Homepage

xen vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the xen package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2025-58150

<4.20.2-r1
  • L
CVE-2026-23553

<4.20.2-r1
  • H
Out-of-bounds Read

<4.9.0-r4
  • L
XSA-245

<4.9.0-r5
  • C
Race Condition

<4.9.0-r0
  • C
CVE-2017-10913

<4.9.0-r0
  • L
XSA-238

<4.9.0-r6
  • M
Improper Input Validation

<4.7.1-r4
  • M
NULL Pointer Dereference

<4.7.1-r4
  • M
Information Exposure

<4.7.1-r1
  • M
Information Exposure

<4.9.0-r1
  • H
Buffer Overflow

<4.9.0-r1
  • H
Race Condition

<4.9.0-r1
  • H
Resource Exhaustion

<4.9.0-r6
  • M
Out-of-Bounds

<4.7.0-r1
  • H
Access Restriction Bypass

<4.7.0-r1
  • M
Improper Input Validation

<4.9.0-r0
  • H
Incorrect Calculation

<4.9.0-r1
  • C
Out-of-Bounds

<4.9.0-r0
  • L
CVE-2025-58148

<4.20.1-r2
  • L
CVE-2025-58144

<4.20.1-r1
  • M
Information Exposure

<4.9.0-r0
  • C
Out-of-Bounds

<4.9.0-r7
  • M
Improper Input Validation

<4.7.1-r1
  • H
Race Condition

<4.9.0-r0
  • H
CVE-2017-8904

<4.8.1-r2
  • L
CVE-2025-58145

<4.20.1-r1
  • L
XSA-247

<4.9.1-r1
  • L
CVE-2025-58142

<4.20.1-r1
  • L
CVE-2024-2193

<4.18.0-r5
  • H
Improper Input Validation

<4.7.1-r1
  • H
Race Condition

<4.7.1-r1
  • M
Missing Release of Resource after Effective Lifetime

<4.9.0-r6
  • M
Improper Access Control

<4.7.1-r1
  • H
CVE-2017-8903

<4.8.1-r2
  • M
CVE-2023-34327

<4.17.2-r3
  • M
Information Exposure

<4.9.0-r6
  • H
Race Condition

<4.9.0-r6
  • L
XSA-246

<4.9.1-r1
  • H
Out-of-bounds Write

<4.17.2-r3
  • M
CVE-2023-20593

<4.17.1-r3
  • M
Incorrect Calculation

<4.7.1-r1
  • L
CVE-2023-46841

<4.18.0-r4
  • L
CVE-2022-42336

<4.17.1-r1
  • L
CVE-2025-27466

<4.20.1-r1
  • H
Resource Exhaustion

<4.9.0-r0
  • H
CVE-2017-14319

<4.9.0-r4
  • H
CVE-2017-15590

<4.9.0-r6
  • L
CVE-2024-36350

<4.20.1-r0
  • L
XSA-235

<4.9.0-r2
  • L
CVE-2025-58143

<4.20.1-r1
  • C
CVE-2017-10912

<4.9.0-r0
  • L
CVE-2024-28956

<4.20.0-r1
  • M
Race Condition

<4.9.0-r4
  • M
CVE-2017-10919

<4.9.0-r0
  • C
Out-of-bounds Read

<4.7.1-r5
  • L
CVE-2025-27465

<4.20.1-r0
  • L
CVE-2024-36357

<4.20.1-r0
  • L
CVE-2024-45817

<4.19.0-r0
  • C
Out-of-bounds Read

<4.7.1-r5
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • L
CVE-2024-31143

