CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-11121 119 DoS Overflow 2017-09-27 2017-10-23
10.0
None Remote Low Not required Complete Complete Complete
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.
2 CVE-2017-11120 119 Overflow 2017-09-27 2017-10-23
10.0
None Remote Low Not required Complete Complete Complete
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
3 CVE-2017-8248 119 Overflow 2017-08-16 2017-08-25
10.0
None Remote Low Not required Complete Complete Complete
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.
4 CVE-2017-7127 119 DoS Exec Code Overflow Mem. Corr. 2017-10-22 2017-10-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "SQLite" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
5 CVE-2017-7115 362 DoS Exec Code Mem. Corr. 2017-10-22 2017-10-26
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition.
6 CVE-2017-7114 119 DoS Exec Code Overflow Mem. Corr. 2017-10-22 2017-10-26
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7 CVE-2017-7112 119 DoS Exec Code Overflow Mem. Corr. 2017-10-22 2017-10-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.
8 CVE-2017-7110 119 DoS Exec Code Overflow Mem. Corr. 2017-10-22 2017-10-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.
9 CVE-2017-7108 119 DoS Exec Code Overflow Mem. Corr. 2017-10-22 2017-10-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.
10 CVE-2017-7105 119 DoS Exec Code Overflow Mem. Corr. 2017-10-22 2017-10-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.
11 CVE-2017-7069 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
12 CVE-2017-7042 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-10-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
13 CVE-2017-7041 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-10-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
14 CVE-2017-7027 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
15 CVE-2017-7026 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
16 CVE-2017-7025 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
17 CVE-2017-7024 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
18 CVE-2017-7023 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
19 CVE-2017-7022 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
20 CVE-2017-7009 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "IOUSBFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
21 CVE-2017-6999 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
22 CVE-2017-6998 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
23 CVE-2017-6997 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
24 CVE-2017-6996 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
25 CVE-2017-6995 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
26 CVE-2017-6994 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
27 CVE-2017-6989 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28 CVE-2017-6981 264 Exec Code 2017-05-22 2017-07-07
9.3
Admin Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks.
29 CVE-2017-2490 119 DoS Exec Code Overflow Mem. Corr. 2017-04-01 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
30 CVE-2017-2485 416 DoS Exec Code Mem. Corr. 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file.
31 CVE-2017-2483 119 Exec Code Overflow 2017-04-01 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
32 CVE-2017-2482 119 Exec Code Overflow 2017-04-01 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
33 CVE-2017-2474 189 Exec Code 2017-04-01 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.
34 CVE-2017-2473 119 DoS Exec Code Overflow Mem. Corr. 2017-04-01 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
35 CVE-2017-2472 416 DoS Exec Code 2017-04-01 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
36 CVE-2017-2458 119 Exec Code Overflow 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
37 CVE-2017-2451 119 DoS Exec Code Overflow 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.
38 CVE-2017-2441 416 Exec Code 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "libc++abi" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.
39 CVE-2017-2440 190 DoS Exec Code Overflow 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app.
40 CVE-2017-2434 20 2017-04-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.
41 CVE-2017-2401 119 DoS Exec Code Overflow Mem. Corr. 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
42 CVE-2017-2398 119 DoS Exec Code Overflow Mem. Corr. 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
43 CVE-2017-2370 119 DoS Exec Code Overflow 2017-02-20 2017-09-01
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.
44 CVE-2017-2360 416 DoS Exec Code 2017-02-20 2017-09-01
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
45 CVE-2016-7644 416 DoS Exec Code 2017-02-20 2017-09-02
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
46 CVE-2016-7616 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-26
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
47 CVE-2016-7613 264 Exec Code 2017-02-20 2017-02-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning.
48 CVE-2016-7612 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-09-02
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
49 CVE-2016-7606 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-26
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
50 CVE-2016-7591 416 DoS Exec Code 2017-02-20 2017-07-26
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
Total number of vulnerabilities : 237   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.