CWE-459
AllowedIncomplete Cleanup
Abstraction: Base · Status: Draft
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
223 vulnerabilities reference this CWE, most recent first.
GHSA-HQ7H-VJ5V-FRP8
Vulnerability from github – Published: 2022-04-30 18:22 – Updated: 2024-02-08 21:30East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
{
"affected": [],
"aliases": [
"CVE-2002-2067"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.",
"id": "GHSA-hq7h-vj5v-frp8",
"modified": "2024-02-08T21:30:30Z",
"published": "2022-04-30T18:22:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2067"
},
{
"type": "WEB",
"url": "http://www.ciac.org/ciac/bulletins/m-034.shtml"
},
{
"type": "WEB",
"url": "http://www.east-tec.com/eraser/faq.htm"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/7953.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/251565"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/3912"
},
{
"type": "WEB",
"url": "http://www.seifried.org/security/advisories/kssa-003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HRRG-WVPP-2P2Q
Vulnerability from github – Published: 2024-11-01 18:31 – Updated: 2024-11-06 18:31IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php.
{
"affected": [],
"aliases": [
"CVE-2024-28265"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-01T16:15:08Z",
"severity": "CRITICAL"
},
"details": "IBOS v4.5.5 has an arbitrary file deletion vulnerability via \\system\\modules\\dashboard\\controllers\\LoginController.php.",
"id": "GHSA-hrrg-wvpp-2p2q",
"modified": "2024-11-06T18:31:05Z",
"published": "2024-11-01T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28265"
},
{
"type": "WEB",
"url": "https://github.com/A7cc/cve/issues/1"
},
{
"type": "WEB",
"url": "https://gitee.com/ibos/IBOS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HW87-HG67-XW42
Vulnerability from github – Published: 2025-09-05 15:31 – Updated: 2025-09-05 15:31Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.
{
"affected": [],
"aliases": [
"CVE-2024-21977"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T13:15:31Z",
"severity": "LOW"
},
"details": "Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.",
"id": "GHSA-hw87-hg67-xw42",
"modified": "2025-09-05T15:31:07Z",
"published": "2025-09-05T15:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21977"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HWG4-5CX4-H25M
Vulnerability from github – Published: 2025-03-02 18:30 – Updated: 2025-09-25 21:30Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values, potentially leading to loss of confidentiality.
{
"affected": [],
"aliases": [
"CVE-2024-36353"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-02T18:15:34Z",
"severity": "MODERATE"
},
"details": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values, potentially leading to loss of confidentiality.",
"id": "GHSA-hwg4-5cx4-h25m",
"modified": "2025-09-25T21:30:20Z",
"published": "2025-03-02T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36353"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HX76-CHVW-QR8X
Vulnerability from github – Published: 2024-03-15 21:30 – Updated: 2025-03-13 21:30In the Linux kernel, the following vulnerability has been resolved:
x86/kvm: Disable kvmclock on all CPUs on shutdown
Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore from hibernate.
Note, writing '0' to kvmclock MSR doesn't clear memory location, it just prevents hypervisor from updating the location so for the short while after write and while CPU is still alive, the clock remains usable and correct so we don't need to switch to some other clocksource.
{
"affected": [],
"aliases": [
"CVE-2021-47110"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-15T21:15:06Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kvm: Disable kvmclock on all CPUs on shutdown\n\nCurrenly, we disable kvmclock from machine_shutdown() hook and this\nonly happens for boot CPU. We need to disable it for all CPUs to\nguard against memory corruption e.g. on restore from hibernate.\n\nNote, writing \u00270\u0027 to kvmclock MSR doesn\u0027t clear memory location, it\njust prevents hypervisor from updating the location so for the short\nwhile after write and while CPU is still alive, the clock remains usable\nand correct so we don\u0027t need to switch to some other clocksource.",
"id": "GHSA-hx76-chvw-qr8x",
"modified": "2025-03-13T21:30:59Z",
"published": "2024-03-15T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47110"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1df2dc09926f61319116c80ee85701df33577d70"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b0becf8b1ecf642a9edaf4c9628ffc641e490d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c02027b5742b5aa804ef08a4a9db433295533046"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXXF-PXH8-JXXH
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.
{
"affected": [],
"aliases": [
"CVE-2023-29184"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T17:17:51Z",
"severity": "LOW"
},
"details": "An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before \u0026 FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.",
"id": "GHSA-hxxf-pxh8-jxxh",
"modified": "2025-06-10T18:32:27Z",
"published": "2025-06-10T18:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29184"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J2J4-J7CR-P458
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956
{
"affected": [],
"aliases": [
"CVE-2020-0258"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956",
"id": "GHSA-j2j4-j7cr-p458",
"modified": "2022-05-24T17:25:17Z",
"published": "2022-05-24T17:25:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0258"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-08-01"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/158869/Android-App-Zygotes-Improper-Guarding.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J2J8-23GR-F54X
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 03:59Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2022-40974"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:15Z",
"severity": "MODERATE"
},
"details": "Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.",
"id": "GHSA-j2j8-23gr-f54x",
"modified": "2024-04-04T03:59:37Z",
"published": "2023-05-10T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40974"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J384-FPQM-4MMH
Vulnerability from github – Published: 2026-05-15 03:30 – Updated: 2026-05-15 03:30Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.
{
"affected": [],
"aliases": [
"CVE-2026-0427"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-15T03:16:22Z",
"severity": "MODERATE"
},
"details": "Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.",
"id": "GHSA-j384-fpqm-4mmh",
"modified": "2026-05-15T03:30:37Z",
"published": "2026-05-15T03:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0427"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J3P8-Q7HC-2X2W
Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2022-05-13 01:39In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.
{
"affected": [],
"aliases": [
"CVE-2017-0303"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-27T14:29:00Z",
"severity": "HIGH"
},
"details": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.",
"id": "GHSA-j3p8-q7hc-2x2w",
"modified": "2022-05-13T01:39:53Z",
"published": "2022-05-13T01:39:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0303"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K30201296"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101612"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039674"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
No CAPEC attack patterns related to this CWE.