VYPR

CWE-459

Incomplete Cleanup

BaseDraft

Description

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

Hierarchy (View 1000)

CVEs mapped to this weakness (55)

page 1 of 3
  • CVE-2005-1744CriMay 24, 2005
    risk 0.64cvss 9.8epss 0.02

    BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security…

  • CVE-2026-34263CriMay 12, 2026
    risk 0.62cvss 9.6epss 0.01

    Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

  • CVE-2025-6338CriOct 16, 2025
    risk 0.60cvss epss 0.00

    There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.

  • CVE-2017-17090HigDec 2, 2017
    risk 0.58cvss 7.5epss 0.82

    An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the…

  • CVE-2025-43711HigJul 5, 2025
    risk 0.53cvss 8.1epss 0.00

    Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.

  • CVE-2025-66467HigMay 8, 2026
    risk 0.52cvss 8.0epss 0.00

    Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the…

  • CVE-2026-33232HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption.…

  • CVE-2017-0303HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.03

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly…

  • CVE-2002-2070HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-2066HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-2069HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-2068HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-2067HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2025-0032HigSep 6, 2025
    risk 0.47cvss 7.2epss 0.00

    Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.

  • CVE-2024-36353MedMar 2, 2025
    risk 0.42cvss 6.5epss 0.00

    Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

  • CVE-2000-0552MedJun 6, 2000
    risk 0.39cvss 5.5epss 0.01

    ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

  • CVE-2024-53881MedJan 28, 2025
    risk 0.36cvss 5.5epss 0.00

    NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service.

  • CVE-2024-53869MedJan 28, 2025
    risk 0.36cvss 5.5epss 0.00

    NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure.

  • CVE-2024-49851MedOct 21, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can…

  • CVE-2018-15407MedOct 5, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing…