redhat

migration_toolkit

2 known vulnerabilities · sorted by CVSS score

CVE-2020-1712

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

systemd_project / systemd+6

Local

Published Mar 31, 2020

CVE-2021-3948

MEDIUM6.3

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

konveyor / mig-controller+4

Network

Published Feb 18, 2022