Skip to main content

Flightgear

5 CVEs product

Monthly

CVE-2017-13709 HIGH POC This Week

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flightgear
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-8921 HIGH PATCH This Week

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Flightgear
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-9956 HIGH PATCH This Week

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Debian Linux Fedora Flightgear
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2012-2091 CRITICAL Act Now

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Flightgear Simgear
NVD
CVSS 2.0
9.3
EPSS
7.6%
CVE-2012-2090 CRITICAL Act Now

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Flightgear Simgear
NVD
CVSS 2.0
9.3
EPSS
4.5%
EPSS 0% CVSS 7.5
HIGH POC This Week

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flightgear
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Flightgear
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Debian Linux Fedora +1
NVD
EPSS 8% CVSS 9.3
CRITICAL Act Now

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE +2
NVD
EPSS 4% CVSS 9.3
CRITICAL Act Now

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Flightgear +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy