flightgear 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、パス処理の欠陥, and vendor risk input validation に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact memory corruption and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-0781 | An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. | [email protected] | 8.6 | 0.33% | 2025-01-28 | 2026-06-17 |
| CVE-2017-13709 | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | [email protected] | 7.5 | 1.06% | 2017-08-27 | 2026-06-16 |
| CVE-2017-8921 | In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. | [email protected] | 7.5 | 1.42% | 2017-05-12 | 2026-06-16 |
| CVE-2016-9956 | The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | [email protected] | 7.5 | 3.24% | 2017-02-22 | 2026-06-16 |
| CVE-2012-2091 | Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx. | [email protected] | 9.3 | 6.46% | 2012-06-16 | 2026-06-16 |
| CVE-2012-2090 | Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx. | [email protected] | 9.3 | 6.00% | 2012-06-16 | 2026-06-16 |