CVEs from 2013
Total
5,684
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5200 | high | — | 7.5 | 13y ago | The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote… | |||
| CVE-2013-5931 | high | — | 7.5 | 13y ago | SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||
| CVE-2013-4182 | high | — | 7.5 | 13y ago | app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | |||
| CVE-2013-5674 | high | — | 7.5 | 13y ago | badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object i… | |||
| CVE-2013-4313 | high | — | 7.5 | 13y ago | Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injec… | |||
| CVE-2013-4809 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitr… | |||
| CVE-2013-2601 | high | — | 7.5 | 13y ago | The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. | |||
| CVE-2013-5723 | high | — | 7.5 | 13y ago | SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||
| CVE-2013-4339 | high | — | 7.5 | 13y ago | WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. | |||
| CVE-2013-4338 | high | — | 7.5 | 13y ago | wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP u… | |||
| CVE-2013-3657 | high | — | 7.5 | 13y ago | Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | |||
| CVE-2013-3602 | high | — | 7.5 | 13y ago | SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter. | |||
| CVE-2013-5671 | high | — | 7.5 | 13y ago | Code injection in dragonfly gem | |||
| CVE-2013-5589 | high | — | 7.5 | 13y ago | SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2013-2247 | high | — | 7.5 | 13y ago | The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers … | |||
| CVE-2013-4219 | high | — | 7.5 | 13y ago | Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or p… | |||
| CVE-2013-1435 | high | — | 7.5 | 13y ago | (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||
| CVE-2013-1434 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-5569 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4701 | high | — | 7.5 | 13y ago | PHP OpenID Library Denial of Service vulnerability | |||
| CVE-2013-2904 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of se… | |||
| CVE-2013-2903 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers t… | |||
| CVE-2013-2902 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly … | |||
| CVE-2013-2901 | high | — | 7.5 | 13y ago | Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.… | |||
| CVE-2013-2900 | high | — | 7.5 | 13y ago | The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace … | |||
| CVE-2013-2887 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2210 | high | — | 7.5 | 13y ago | Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial… | |||
| CVE-2013-2161 | high | — | 7.5 | 13y ago | XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. | |||
| CVE-2013-2156 | high | — | 7.5 | 13y ago | Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote a… | |||
| CVE-2013-2154 | high | — | 7.5 | 13y ago | Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-depend… | |||
| CVE-2013-5322 | high | — | 7.5 | 13y ago | CoolURI extension for TYPO3 vulnerable to SQL Injection | |||
| CVE-2013-5310 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-5306 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-5304 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-5302 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-2127 | high | — | 7.5 | 13y ago | Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vec… | |||
| CVE-2013-2126 | high | — | 7.5 | 13y ago | Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and po… | |||
| CVE-2013-5647 | high | — | 7.5 | 13y ago | Sounder Contains Arbitrary Command Execution Vulnerability | |||
| CVE-2013-4115 | high | — | 7.5 | 13y ago | Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server ter… | |||
| CVE-2013-4742 | high | — | 7.5 | 13y ago | Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. | |||
| CVE-2013-4203 | high | — | 7.5 | 13y ago | rgpg Code Injection vulnerability | |||
| CVE-2013-2220 | high | — | 7.5 | 13y ago | Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code vi… | |||
| CVE-2013-2886 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2885 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly co… | |||
| CVE-2013-2884 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors … | |||
| CVE-2013-2883 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the re… | |||
| CVE-2013-2882 | high | — | 7.5 | 13y ago | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2013-4947 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors. | |||
| CVE-2013-4801 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736. | |||
| CVE-2013-4797 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690. | |||
| CVE-2013-2369 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670. | |||
| CVE-2013-2249 | high | — | 7.5 | 13y ago | mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses… | |||
| CVE-2013-2165 | high | — | 7.5 | 13y ago | Remote code execution due to insecure deserialization | |||
| CVE-2013-4870 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3404 | high | — | 7.5 | 13y ago | SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discove… | |||
| CVE-2013-3779 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2013-3577 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$Te… | |||
| CVE-2013-2351 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vecto… | |||
| CVE-2013-1768 | high | — | 7.5 | 13y ago | Deserialization of Untrusted Data in Apache OpenJPA | |||
| CVE-2013-2880 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2873 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP statu… | |||
| CVE-2013-2871 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2013-2867 | high | — | 7.5 | 13y ago | Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. | |||
| CVE-2013-4748 | high | — | 7.5 | 13y ago | News system (news) extension for TYPO3 vulnerable to SQL Injection | |||
| CVE-2013-4745 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3926 | high | — | 7.5 | 13y ago | Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue,… | |||
| CVE-2013-4733 | high | 7.5 | 7.5 | 13y ago | The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration an… | |||
| CVE-2013-3651 | high | — | 7.5 | 13y ago | LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormPara… | |||
| CVE-2013-4721 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4720 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4719 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-1694 | high | — | 7.5 | 13y ago | The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack … | |||
| CVE-2013-4683 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4682 | high | — | 7.5 | 13y ago | Multishop extension for TYPO3 has SQL Injection vulnerability | |||
| CVE-2013-4681 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4613 | high | — | 7.5 | 13y ago | The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remo… | |||
| CVE-2013-4634 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified v… | |||
| CVE-2013-4622 | high | — | 7.5 | 13y ago | The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within … | |||
| CVE-2013-2461 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middlewa… | |||
| CVE-2013-2442 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, inte… | |||
| CVE-2013-3958 | high | — | 7.5 | 13y ago | The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for … | |||
| CVE-2013-3957 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to e… | |||
| CVE-2013-2865 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2864 | high | — | 7.5 | 13y ago | The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2013-2862 | high | — | 7.5 | 13y ago | Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspeci… | |||
| CVE-2013-2861 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown… | |||
| CVE-2013-2860 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a dat… | |||
| CVE-2013-2859 | high | — | 7.5 | 13y ago | Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | |||
| CVE-2013-2858 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via… | |||
| CVE-2013-2857 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling o… | |||
| CVE-2013-2856 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling o… | |||
| CVE-2013-2854 | high | — | 7.5 | 13y ago | Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly h… | |||
| CVE-2013-3735 | high | 7.5 | 7.5 | 13y ago | The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (mem… | |||
| CVE-2013-2956 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands v… | |||
| CVE-2013-3634 | high | — | 7.5 | 13y ago | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch… | |||
| CVE-2013-2846 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vector… | |||
| CVE-2013-2845 | high | — | 7.5 | 13y ago | The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vector… | |||
| CVE-2013-2844 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified … | |||
| CVE-2013-2843 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2013-2841 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… |