<4.19.0-r0
  • M
Improper Access Control

<4.7.1-r3
  • M
Improper Access Control

<4.7.1-r3
  • M
Improper Access Control

<4.7.1-r3
  • H
Access Restriction Bypass

<4.7.1-r1
  • L
XSA-210

<4.7.1-r5
  • M
Resource Exhaustion

<4.7.0-r0
  • H
Improper Check for Dropped Privileges

<4.17.2-r1
  • H
Access Restriction Bypass

<4.7.1-r4
  • H
Improper Access Control

<4.7.0-r0
  • M
Memory Leak

<4.17.0-r0
  • M
Memory Leak

<4.17.0-r0
  • H
CVE-2022-42330

<4.17.0-r2
  • H
Exposure of Resource to Wrong Sphere

<4.9.0-r6
  • H
Incomplete Cleanup

<4.17.0-r0
  • M
CVE-2022-23824

<4.16.2-r2
  • M
Incomplete Cleanup

<4.17.0-r0
  • H
Access Restriction Bypass

<4.7.1-r1
  • H
Improper Input Validation

<4.7.1-r1
  • M
Improper Resource Shutdown or Release

<4.17.0-r0
  • L
CVE-2024-45818

<4.19.0-r1
  • H
Access Restriction Bypass

<4.7.0-r1
  • L
CVE-2024-31145

<4.19.0-r0
  • M
NULL Pointer Dereference

<4.9.0-r4
  • L
CVE-2025-58147

<4.20.1-r2
  • L
CVE-2025-58149

<4.20.1-r2
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • H
CVE-2017-15594

<4.9.0-r6
  • C
NULL Pointer Dereference

<4.9.0-r0
  • M
Improper Input Validation

<4.7.0-r0
  • H
Information Exposure

<4.16.1-r4
  • L
Out-of-Bounds

<4.18.0-r2
  • H
Information Exposure

<4.9.0-r0
  • L
CVE-2023-46839

<4.18.0-r3
  • C
Out-of-Bounds

<4.9.0-r0
  • H
CVE-2022-26361

<4.16.1-r0
  • M
CVE-2023-46836

<4.17.2-r4
  • C
Improper Input Validation

<4.9.0-r0
  • M
CVE-2023-46835

<4.17.2-r4
  • L
CVE-2024-2201

<4.18.2-r0
  • H
Improper Validation of Array Index

<4.7.2-r0
  • H
Release of Invalid Pointer or Reference

<4.16.2-r1
  • H
Memory Leak

<4.16.1-r4
  • C
Out-of-Bounds

<4.7.2-r0
  • H
CVE-2022-26358

<4.16.1-r0
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • L
CVE-2023-46842

<4.18.2-r0
  • L
Out-of-Bounds

<4.17.2-r1
  • M
Improper Access Control

<4.7.1-r3
  • M
CVE-2023-34328

<4.17.2-r3
  • M
CVE-2022-42331

<4.17.0-r5
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • M
NULL Pointer Dereference

<4.17.2-r3
  • L
Information Exposure

<4.7.1-r3
  • H
Use After Free

<4.17.0-r5
  • M
CVE-2022-27672

<4.17.0-r2
  • H
CVE-2021-28708

<4.15.1-r2
  • H
NULL Pointer Dereference

<4.17.0-r5
  • M
Information Exposure

<4.17.2-r0
  • H
Improper Input Validation

<4.7.1-r1
  • M
Incomplete Cleanup

<4.16.1-r3
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • M
Incomplete Cleanup

<4.16.1-r3
  • L
XSA-207

<4.7.1-r5
  • M
Memory Leak

<4.17.0-r0
  • M
Incorrect Authorization

<4.15.0-r2
  • M
Race Condition

<4.16.1-r2
  • M
Race Condition

<4.7.0-r5
  • M
Memory Leak

<4.17.0-r0
  • H
Allocation of Resources Without Limits or Throttling

<4.17.0-r5
  • L
XSA-398

<4.16.1-r0
  • L
CVE-2024-45819

<4.19.0-r1
  • L
CVE-2024-31142

<4.18.2-r0
  • L
CVE-2023-28746

<4.18.0-r5
  • M
Uncontrolled Recursion

<4.17.0-r0
  • M
CVE-2021-28695

<4.15.0-r2
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • L
CVE-2022-23816

