Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category’s permissions setting.
CWE-276
CVE-2022-24301
In Minetest before 5.4.0, players can add or subtract items from a different player’s inventory.
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
CVE-2022-24343
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
CVE-2022-24113
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
CVE-2022-23995
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.