17 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54902
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The...
CVE-2026-54902
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...
CVE-2026-54898
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...
CVE-2026-54902 Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...
CVE-2026-54902
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...
GHSA-M578-W5VF-RFCM Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...
Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...
CVE-2018-12735
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...
saj-journal.org Cross Site Scripting vulnerability OBB-3904883
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
fop.saj-electric.com Cross Site Scripting vulnerability OBB-3854101
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SAJ Solar Inverter Information Disclosure Vulnerability
SAJ Solar Inverter is a solar inverter product from China's Sanjing Electric Company. An information disclosure vulnerability exists in the SAJ Solar Inverter. A remote attacker can exploit this vulnerability by sending a direct request to the inverterinfo.htm or Englishmain.htm URIs to obtain...
Information disclosure
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...
CVE-2018-12735
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...
CVE-2018-12735
SAJ Solar Inverter information disclosure vulnerability (CVE-2018-12735) allows remote attackers to obtain potentially sensitive information by issuing direct requests to inverter_info.htm or English_main.htm. Affected product is the SAJ Solar Inverter; the issue arises from exposing sensitive da...
CVE-2018-12735
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...
SAJ Solar Inverter Information Disclosure
...