The Yammer desktop app is a native client for Mac and Windows with the full functionality of Yammer. Along with streamlined log in and SSO support, the app integrates with native operating system capabilities such as notifications, shortcuts, and launch on startup.
Microsoft announce vulnerability occurs today. But it looks that it is a old bug found 2013.
Should you have interest of the bud details. Attached diagram can provide hints to you for reference.
If you are going to do the remediation, please refer to below url (Official announcement)

CVE-2018-8569 | Yammer Desktop Application Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569

Theoretically, big data analytics is the often complex process of examining large and varied data sets to uncover information including hidden patterns and unknown correlation. Basically it can help organizations make informed business decisions. Since you can use the URL API to send administration, expression, or function requests to the TIBCO web server. Use the URL API for testing the health of the server, rather than for creating web-based applications.

As a result, without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Meanwhile the web server component ( Spotfire Statistics Services) hits multiple vulnerabilities that may allow the remote execution of code. In order to maintain your operation without any interruption. It is suggest to follow the vendor advisory to do the remediation. Below URL for your reference.

https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics

Sometimes, vulnerabilities open to public but the response of vendor not as expected efficiency. Still remember that a announcement issued by US Cert on 6th Oct 2018. The details shown that the electronic manufacture product by Auto-Maskin has encountered four different vulnerabilities. Perhaps the remediation not release from manufacture in the moment because the firmware image store in the download repository is not recently.

Should you have interest in above topic? Below details are the vendor homepage and vulnerability notes articles for your reference.

Vulnerability Notes – Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App  https://www.kb.cert.org/vuls/id/176301

Vendor Home page https://www.auto-maskin.com/news

Junos OS is the FreeBSD-based operating system used in Juniper Networks routing, switching and security devices. Starting in Junos OS Release 16.1, It did not maintain the SDK programming function. But  alternative feature provides a rich set of APIs to program the Junos OS control plane. JET allows users to build applications on top of Junos OS and hence, replaces the legacy Junos SDK.

From security point of view, it is a good decision. Although the new approach will be reduced potential risk given by custom SDK development. However it is hard to avoid vulnerability occurs in product itself!

For more details, please see below details for reference.

https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES&cat=SIRT_1&&actp=&sort=datemodified&dir=descending&max=1000&batch=15&rss=true&itData.offset=15

When my dreams end, as dream always do. Seems cyber technology world similar. Microsoft Patch Tuesday just released. It lure my interest of Microsoft Exchange Server design limitation. The Microsoft Foundation Class Library design weakness may let Microsfot headache. As a matter of fact, C and C++ programming products encountered overflow attack so far. The notorious case is OpenSSL “heartbleed” buffer overflow. OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. However such design contains fundamental weakness and mentioned.  Should you have interest of this matter. Please refer to following url – https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2010-3190

Apart from that, you are able to walkthrough the Patch Tuesday Release Notes (October 2018 Security Updates)

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/aa99ba28-e99f-e811-a978-000d3a33c573

Security update deployment information: October 9, 2018

https://support.microsoft.com/en-us/help/20181009/security-update-deployment-information-october-9-2018

From security point of view, it is not recommend deploy single sign-on authentication. A single user ID with single password manage multiple system increase the risk in proportion . Perhaps this factor ignore by modern business world. And therefore SAML single sign on is popular today.

VMware has released a security update to address a vulnerability in AirWatch Console. An attacker could exploit this vulnerability to take control of an affected system. Below URL provided by vendor in order to resolve SAML authentication bypass vulnerability in VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console).

https://www.vmware.com/security/advisories/VMSA-2018-0024.html

A vulnerability occurs in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. Exploit this vulnerability to obtain sensitive information.

For more detail, please refer to attached diagram.

Official URL shown as below:

http://mail-archives.us.apache.org/mod_mbox/www-announce/201810.mbox/%3C4cf697b0-db03-9eab-f2aa-54c2026d0e88@apache.org%3E