VulnerableCode Package Details - pkg:deb/debian/flightgear@1:2016.4.4%2Bdfsg-3%2Bdeb9u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1j2q-k2gh-pqdk Aliases: CVE-2025-0781	An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.	1:2020.3.16+dfsg-1+deb12u1 Affected by 0 other vulnerabilities.
VCID-vm83-ajzg-aaan Aliases: CVE-2017-13709	In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.	1:2018.3.2+dfsg-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1j2q-k2gh-pqdk
Aliases:
CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

1:2020.3.16+dfsg-1+deb12u1
Affected by 0 other vulnerabilities.

VCID-vm83-ajzg-aaan
Aliases:
CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.

1:2018.3.2+dfsg-2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-7txw-7t76-aaab	In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.	CVE-2017-8921
VCID-jx8t-94cp-aaas	The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.	CVE-2016-9956

Vulnerability

Summary

Aliases

VCID-7txw-7t76-aaab

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.

CVE-2017-8921

VCID-jx8t-94cp-aaas

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

CVE-2016-9956

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T19:05:58.672114+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T14:40:30.042381+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:06:44.765579+00:00	Debian Oval Importer	Fixing	VCID-7txw-7t76-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:23:46.239381+00:00	Debian Oval Importer	Fixing	VCID-jx8t-94cp-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T00:03:17.886333+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	None	36.1.3
2025-06-20T22:56:51.105698+00:00	Debian Oval Importer	Fixing	VCID-jx8t-94cp-aaas	None	36.1.3
2025-06-20T22:47:34.057489+00:00	Debian Oval Importer	Fixing	VCID-7txw-7t76-aaab	None	36.1.3
2025-06-08T11:35:05.706620+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T07:33:42.314645+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:01:37.768776+00:00	Debian Oval Importer	Fixing	VCID-7txw-7t76-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:25:27.869469+00:00	Debian Oval Importer	Fixing	VCID-jx8t-94cp-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T17:26:05.584722+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	None	36.1.0
2025-06-07T16:20:07.143707+00:00	Debian Oval Importer	Fixing	VCID-jx8t-94cp-aaas	None	36.1.0
2025-06-07T16:11:28.395193+00:00	Debian Oval Importer	Fixing	VCID-7txw-7t76-aaab	None	36.1.0
2025-04-13T03:10:21.662736+00:00	Debian Oval Importer	Affected by	VCID-1j2q-k2gh-pqdk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:45:02.404824+00:00	Debian Oval Importer	Fixing	VCID-jx8t-94cp-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:00:48.532888+00:00	Debian Oval Importer	Fixing	VCID-7txw-7t76-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:19:34.196541+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T06:06:25.427141+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:33:34.168376+00:00	Debian Oval Importer	Fixing	VCID-7txw-7t76-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:56:36.816199+00:00	Debian Oval Importer	Fixing	VCID-jx8t-94cp-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T16:00:26.356812+00:00	Debian Oval Importer	Affected by	VCID-vm83-ajzg-aaan	None	36.0.0
2025-04-07T14:51:48.151324+00:00	Debian Oval Importer	Fixing	VCID-jx8t-94cp-aaas	None	36.0.0
2025-04-07T14:42:51.231852+00:00	Debian Oval Importer	Fixing	VCID-7txw-7t76-aaab	None	36.0.0