Florent Rougon

**Name of the Vulnerable Software and Affected Versions** FlightGear versions (affected versions not specified) **Description** An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlightGear versions prior to 2017.3.1 **Description** The issue affects the FGLogger subsystem in FlightGear, specifically in Main/logger.cxx. It allows overwriting of any file through a resource that impacts the global Property Tree's contents. **Recommendations** For versions prior to 2017.3.1, update to version 2017.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FlightGear versions prior to 2016.4.4 **Description** The issue allows remote attackers to write to arbitrary files via a crafted Nasal script, which is related to the route manager in FlightGear. **Recommendations** For versions prior to 2016.4.4, update to version 2016.4.4 or later to resolve the issue.