Kerberos
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-26183 | Med | 0.42 | 6.5 | 0.02 | Apr 9, 2024 | Windows Kerberos Denial of Service Vulnerability | ||
| CVE-2024-39148 | 0.00 | — | 0.00 | Dec 1, 2025 | The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall. | |||
| CVE-1999-1099 | 0.00 | — | 0.01 | Nov 22, 1996 | Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. |
- risk 0.42cvss 6.5epss 0.02
Windows Kerberos Denial of Service Vulnerability
- CVE-2024-39148Dec 1, 2025risk 0.00cvss —epss 0.00
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.
- CVE-1999-1099Nov 22, 1996risk 0.00cvss —epss 0.01
Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.