#ExploitObserverAlert
CVE-2013-3896
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2013-3896. Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
FIRST-EPSS: 0.161250000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2013-3896
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2013-3896. Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
FIRST-EPSS: 0.161250000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2023-33246
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2023-33246. For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
FIRST-EPSS: 0.971220000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-33246
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2023-33246. For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
FIRST-EPSS: 0.971220000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-4430
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-4430. IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
FIRST-EPSS: 0.958020000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2020-4430
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-4430. IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
FIRST-EPSS: 0.958020000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2010-0232
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2010-0232. The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the
CVE-2010-0232
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2010-0232. The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the
#ExploitObserverAlert
CVE-2017-6744
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2017-6744. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload. Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. There are workarounds that address these vulnerabilities.
FIRST-EPSS: 0.006270000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-6744
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2017-6744. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload. Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. There are workarounds that address these vulnerabilities.
FIRST-EPSS: 0.006270000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-0180
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2018-0180. Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.
FIRST-EPSS: 0.001610000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2018-0180
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2018-0180. Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.
FIRST-EPSS: 0.001610000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2020-0674
DESCRIPTION: Exploit Observer has 35 entries related to CVE-2020-0674. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
FIRST-EPSS: 0.974230000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2020-0674
DESCRIPTION: Exploit Observer has 35 entries related to CVE-2020-0674. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
FIRST-EPSS: 0.974230000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2013-2551
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2013-2551. Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
FIRST-EPSS: 0.972200000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2013-2551
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2013-2551. Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
FIRST-EPSS: 0.972200000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-21017
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-21017. Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
FIRST-EPSS: 0.632040000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-21017
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-21017. Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
FIRST-EPSS: 0.632040000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-2506
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-2506. The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
FIRST-EPSS: 0.007320000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-2506
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-2506. The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
FIRST-EPSS: 0.007320000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-0920
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-0920. In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 0.5
CVE-2021-0920
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-0920. In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 0.5
#ExploitObserverAlert
CVE-2021-27562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-27562. In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
FIRST-EPSS: 0.958430000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2021-27562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-27562. In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
FIRST-EPSS: 0.958430000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-12240
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2017-12240. The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.
FIRST-EPSS: 0.051780000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-12240
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2017-12240. The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.
FIRST-EPSS: 0.051780000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-8193
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2020-8193. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
FIRST-EPSS: 0.939810000
NVD-IS: 2.5
NVD-ES: 3.9
CVE-2020-8193
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2020-8193. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
FIRST-EPSS: 0.939810000
NVD-IS: 2.5
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-7450
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2015-7450. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
FIRST-EPSS: 0.973900000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2015-7450
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2015-7450. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
FIRST-EPSS: 0.973900000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-21971
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2022-21971. Windows Runtime Remote Code Execution Vulnerability
FIRST-EPSS: 0.499470000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-21971
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2022-21971. Windows Runtime Remote Code Execution Vulnerability
FIRST-EPSS: 0.499470000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-36563
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-36563. Microsoft WordPad Information Disclosure Vulnerability
FIRST-EPSS: 0.003320000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-36563
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-36563. Microsoft WordPad Information Disclosure Vulnerability
FIRST-EPSS: 0.003320000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-44515
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-44515. Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
FIRST-EPSS: 0.972970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-44515
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-44515. Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
FIRST-EPSS: 0.972970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-0159
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-0159. A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.
FIRST-EPSS: 0.003030000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2018-0159
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-0159. A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.
FIRST-EPSS: 0.003030000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-0802
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2018-0802. Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
FIRST-EPSS: 0.972110000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-0802
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2018-0802. Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
FIRST-EPSS: 0.972110000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-0808
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2019-0808. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
FIRST-EPSS: 0.000510000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-0808
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2019-0808. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
FIRST-EPSS: 0.000510000
NVD-IS: 5.9
NVD-ES: 1.8