Launchpad.net

Launchpad CVE tracker

Search CVEs
175 of 138836 results
CVE-2018-9518 (Candidate)
In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-9538 (Candidate)
In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-9549 (Candidate)
In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-9550 (Candidate)
In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-9551 (Candidate)
In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-9552 (Candidate)
In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-9553 (Candidate)
In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-9554 (Candidate)
In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654.
Created on 2018-04-06 and modified 12 hours ago.

CVE-2018-7080 (Candidate)
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.
Created on 2018-02-16 and modified 12 hours ago.

CVE-2018-5800 (Candidate)
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5801 (Candidate)
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5802 (Candidate)
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5805 (Candidate)
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5806 (Candidate)
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5807 (Candidate)
An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5810 (Candidate)
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5811 (Candidate)
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5812 (Candidate)
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5813 (Candidate)
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5815 (Candidate)
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-5816 (Candidate)
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).
Created on 2018-01-20 and modified 12 hours ago.

CVE-2018-19971 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19972 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19973 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19974 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19975 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19976 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19977 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19978 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19979 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19980 (Candidate)
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19981 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19982 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19983 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 12 hours ago and modified 12 hours ago.

CVE-2018-19296 (Candidate)
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
Created on 2018-11-16 and modified 12 hours ago.

CVE-2018-19001 (Candidate)
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.
Created on 2018-11-07 and modified 12 hours ago.

CVE-2018-18311 (Candidate)
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Created on 2018-10-15 and modified 12 hours ago.

CVE-2018-18313 (Candidate)
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Created on 2018-10-15 and modified 12 hours ago.

CVE-2018-18314 (Candidate)
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Created on 2018-10-15 and modified 12 hours ago.

CVE-2018-17924 (Candidate)
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.
Created on 2018-10-03 and modified 12 hours ago.

CVE-2018-15362 (Candidate)
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0
Created on 2018-08-16 and modified 12 hours ago.

CVE-2018-11905 (Candidate)
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.
Created on 2018-06-08 and modified 12 hours ago.

CVE-2017-16909 (Candidate)
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
Created on 2017-11-21 and modified 12 hours ago.

CVE-2017-16910 (Candidate)
An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
Created on 2017-11-21 and modified 12 hours ago.

CVE-2018-9517 (Candidate)
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9519 (Candidate)
In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9547 (Candidate)
In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9548 (Candidate)
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9565 (Candidate)
In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9567 (Candidate)
On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9569 (Candidate)
In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9570 (Candidate)
In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9571 (Candidate)
In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9572 (Candidate)
In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116224432.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9573 (Candidate)
In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9574 (Candidate)
In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9575 (Candidate)
In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9576 (Candidate)
In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9577 (Candidate)
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-9578 (Candidate)
In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928.
Created on 2018-04-06 and modified on 2018-12-08.

CVE-2018-7364 (Candidate)
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Orange branch are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
Created on 2018-02-23 and modified on 2018-12-08.

CVE-2018-6755 (Candidate)
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Created on 2018-02-07 and modified on 2018-12-08.

CVE-2018-7063 (Candidate)
In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts.
Created on 2018-02-16 and modified on 2018-12-08.

CVE-2018-7065 (Candidate)
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
Created on 2018-02-16 and modified on 2018-12-08.

CVE-2018-7066 (Candidate)
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.
Created on 2018-02-16 and modified on 2018-12-08.

CVE-2018-7067 (Candidate)
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
Created on 2018-02-16 and modified on 2018-12-08.

CVE-2018-7079 (Candidate)
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
Created on 2018-02-16 and modified on 2018-12-08.

CVE-2018-5804 (Candidate)
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
Created on 2018-01-20 and modified on 2018-12-08.

CVE-2018-5808 (Candidate)
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Created on 2018-01-20 and modified on 2018-12-08.

CVE-2018-5809 (Candidate)
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Created on 2018-01-20 and modified on 2018-12-08.

CVE-2018-5407 (Candidate)
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Created on 2018-01-13 and modified on 2018-12-08.

CVE-2018-19788 (Candidate)
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Created on 2018-12-03 and modified on 2018-12-08.

CVE-2018-19824 (Candidate)
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
Created on 2018-12-04 and modified on 2018-12-08.

CVE-2018-19840 (Candidate)
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Created on 2018-12-04 and modified on 2018-12-08.

CVE-2018-19841 (Candidate)
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Created on 2018-12-04 and modified on 2018-12-08.

175 of 138836 results
Launchpad includes full support for the CVE framework. We update the Launchpad CVE database daily to ensure it includes details of all known vulnerabilities.