Skip to main content

Pve Http Server

2 CVEs product

Monthly

CVE-2022-35508 CRITICAL POC Act Now

Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Privilege Escalation Proxmox Mail Gateway Pve Http Server Virtual Environment
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-35507 HIGH POC This Week

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Code Injection Proxmox Mail Gateway Pve Http Server Virtual Environment
NVD
CVSS 3.1
7.1
EPSS
1.4%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Privilege Escalation Proxmox Mail Gateway +2
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Code Injection Proxmox Mail Gateway +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy