Vulnerabilities > Proxmox > PVE Http Server

DATE CVE VULNERABILITY TITLE RISK
2022-12-04 CVE-2022-35507 Injection vulnerability in Proxmox products
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS.
network
low complexity
proxmox CWE-74
7.1
2022-12-04 CVE-2022-35508 Server-Side Request Forgery (SSRF) vulnerability in Proxmox products
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon.
network
low complexity
proxmox CWE-918
critical
9.8