Search results
-
Proxmox Backup Server - Security Advisories
Subject: PSA-2025-00016-1: Spectre branch target injection from VM guests ("VMScape") Advisory date: 2025-09-17 Packages: proxmox-kernel-6.8, proxmox-kernel-6.14 Details: Incomplete branch predictor isolation mechanisms allow exploitation of branch prediction across hypervisor/guest context...- ProxmoxSecurityAdvisory
- Post #8
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00016-1: Spectre branch target injection from VM guests ("VMScape") Advisory date: 2025-09-17 Packages: proxmox-kernel-6.8, proxmox-kernel-6.14 Details: Incomplete branch predictor isolation mechanisms allow exploitation of branch prediction across hypervisor/guest context...- ProxmoxSecurityAdvisory
- Post #26
- Forum: Security Advisories
-
Proxmox Mail Gateway - Security Advisories
Subject: PSA-2025-00015-1: stored XSS in config values Advisory date: 2025-09-04 Packages: pmg-gui Details: The HTTP proxy setting dialogue in the web interface was susceptible to XSS. Editing this setting is only available to users with admin level access. A related issue in the Proxmox VE...- ProxmoxSecurityAdvisory
- Post #9
- Forum: Security Advisories
-
Proxmox Backup Server - Security Advisories
Subject: PSA-2025-00014-1: stored XSS in config values Advisory date: 2025-08-14 Packages: proxmox-backup-server Details: The WebAuthN setting dialogue in the web interface was susceptible to XSS. Editing these settings requires root privileges. A related issue in the Proxmox VE code base...- ProxmoxSecurityAdvisory
- Post #7
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00013-1: stored XSS in config values Advisory date: 2025-08-14 Packages: pve-manager Details: The HTTP proxy, WebAuthN and U2F setting dialogues in the web interface were susceptible to XSS. Editing these settings requires the Sys.Modify privilege on the ACL path /, which is...- ProxmoxSecurityAdvisory
- Post #25
- Forum: Security Advisories
-
Proxmox Mail Gateway - Security Advisories
Subject: PSA-2025-00012-1: Incomplete exclusion of the NTFS module in Grub2 with Secure Boot Advisory date: 2025-07-10 Packages: grub-efi-amd64-signed 1+2.06+13+pmx6 Details: The NTFS fixes for the issues described in PSA-2025-00005-1 were reverted due to a regression. This was done under the...- ProxmoxSecurityAdvisory
- Post #8
- Forum: Security Advisories
-
Proxmox Backup Server - Security Advisories
Subject: PSA-2025-00012-1: Incomplete exclusion of the NTFS module in Grub2 with Secure Boot Advisory date: 2025-07-10 Packages: grub-efi-amd64-signed 1+2.06+13+pmx6 Details: The NTFS fixes for the issues described in PSA-2025-00005-1 were reverted due to a regression. This was done under the...- ProxmoxSecurityAdvisory
- Post #6
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00012-1: Incomplete exclusion of the NTFS module in Grub2 with Secure Boot Advisory date: 2025-07-10 Packages: grub-efi-amd64-signed 1+2.06+13+pmx6 Details: The NTFS fixes for the issues described in PSA-2025-00005-1 were reverted due to a regression. This was done under the...- ProxmoxSecurityAdvisory
- Post #24
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00011-1: Lack of support for OVS bridges in nftables-based firewall (tech-preview) Advisory date: 2025-07-09 Packages: pve-firewall/qemu-server/pve-container Details: When using the optional nftables-based firewall implementation, OVS bridges used for guest vNICs where not...- ProxmoxSecurityAdvisory
- Post #23
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00010-1: libtpms0/swtpm out of bounds read vulnerability Advisory date: 2025-06-23 Packages: libtpms0 Details: libtpms, a library for integrating TPM functionality into QEMU was affected by an out of bounds read vulnerability that could be used to trigger an abort of swtpm...- ProxmoxSecurityAdvisory
- Post #22
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00009-1: Ceph management: limited privileged file creation vulnerability Advisory date: 2025-04-17 Packages: pve-manager Details: On setups using the Ceph management stack, a highly-privileged user could trigger the creation of a task log file and its parent directories...- ProxmoxSecurityAdvisory
- Post #21
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00008-1: UI: Missing HTML-encoding of potentially user-provided data Advisory date: 2025-04-17 Packages: pve-manager, proxmox-widget-toolkit Details: Some fields displayed in the web interface could contain potentially user-provided data without escaping contained HTML tags...- ProxmoxSecurityAdvisory
- Post #20
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00007-1: qemu: ISO files modifiable from guests under certain configurations Advisory date: 2025-04-17 Packages: qemu-server Details: ISO files used by a VM guest can be written to by the guest OS if the corresponding drive is attached without an explicit media option or...- ProxmoxSecurityAdvisory
- Post #19
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00006-1: SDN: missing TLS certificate validation for external IPAM/DNS plugins Advisory date: 2025-03-12 Packages: libpve-network-perl Details: External API requests made by the in tech-preview IPAM integration of Proxmox VE SDN stack were lacking TLS certificate validation...- ProxmoxSecurityAdvisory
- Post #18
- Forum: Security Advisories
-
Proxmox Backup Server - Security Advisories
Subject: PSA-2025-00005-1: Various SecureBoot bypasses, data integrity violations and sensitive data leaks in Grub Advisory date: 2025-03-06 Packages: grub-pc-bin, grub-efi-amd64-bin, grub-efi-amd64-signed, grub-efi-amd64-unsigned Details: 21 issues in Grub's codebase were found that could...- ProxmoxSecurityAdvisory
- Post #5
- Forum: Security Advisories
-
Proxmox Mail Gateway - Security Advisories
Subject: PSA-2025-00005-1: Various SecureBoot bypasses, data integrity violations and sensitive data leaks in Grub Advisory date: 2025-03-06 Packages: grub-pc-bin, grub-efi-amd64-bin, grub-efi-amd64-signed, grub-efi-amd64-unsigned Details: 21 issues in Grub's codebase were found that could...- ProxmoxSecurityAdvisory
- Post #7
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00005-1: Various SecureBoot bypasses, data integrity violations and sensitive data leaks in Grub Advisory date: 2025-03-06 Packages: grub-pc-bin, grub-efi-amd64-bin, grub-efi-amd64-signed, grub-efi-amd64-unsigned Details: 21 issues in Grub's codebase were found that could...- ProxmoxSecurityAdvisory
- Post #17
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00004-1: Automatic format detection in vma create, used for template VMs Advisory date: 2025-02-25 Packages: pve-qemu-kvm, qemu-server Details: The vma create CLI command lacked an option to specify an explicit format for images to be included in the created backup archive...- ProxmoxSecurityAdvisory
- Post #16
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00003-1: Missing format enforcement for snapshot state volumes Advisory date: 2025-02-18 Packages: pve-qemu-kvm Details: An attacker could cause Qemu to load a malicious snapshot state volume triggering arbitrary host file reads. A successful attack requires...- ProxmoxSecurityAdvisory
- Post #15
- Forum: Security Advisories
-
Proxmox Virtual Environment - Security Advisories
Subject: PSA-2025-00002-1: UI: missing HTML-encoding of potentially user-provided data Advisory date: 2025-01-21 Packages: pve-manager, proxmox-widget-toolkit Details: Some fields displayed in the web interface could contain potentially user-provided data without escaping contained HTML tags...- ProxmoxSecurityAdvisory
- Post #14
- Forum: Security Advisories