Search results

Subject: PSA-2024-00009-1: Proxmox VE/Mail Gateway API: post-authentication privileged file read vulnerabilities Advisory date: 2024-09-23 Packages: - Proxmox Virtual Environment: pve-manager, libpve-storage-perl, libpve-http-server-perl, qemu-server - Proxmox Mail Gateway: pmg-api...

Subject: PSA-2024-00008-1: kernel: DoS via short ethernet frames over tun/tap interfaces Advisory date: 2024-07-29 Packages: Proxmox 5.15 kernel packages (Proxmox VE 7), Proxmox 6.5 and 6.8 kernel packages (Proxmox VE 8) Details: The tun and tap network drivers in the Linux kernel lacked...

Subject: PSA-2024-00007-1: Shim bootloader remote code execution via http response Advisory date: 2024-06-28 Packages: shim-unsigned, shim-signed Details: A remote code execution vulnerability was found in the secure boot Shim bootloader. The Shim boot support trusts attacker-controlled...

Subject: PSA-2024-00007-1: Shim bootloader remote code execution via http response Advisory date: 2024-06-28 Packages: shim-unsigned, shim-signed Details: A remote code execution vulnerability was found in the secure boot Shim bootloader. The Shim boot support trusts attacker-controlled...

Subject: PSA-2024-00007-1: Shim bootloader remote code execution via http response Advisory date: 2024-06-28 Packages: shim-unsigned, shim-signed Details: A remote code execution vulnerability was found in the secure boot Shim bootloader. The Shim boot support trusts attacker-controlled...

Subject: PSA-2024-00005-1: SMTP Smuggling Publication date: 2024-03-28 Packages: pmg-api, postfix Details: Postfix was affected by an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than <CR><LF>...

Subject: PSA-2024-00003-1: QEMU denial of service via VNC client clipboard access Advisory date: 2024-03-28 Package(s): pve-qemu-kvm Details: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached...

Subject: PSA-2024-00004-1: LDAP: missing schema validation for synced attributes Advisory date: 2024-03-28 Package(s): libpve-access-control Details: On Proxmox Virtual Environment systems with user/group sync from LDAP or ActiveDirectory, the attribute values were not properly validated...

Subject: PSA-2024-00006-1: perl PVE API client certificate validation failure if fingerprint is not passed Advisory date: 2024-03-28 Package(s): libpve-api-client-perl Details: Usage of the perl PVE API client module without a pinned TLS certificate fingerprint (see below for exact...

Subject: PSA-2024-00002-1: Tape backup drive encryption failure Publication Date: 2024-02-26 Packages: proxmox-backup-server Details: With LTO tape backups for Proxmox Backup Server prior to the versions listed below, the separate hardware encryption key was unloaded from the tape drive too...

Subject: PSA-2024-00001-1: PixieFAIL EDK2 PXE vulnerabilities Advisory date: 2024-01-24 Package(s): Proxmox VE 7.x: pve-edk2-firmware Proxmox VE 8.x: pve-edk2-firmware-ovmf pve-edk2-firmware-legacy Details: Nine vulnerabilities in EDK II's reference EFI implementation that can be...

Q: Which components and vulnerabilities are covered by Proxmox Security Announcements? A: First and foremost, vulnerabilities in first party software such as the Proxmox VE management stack or the Proxmox Backup Server/Client. Major vulnerabilities in third party components like QEMU and the...

This is the list of security advisories since 2024-01-01 for the Proxmox Virtual Environment. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.

This is the list of security advisories since 2024-01-01 for the Proxmox Backup Server. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.

This is the list of security advisories since 2024-01-01 for the Proxmox Mail Gateway. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.

This is the list of security advisories since 2024-01-01 for the Proxmox Offline Mirror. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.