execution, denial of service, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2021-10-26-8 - Safari 15 addresses bypass, code execution, and use-after-free vulnerabilities.

HEUR.Backdoor.Win32.Generic malware suffers from an unauthenticated open proxy vulnerability.

Backdoor.Win32.Mazben.es malware suffers from an unauthenticated open proxy vulnerability.

Hostel Management System version 2.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Kokn3t in October of 2020.