CVE List - 2018 / January
Showing 601 - 700 of 1273 CVEs for January 2018 (Page 7 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-5691 | 2018-01-14 | SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. |
| CVE-2018-5692 | 2018-01-14 | Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. |
| CVE-2018-5693 | 2018-01-14 | The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. |
| CVE-2018-5694 | 2018-01-14 | The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter. |
| CVE-2018-5695 | 2018-01-14 | The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. |
| CVE-2018-5696 | 2018-01-14 | The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. |
| CVE-2018-5697 | 2018-01-14 | Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. |
| CVE-2018-5698 | 2018-01-14 | libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string. |
| CVE-2017-15126 | 2018-01-14 | A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to... |
| CVE-2017-15127 | 2018-01-14 | A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial... |
| CVE-2017-15128 | 2018-01-14 | A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). |
| CVE-2018-5688 | 2018-01-14 | ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. |
| CVE-2018-5700 | 2018-01-14 | Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP... |
| CVE-2018-5479 | 2018-01-15 | FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is... |
| CVE-2018-5702 | 2018-01-15 | Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to... |
| CVE-2018-5328 | 2018-01-15 | ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit... |
| CVE-2018-5329 | 2018-01-15 | ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing... |
| CVE-2014-9485 | 2018-01-16 | Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a... |
| CVE-2017-18032 | 2018-01-16 | The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. |
| CVE-2018-5703 | 2018-01-16 | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors... |
| CVE-2018-5704 | 2018-01-16 | Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and... |
| CVE-2018-5709 | 2018-01-16 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned... |
| CVE-2018-5710 | 2018-01-16 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key... |
| CVE-2018-5711 | 2018-01-16 | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that... |
| CVE-2018-5712 | 2018-01-16 | An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the... |
| CVE-2018-5706 | 2018-01-16 | An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them,... |
| CVE-2017-11072 | 2018-01-16 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries... |
| CVE-2014-6027 | 2018-01-16 | Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent... |
| CVE-2014-6071 | 2018-01-16 | jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. |
| CVE-2014-9482 | 2018-01-16 | Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file. |
| CVE-2015-7474 | 2018-01-16 | Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0... |
| CVE-2015-7484 | 2018-01-16 | IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information... |
| CVE-2015-7485 | 2018-01-16 | Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4... |
| CVE-2015-7486 | 2018-01-16 | Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4... |
| CVE-2016-0207 | 2018-01-16 | IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399. |
| CVE-2016-0215 | 2018-01-16 | IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via... |
| CVE-2016-0219 | 2018-01-16 | XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4... |
| CVE-2017-16549 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. |
| CVE-2017-16550 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. |
| CVE-2017-16551 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. |
| CVE-2017-16552 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. |
| CVE-2017-16553 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. |
| CVE-2017-16554 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. |
| CVE-2017-16555 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. |
| CVE-2017-16556 | 2018-01-16 | In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations. |
| CVE-2017-16557 | 2018-01-16 | K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. |
| CVE-2017-17429 | 2018-01-16 | In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk... |
| CVE-2017-8802 | 2018-01-16 | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show... |
| CVE-2018-5330 | 2018-01-16 | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. |
| CVE-2018-5370 | 2018-01-16 | BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI. |
| CVE-2018-5713 | 2018-01-16 | In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2018-5714 | 2018-01-16 | In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2018-1000004 | 2018-01-16 | In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service... |
| CVE-2018-5715 | 2018-01-16 | phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). |
| CVE-2017-17947 | 2018-01-16 | A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and... |
| CVE-2018-5299 | 2018-01-16 | A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption... |
| CVE-2018-5723 | 2018-01-16 | MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. |
| CVE-2018-5724 | 2018-01-16 | MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. |
| CVE-2018-5725 | 2018-01-16 | MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. |
| CVE-2018-5726 | 2018-01-16 | MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. |
| CVE-2018-5727 | 2018-01-16 | In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp... |
| CVE-2018-5728 | 2018-01-16 | Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. |
| CVE-2018-5721 | 2018-01-17 | Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a... |
| CVE-2017-16865 | 2018-01-17 | The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in... |
| CVE-2018-5258 | 2018-01-17 | The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2018-5195 | 2018-01-17 | Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document. |
| CVE-2018-5747 | 2018-01-17 | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a... |
| CVE-2018-5764 | 2018-01-17 | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. |
| CVE-2017-5696 | 2018-01-18 | Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access. |
| CVE-2017-10068 | 2018-01-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Dashboards). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10262 | 2018-01-18 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker... |
| CVE-2017-10273 | 2018-01-18 | Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows... |
| CVE-2017-10282 | 2018-01-18 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute... |
| CVE-2017-10301 | 2018-01-18 | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged... |
| CVE-2018-2560 | 2018-01-18 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with... |
| CVE-2018-2561 | 2018-01-18 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows... |
| CVE-2018-2562 | 2018-01-18 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily... |
| CVE-2018-2564 | 2018-01-18 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2018-2565 | 2018-01-18 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2018-2566 | 2018-01-18 | Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to... |
| CVE-2018-2567 | 2018-01-18 | Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.1.x, 7.2.4.2.x, 7.3.0.x.x and 7.3.0.1.x. Easily exploitable vulnerability... |
| CVE-2018-2568 | 2018-01-18 | Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Easily exploitable... |
| CVE-2018-2569 | 2018-01-18 | Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-2570 | 2018-01-18 | Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged... |
| CVE-2018-2571 | 2018-01-18 | Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged... |
| CVE-2018-2573 | 2018-01-18 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low... |
| CVE-2018-2574 | 2018-01-18 | Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2018-2575 | 2018-01-18 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local... |
| CVE-2018-2576 | 2018-01-18 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2018-2577 | 2018-01-18 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon... |
| CVE-2018-2578 | 2018-01-18 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with... |
| CVE-2018-2579 | 2018-01-18 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java... |
| CVE-2018-2580 | 2018-01-18 | Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows... |
| CVE-2018-2581 | 2018-01-18 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2018-2582 | 2018-01-18 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151.... |
| CVE-2018-2583 | 2018-01-18 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high... |
| CVE-2018-2584 | 2018-01-18 | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2018-2585 | 2018-01-18 | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2018-2586 | 2018-01-18 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2018-2588 | 2018-01-18 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java... |