Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 12:16 a.m.8 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 12:16 a.m.5 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:40 p.m.38 views

CVE-2026-54902 Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS0.00253EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 11:40 p.m.6 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS5.7AI score0.00253EPSS
Exploits0
OSV
OSV
added 2026/06/19 8:47 p.m.8 views

GHSA-M578-W5VF-RFCM Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.12 views

Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.7 views

Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:27 p.m.6 views

CVE-2018-12735

SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...

7.5CVSS6.6AI score0.01368EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2024/04/05 9:18 a.m.6 views

saj-journal.org Cross Site Scripting vulnerability OBB-3904883

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/17 10:32 a.m.8 views

fop.saj-electric.com Cross Site Scripting vulnerability OBB-3854101

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CNVD
CNVD
added 2018/06/27 12:0 a.m.5 views

SAJ Solar Inverter Information Disclosure Vulnerability

SAJ Solar Inverter is a solar inverter product from China's Sanjing Electric Company. An information disclosure vulnerability exists in the SAJ Solar Inverter. A remote attacker can exploit this vulnerability by sending a direct request to the inverterinfo.htm or Englishmain.htm URIs to obtain...

7.5CVSS7.2AI score0.01368EPSS
Exploits0References1
Prion
Prion
added 2018/06/25 4:29 p.m.15 views

Information disclosure

SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...

5CVSS7.3AI score0.01368EPSS
Exploits0References1
NVD
NVD
added 2018/06/25 4:29 p.m.14 views

CVE-2018-12735

SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...

7.5CVSS7.4AI score0.01368EPSS
Exploits0References1
CVE
CVE
added 2018/06/25 4:0 p.m.42 views

CVE-2018-12735

SAJ Solar Inverter information disclosure vulnerability (CVE-2018-12735) allows remote attackers to obtain potentially sensitive information by issuing direct requests to inverter_info.htm or English_main.htm. Affected product is the SAJ Solar Inverter; the issue arises from exposing sensitive da...

7.5CVSS7.3AI score0.01368EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/25 4:0 p.m.18 views

CVE-2018-12735

SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...

7.4AI score0.01368EPSS
Exploits0References1
seebug.org
seebug.org
added 2018/06/25 12:0 a.m.36 views

SAJ Solar Inverter Information Disclosure

...

1AI score
Exploits0
Rows per page
Query Builder