Ryan Shin

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 16.1 tvOS versions prior to 16.1 macOS Ventura versions prior to 13 watchOS versions prior to 9.1 iOS versions prior to 16.1 iPadOS versions prior to 16.1 WebKitGTK (affected versions not specified) WPE WebKit (affected versions not specified) **Description** A logic issue was addressed with improved state management. Processing maliciously crafted web content may disclose sensitive user information. The issue is related to errors in state management in WebKitGTK and WPE WebKit modules, which can allow an attacker to access confidential data. **Recommendations** For Safari version prior to 16.1, update to Safari 16.1 or later. For tvOS version prior to 16.1, update to tvOS 16.1 or later. For macOS Ventura version prior to 13, update to macOS Ventura 13 or later. For watchOS version prior to 9.1, update to watchOS 9.1 or later. For iOS version prior to 16.1, update to iOS 16.1 or later. For iPadOS version prior to 16.1, update to iPadOS 16.1 or later. For WebKitGTK and WPE WebKit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 8.2 **Description** The issue is related to a Use After Free vulnerability in the Vim text editor, specifically with the `find pattern in path` function. This vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `find pattern in path` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 8.2 **Description** The issue is related to an out-of-bounds write in the vim regsub both function of the regexp.c component in the Vim text editor. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable regexp.c component until a patch is available.