22 matches found
GO-2026-4967 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...
PT-2026-42371
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...
CVE-2026-42072
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...
CVE-2026-42072
NornicDB suffers an improper network binding in the Bolt server: the Bolt listener binds to all interfaces because Bolt’s config lacked a host field, so using --address defaults to an empty host. This causes exposure of the Bolt port (default admin:password) on the LAN, enabling unauthorized remo...
CVE-2026-42072
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...
EUVD-2026-28808
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...
CVE-2026-42072 Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access
Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...
GHSA-2HP7-65R3-WV54 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access
Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...
PT-2026-37166
Name of the Vulnerable Software and Affected Versions Nornicdb versions prior to 1.0.42-hotfix Description The Bolt listener always binds to the wildcard address all interfaces, regardless of the user configuration. This occurs because the --address CLI flag, the NORNICDB ADDRESS environment...
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
EUVD-2021-13795
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-27022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should...
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
Design/Logic Flaw
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
UBUNTU-CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...