<4.16.1-r5
  • L
Information Exposure

<4.14.1-r0
  • M
Divide By Zero

<4.17.2-r2
  • L
CVE-2025-1713

<4.19.1-r1
  • H
CVE-2023-34326

<4.17.2-r3
  • M
Allocation of Resources Without Limits or Throttling

<4.14.1-r0
  • M
Memory Leak

<4.17.0-r0
  • M
Information Exposure

<4.17.2-r0
  • M
Incorrect Conversion between Numeric Types

<4.17.0-r0
  • H
Improper Cross-boundary Removal of Sensitive Data

<4.16.1-r4
  • M
Improper Cross-boundary Removal of Sensitive Data

<4.16.1-r5
  • M
Improper Handling of Exceptional Conditions

<4.17.0-r0
  • H
Improper Privilege Management

<4.15.0-r3
  • H
CVE-2022-26359

<4.16.1-r0
  • H
Improper Privilege Management

<4.15.0-r2
  • M
Exposure of Resource to Wrong Sphere

<4.16.1-r5
  • H
Improper Privilege Management

<4.15.1-r1
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • H
Improper Privilege Management

<4.15.1-r1
  • M
Allocation of Resources Without Limits or Throttling

<4.17.0-r0
  • H
Information Exposure

<4.16.1-r4
  • M
Incomplete Cleanup

<4.16.1-r3
  • M
Improper Locking

<4.17.1-r5
  • M
NULL Pointer Dereference

<4.14.1-r0
  • H
Incorrect Permission Assignment for Critical Resource

<4.14.1-r0
  • H
Improper Privilege Management

<4.14.0-r1
  • H
Race Condition

<4.16.1-r0
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<4.15.0-r2
  • H
CVE-2021-28707

