VIR Vulnerability Intelligence Relay

Search

Found 32,725 results in 2090ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44713 high 8.8 8.8 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so…
CVE-2026-44712 high 8.2 8.2 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is…
CVE-2026-44711 high 7.9 7.9 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption…
CVE-2026-44709 high 7.8 7.8 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly withou…
CVE-2026-9208 high 8.8 8.8 8d ago Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-8361 high 7.5 7.5 8d ago A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
CVE-2026-8360 high 7.5 7.5 8d ago Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into th…
CVE-2026-8359 high 7.5 7.5 8d ago When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would b…
CVE-2026-48064 high 8.1 8.1 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display manage…
CVE-2026-47272 high 7.1 7.1 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() function in src/pad.c only verified that the user-side pad (~/.pamusb/device.…
CVE-2026-44982 high 8.0 8d ago CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
CVE-2026-44726 high 8.0 8d ago Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
CVE-2026-45108 high 8.4 8.4 sles 8d ago Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Autho…
CVE-2026-45104 high 7.5 7.5 FIX debian debian osgeo 8d ago MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFil…
CVE-2026-42197 high 8.7 8.7 8d ago RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execut…
CVE-2026-44635 high 7.5 7.5 8d ago Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlle…
CVE-2026-45617 high 8.0 8d ago LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
CVE-2026-4868 high 8.2 8.2 gitlab 8d ago GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authent…
CVE-2026-45368 high 8.0 8d ago Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend
CVE-2026-45088 high 7.5 7.5 8d ago Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`
CVE-2026-45357 high 8.0 8d ago LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
CVE-2026-45089 high 8.2 8.2 8d ago Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option
CVE-2026-45090 high 7.5 7.5 8d ago Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both wri…
CVE-2026-42553 high 8.0 8d ago Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien…
CVE-2026-5509 high 7.2 7.2 tp-link 8d ago An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interf…
CVE-2026-44346 high 8.8 8.8 bentoml 8d ago BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n…
CVE-2026-45260 high 8.0 8d ago Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
CVE-2026-45548 high 7.7 7.7 8d ago Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
CVE-2026-45715 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, …
CVE-2026-45716 high 8.8 8.8 8d ago Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration
CVE-2026-45717 high 8.8 8.8 8d ago Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter…
CVE-2026-46426 high 7.6 7.6 8d ago Budibase: Unrestricted Upload of File with Dangerous Type
CVE-2026-46427 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D…
CVE-2026-48146 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.…
CVE-2026-48149 high 8.1 8.1 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/…
CVE-2026-48151 high 7.5 7.5 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for…
CVE-2026-45162 high 8.0 8d ago Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
CVE-2026-48152 high 8.1 8.1 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific owner…
CVE-2026-48153 high 8.5 8.5 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check th…
CVE-2026-45061 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A…
CVE-2026-44460 high 7.4 7.4 8d ago FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the passwo…
CVE-2026-45047 high 7.5 7.5 8d ago bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&…
CVE-2026-44378 high 7.5 7.5 FIX debian debian sles botan_project 8d ago Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such …
CVE-2026-42081 high 7.1 7.1 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against it…
CVE-2026-42083 high 8.2 8.2 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and dis…
CVE-2026-42459 high 7.5 7.5 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Da…
CVE-2026-44316 high 7.5 7.5 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointe…
CVE-2026-44319 high 7.5 7.5 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNo…
CVE-2026-44320 high 7.3 7.3 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbi…
CVE-2026-44321 high 7.5 7.5 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks c…
CVE-2026-44322 high 7.5 7.5 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a n…
CVE-2026-44325 high 7.5 7.5 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in N…
CVE-2026-44328 high 8.2 8.2 free5gc 8d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi…
CVE-2026-44483 high 8.2 8.2 8d ago RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming …
CVE-2026-44473 high 7.1 7.1 8d ago Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does…
CVE-2026-44474 low 3.7 3.7 8d ago Ella Core has handover failures during concurrent Security Mode Command
CVE-2026-42790 high 8.1 8.1 FIX slesdebian debianwindows windows erlang 8d ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verific…
CVE-2026-44838 high 8.1 8.1 FIX slesdebian debian broadcom 8d ago RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrat…
CVE-2026-45022 high 7.5 7.5 FIX debian debian go-git_project 8d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit o…
CVE-2026-49046 high 8.5 8.5 8d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Pa…
CVE-2026-44902 high 7.5 7.5 8d ago opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics en…
CVE-2026-44971 high 8.2 8.2 8d ago GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac…
CVE-2026-42280 high 7.1 7.1 auth0 8d ago Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token…
CVE-2026-48544 high 7.5 7.5 8d ago Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to es…
CVE-2026-42184 high 8.8 8.8 tauri 8d ago Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
CVE-2026-44988 high 8.8 8.8 FIX slesdebian debian 8d ago LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but…
CVE-2026-48922 high 7.5 7.5 jenkins 8d ago Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to w…
CVE-2026-48921 high 7.5 7.5 jenkins 8d ago Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a…
CVE-2026-48920 high 8.8 8.8 jenkins 8d ago Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c…
CVE-2026-7365 high 7.8 7.8 ibm 8d ago IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w…
CVE-2026-9617 high 8.8 8.8 dalibo 9d ago PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
CVE-2024-56462 high 7.2 7.2 9d ago IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating syste…
CVE-2026-8180 high 7.5 7.5 9d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-48972 high 7.5 7.5 9d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects…
CVE-2026-8179 high 8.8 8.8 9d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-7528 high 7.5 7.5 langflow 9d ago IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
CVE-2026-6938 high 7.5 7.5 linux-kernel ibm 9d ago IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
CVE-2026-6052 high 7.5 7.5 linux-kernel ibm 9d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
CVE-2026-6051 high 7.5 7.5 linux-kernel ibm 9d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
CVE-2026-46102 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly ti…
CVE-2026-46100 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users t…
CVE-2026-46099 high 8.1 8.1 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6_input_core() and rpl_input() call ip6_route_input() which sets a NORE…
CVE-2026-46093 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_l…
CVE-2026-46090 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback start…
CVE-2026-46085 high 7.5 7.5 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM er…
CVE-2026-46081 high 7.8 7.8 FIX slesdebian debian 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_re…
CVE-2026-46078 high 7.1 7.1 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but th…
CVE-2026-46076 high 7.9 7.9 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 doe…
CVE-2026-46070 high 7.1 7.1 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_…
CVE-2026-46065 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_sta…
CVE-2026-46062 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` …
CVE-2026-46058 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_releas…
CVE-2026-46056 high 8.8 8.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in …
CVE-2026-46055 high 7.1 7.1 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdra…
CVE-2026-46054 high 7.1 7.1 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access i…
CVE-2026-46053 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error __rds_rdma_map() hands sg/pages ownership to the transport after get_mr() succeeds. If cop…
CVE-2026-46052 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are unhashed Ceph can call d_add(dentry, NULL) on a negative dentry that is alread…
CVE-2026-5065 high 8.8 8.8 ibm 9d ago IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to…
CVE-2026-46037 high 8.2 8.2 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmp_pointers Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply typ…
CVE-2026-46036 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex vfio_cdx_set_msi_trigger() reads vdev->config_msi and operates o…