ProxmoxSecurityAdvisory's latest activity
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00018-1: "copy.fail" local privilege escalation via AF_ALG socket Advisory date: 2026-04-30 Packages: proxmox-kernel-6.8, proxmox-kernel-6.14, proxmox-kernel-6.17 Details: An issue published under the name "copy.fail" was... -
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00017-1: Missing redaction of cloudinit cipassword in cloudinit/dump endpoint Advisory date: 2026-04-24 Packages: qemu-server Details: The endpoint used for provisioning cloud-init configuration correctly masks the...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00016-1: Stored XSS in VM notes field Advisory date: 2026-04-24 Packages: pve-manager, proxmox-yew-comp, proxmox-datacenter-manager-ui Details: Missing sanitation of the <base> HTML tag when encoding the VM notes field could...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00015-1: Missing HA permission checks when auto-adding guest on create/restore Advisory date: 2026-04-24 Packages: qemu-server >= 9.0.24, pve-container >= 6.0.14 (PVE 9.x) Details: When creating or restoring a VM or...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00014-1: Multiple VNC related issues Advisory date: 2026-04-24 Packages: qemu-server, pve-manager, pve-container Details: A race condition between the vncproxy and vncwebsocket API calls allowed an attacker with privileges...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00013-1: OVA import XML XXE file disclosure and server-side request forgery Advisory date: 2026-04-24 Packages: pve-storage Details: If a storage with 'import' content type was available as upload/download target, a...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00012-1: Corosync: DoS via malformed packets in unencrypted clusters Advisory date: 2026-04-15 Packages: corosync Details: Two flaws were found in Corosync, the clustering stack backing Proxmox VE's clustering feature. An...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00011-1: too permissive pmxcfs backup permissions Advisory date: 2026-04-08 Packages: pve-cluster Details: The pmxcfs backup created before joining a cluster was stored in a directory that was world-readable. Depending on...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Datacenter Manager - Security Advisories.Subject: PSA-2026-00010-1: "Crackarmor" apparmor vulnerabilities Advisory date: 2026-03-13 Packages: proxmox-kernel-* Details: Qualys discovered several vulnerabilities in the AppArmor LSM (Linux Security Module) code of the Linux kernel...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Mail Gateway - Security Advisories.Subject: PSA-2026-00010-1: "Crackarmor" apparmor vulnerabilities Advisory date: 2026-03-13 Packages: proxmox-kernel-* Details: Qualys discovered several vulnerabilities in the AppArmor LSM (Linux Security Module) code of the Linux kernel...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Backup Server - Security Advisories.Subject: PSA-2026-00010-1: "Crackarmor" apparmor vulnerabilities Advisory date: 2026-03-13 Packages: proxmox-kernel-* Details: Qualys discovered several vulnerabilities in the AppArmor LSM (Linux Security Module) code of the Linux kernel...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00010-1: "Crackarmor" apparmor vulnerabilities Advisory date: 2026-03-13 Packages: proxmox-kernel-* Details: Qualys discovered several vulnerabilities in the AppArmor LSM (Linux Security Module) code of the Linux kernel...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Backup Server - Security Advisories.Subject: PSA-2026-00009-1: Log poisoning via crafted HTTP Forwarded header Advisory date: 2026-03-03 Packages: proxmox-backup-server Details: Clients could inject arbitrary IP addresses into Proxmox Backup Server authentication logs by adding...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Backup Server - Security Advisories.Subject: PSA-2026-00008-1: User Enumeration Vulnerability in Proxmox Backup Server API Token Authentication Advisory date: 2026-03-03 Packages: proxmox-backup-server Details: Different user-facing error messages were returned in case of an...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00007-1: Stored XSS in network interfaces comment Advisory date: 2026-03-03 Packages: proxmox-widget-toolkit Details: The network interface configuration view in the web interface was susceptible to XSS. Editing these...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Virtual Environment - Security Advisories.Subject: PSA-2026-00006-1: User Enumeration Vulnerability in Proxmox VE API Token Authentication Advisory date: 2026-03-03 Packages: pve-manager Details: Different user-facing error messages were returned in case of an API token...
-
ProxmoxSecurityAdvisory replied to the thread Proxmox Mail Gateway - Security Advisories.Subject: PSA-2026-00005-1: Bypass of mail filters through confusion of the MIME Parser Advisory date: 2026-02-17 Packages: pmg-api, libmime-tools-perl Details: The parser initially processing e-mails for further analysis was set to not cause...