The VLC is a packet-based media player it plays almost all video content. It can play some, even if they’re damaged, incomplete, or unfinished, such as files that are still downloading via a peer-to-peer (P2P) network. So it is very popular in the IoT Environments especially video streaming in vehicular IoT (VSV-IoT) environments. However security researchers have discovered a serious code execution vulnerability in the LIVE555 streaming media library.

If above vulnerability occurs in your devices, what will be happened?

If the stack buffer is filled with data supplied from an untrusted user then that user can corrupt the stack in such a way as to inject executable code into the running program and take control of the process. As a result this method is able for attacker to gain unauthorized access to a computer.
So your vulnerable IoT device will be involuntary join into the IoT Botnet army. So please be careful.

The vendor released security patches on October 17 (see below):

http://www.live555.com/liveMedia/public/

Remark: RTSP over HTTP tunneling doesn’t mean TCP will be used. As TCP has more overheads than UDP, real time streaming will prefer to use UDP as less traffic will be made.

Background:
Libssh is a library written in C implementing the SSH protocol. It can be used to implement client and server applications.

Vulnerability found on 17th Oct 2018:
By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

Remediation:
libssh 0.8.4 and 0.7.6 security and bugfix release (Refer below url):

Comment: This bug may found earlier than file a CVE record. Cyber World indeed not safe!

https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

The Yammer desktop app is a native client for Mac and Windows with the full functionality of Yammer. Along with streamlined log in and SSO support, the app integrates with native operating system capabilities such as notifications, shortcuts, and launch on startup.
Microsoft announce vulnerability occurs today. But it looks that it is a old bug found 2013.
Should you have interest of the bud details. Attached diagram can provide hints to you for reference.
If you are going to do the remediation, please refer to below url (Official announcement)

CVE-2018-8569 | Yammer Desktop Application Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569

Theoretically, big data analytics is the often complex process of examining large and varied data sets to uncover information including hidden patterns and unknown correlation. Basically it can help organizations make informed business decisions. Since you can use the URL API to send administration, expression, or function requests to the TIBCO web server. Use the URL API for testing the health of the server, rather than for creating web-based applications.

As a result, without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Meanwhile the web server component ( Spotfire Statistics Services) hits multiple vulnerabilities that may allow the remote execution of code. In order to maintain your operation without any interruption. It is suggest to follow the vendor advisory to do the remediation. Below URL for your reference.

https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics