Traccar Server vulnerabilities
2 known vulnerabilities affecting traccar/server.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2018-1000881P2CRITICALCVSS 9.8≤ 4.02018-12-20
CVE-2018-1000881 [CRITICAL] CWE-94 CVE-2018-1000881: Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to
nvd
CVE-2019-5748P3CRITICALCVSS 9.8v4.22019-01-09
CVE-2019-5748 [CRITICAL] CWE-611 CVE-2019-5748: In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
nvd