zeek -- information leak vulnerability

Tim Wojtulewicz of Corelight reports: The KRB analyzer can leak information about hosts in analyzed traffic via external DNS lookups...

The vulnerability of the External Lookups technology in the Splunk Enterprise platform for operational analysis allows a malicious actor to escalate their privileges and execute arbitrary commands.

The vulnerability of Splunk Enterprise’s External Lookups technology relates to the improper elimination of certain elements used in the operating system’s command set. This occurs due to the use of data models for detecting unauthorized searches called SearchActivity. Exploiting this vulnerabili...

Splunk 访问控制错误漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

CVE-2023-26438

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use TOCTOU weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could...