govulncheck-vulndb-0.0.20241108T172500-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14482-1 Final 1 1 2024-11-09T00:00:00Z current 2024-11-09T00:00:00Z 2024-11-09T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z govulncheck-vulndb-0.0.20241108T172500-1.1 on GA media These are all security issues fixed in the govulncheck-vulndb-0.0.20241108T172500-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14482 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIQSM7MAIDYW7UOVLTLV7YAGSNTSKIUM/ E-Mail link for openSUSE-SU-2024:14482-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-10975/ SUSE CVE CVE-2024-10975 page https://www.suse.com/security/cve/CVE-2024-45794/ SUSE CVE CVE-2024-45794 page openSUSE Tumbleweed govulncheck-vulndb-0.0.20241108T172500-1.1 govulncheck-vulndb-0.0.20241108T172500-1.1 as a component of openSUSE Tumbleweed Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15. CVE-2024-10975 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241108T172500-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIQSM7MAIDYW7UOVLTLV7YAGSNTSKIUM/ https://www.suse.com/security/cve/CVE-2024-10975.html CVE-2024-10975 devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2024-45794 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241108T172500-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIQSM7MAIDYW7UOVLTLV7YAGSNTSKIUM/ https://www.suse.com/security/cve/CVE-2024-45794.html CVE-2024-45794