How severe is CVE-2021-47276?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-47276?

This is classified as CWE-706, which is a common weakness in software security.

CVE-2021-47276

MEDIUM Year: 2021

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-706

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error path (rightfully) returned -EINVAL and not -EFAULT, as the bug caused more than one error to occur. But because -EINVAL was returned, the ftrace_bug() tried to report what was at the location of the ip address, and read it directly. This caused the machine to panic, as the ip was not pointing to a valid memory address. Instead, read the ip address with copy_from_kernel_nofault() to safely access the memory, and if it faults, report that the address faulted, otherwise report what was in that location.

CVE-2021-37212

MEDIUM

CVSS:5.4(Medium)

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific ...

CWE-7062021

CVE-2025-29914

MEDIUM

CVSS:5.4(Medium)

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME...

CWE-7062025

CVE-2019-0220

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule ...

CWE-7062019

CVE-2020-35566

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File...

CWE-7062020

CVE-2024-52515

MEDIUM

CVSS:5.7(Medium)

Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If th...

CWE-7062024

CVE-2019-0816

MEDIUM

CVSS:5.1(Medium)

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerabili...

CWE-7062019

CVE-2021-47276

Vulnerability Description

Related Vulnerabilities

CVE-2021-37212

CVE-2025-29914

CVE-2019-0220

CVE-2020-35566

CVE-2024-52515

CVE-2019-0816