VYPR

Pve HTTP Server

by Proxmox

Source repositories

CVEs (3)

  • CVE-2024-21545HigSep 25, 2024
    risk 0.53cvss 8.2epss 0.00

    Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via…

  • CVE-2022-35507Dec 4, 2022
    risk 0.03cvss epss 0.01

    A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects…

  • CVE-2022-35508Dec 4, 2022
    risk 0.00cvss epss 0.01

    Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on…