<4.15.1-r2
  • M
Arbitrary Code Injection

<4.14.0-r1
  • H
CVE-2021-28703

<4.15.1-r1
  • M
Allocation of Resources Without Limits or Throttling

<4.14.1-r0
  • M
CVE-2021-28693

<4.15.0-r1
  • L
Improper Resource Shutdown or Release

<4.17.0-r0
  • M
Improper Locking

<4.16.1-r0
  • M
Information Exposure

<4.14.0-r2
  • H
Improper Resource Shutdown or Release

<4.16.1-r0
  • H
CVE-2022-33745

<4.16.1-r6
  • H
CVE-2022-42327

<4.16.2-r1
  • M
Uncontrolled Recursion

<4.14.1-r0
  • M
CVE-2022-26364

<4.16.1-r2
  • M
CVE-2021-26933

<4.14.1-r3
  • H
Exposure of Resource to Wrong Sphere

<4.14.1-r0
  • M
CVE-2022-26363

<4.16.1-r2
  • M
CVE-2021-3308

<4.14.1-r2
  • M
Incomplete Cleanup

<4.16.1-r0
  • H
Improper Privilege Management

<4.15.0-r1
  • H
Insufficient Verification of Data Authenticity

<4.14.0-r2
  • H
CVE-2022-26360

<4.16.1-r0
  • M
Out-of-Bounds

<4.14.0-r2
  • H
Improper Handling of Exceptional Conditions

<4.15.1-r2
  • M
Improper Authentication

<4.15.0-r2
  • M
Improper Handling of Exceptional Conditions

<4.14.0-r1
  • H
Improper Handling of Exceptional Conditions

<4.15.1-r2
  • M
CVE-2021-28690

<4.15.0-r1
  • M
Integer Underflow

<4.16.1-r0
  • M
Memory Leak

<4.14.1-r0
  • M
Information Exposure

<4.15.0-r1
  • M
Out-of-Bounds

<4.14.0-r1
  • M
Improper Handling of Exceptional Conditions

<4.13.1-r4
  • M
Missing Initialization of Resource

<4.15.0-r0
  • H
CVE-2021-28704

<4.15.1-r2
  • H
Improper Privilege Management

<4.14.0-r2
  • M
Improper Input Validation

<4.13.1-r4
  • M
CVE-2021-28699

<4.15.0-r2
  • H
Off-by-one Error

<4.14.0-r3
  • M
Race Condition

<4.14.0-r1
  • M
Allocation of Resources Without Limits or Throttling

<4.15.0-r2
  • M
Improper Input Validation

<4.13.1-r4
  • M
Improper Input Validation

<4.13.0-r0
  • H
Race Condition

<4.14.0-r1
  • M
CVE-2019-11091

<4.12.0-r2
  • M
Allocation of Resources Without Limits or Throttling

<4.14.1-r0
  • M
Information Exposure

<4.12.0-r2
  • M
Resource Exhaustion

<4.14.0-r1
  • M
NULL Pointer Dereference

<4.14.1-r0
  • M
Out-of-bounds Read

<4.13.1-r5
  • M
Untrusted Search Path

<4.14.1-r0
  • M
Use After Free

<4.14.1-r0
  • H
Off-by-one Error

<4.13.0-r0
  • H
Race Condition

<4.14.0-r2
  • M
Information Exposure

<4.13.1-r3
  • M
Always-Incorrect Control Flow Implementation

<4.14.0-r1
  • L
XSA-312

<4.13.1-r0
  • M
Out-of-Bounds

<4.14.0-r1
  • H
Memory Leak

<4.14.0-r1
  • H
Incomplete Cleanup

<4.11.1-r0
  • H
Incorrect Calculation

<4.13.0-r0
  • M
CVE-2020-11742

<4.13.0-r3
  • H
Out-of-Bounds

<4.13.0-r3
  • H
Interpretation Conflict

<4.11.1-r0
  • H
Resource Exhaustion

<4.13.1-r4
  • H
Race Condition

<4.13.1-r4
  • M
Information Exposure

<4.13.0-r3
  • M
Information Exposure

<4.11.0-r0
  • M
Improper Handling of Exceptional Conditions

<4.13.0-r3
  • M
CVE-2018-12893

<4.11.0-r0
  • H
Memory Leak

<4.13.0-r0
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<4.13.0-r0
  • M
Information Exposure

<4.11.1-r0
  • H
Race Condition

<4.13.0-r0
  • M
CVE-2019-11135

<4.13.0-r0
  • C
Improper Privilege Management

<4.13.0-r0
  • M
OS Command Injection

<4.13.0-r0
  • M
Resource Exhaustion

<4.11.1-r0
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<4.12.1-r0
  • M
Information Exposure

<4.12.0-r2
  • H
Reachable Assertion

<4.11.1-r0
  • C
Information Exposure

<4.11.0-r0
  • H
Race Condition

<4.10.1-r1
  • M
Out-of-bounds Write

<4.10.1-r0
  • H
Incorrect Permission Assignment for Critical Resource

<4.13.0-r0
  • M
Improper Input Validation

<4.13.0-r0
  • M
Information Exposure

<4.12.0-r2
  • M
Out-of-Bounds

<4.10.0-r1
  • L
XSA-248

<4.10.0-r1
  • M
Information Exposure

<4.11.0-r0
  • H
Improper Input Validation

<4.13.0-r0
  • M
CVE-2018-12891

<4.11.0-r0
  • M
Improper Input Validation

<4.11.1-r0
  • M
Race Condition

<4.13.0-r0
  • M
Information Exposure

<4.10.1-r0
  • H
CVE-2018-7541

<4.10.0-r2
  • M
CVE-2018-19964

<4.11.1-r0
  • H
NULL Pointer Dereference

<4.11.1-r0
  • H
CVE-2018-10982

<4.10.1-r1
  • L
XSA-249

<4.10.0-r1
  • H
Information Exposure

<4.11.1-r0
  • M
NULL Pointer Dereference

<4.10.0-r2
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<4.10.1-r1
  • L
XSA-250

<4.10.0-r1
  • M
Resource Exhaustion

<4.10.0-r2
  • M
Resource Exhaustion

<4.11.1-r0
  • M
CVE-2018-19965

<4.11.1-r0
  • M
Incorrect Authorization

<4.11.1-r0
  • M
CVE-2018-3646

<4.11.1-r0
  • L
XSA-254

<4.10.0-r1
  • L
XSA-251

<4.10.0-r1