CWE-459
Incomplete Cleanup
BaseDraft
Description
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
Hierarchy (View 1000)
CVEs mapped to this weakness (28)
page 2 of 2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-29934 | Med | 0.34 | 5.3 | 0.00 | Nov 21, 2025 | A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. | |
| CVE-2025-20293 | Med | 0.34 | 5.3 | 0.00 | Sep 24, 2025 | A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. This vulnerability is due to incomplete cleanup upon completion of the Day One setup process. An attacker could exploit this vulnerability by sending Simple Certificate Enrollment Protocol (SCEP) requests to an affected device. A successful exploit could allow the attacker to request a certificate from the virtual wireless controller and then use the acquired certificate to join an attacker-controlled device to the virtual wireless controller. | |
| CVE-2026-0427 | Med | 0.30 | — | 0.00 | May 15, 2026 | Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability. | |
| CVE-2023-31356 | Med | 0.29 | 4.4 | 0.00 | Aug 13, 2024 | Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. | |
| CVE-2026-6830 | Low | 0.21 | 3.3 | 0.00 | Apr 21, 2026 | nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles. | |
| CVE-2024-21977 | Low | 0.21 | 3.2 | 0.00 | Sep 5, 2025 | Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests. | |
| CVE-2026-35361 | Low | 0.15 | 3.4 | 0.00 | Apr 22, 2026 | The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls. | |
| CVE-2023-20518 | Low | 0.12 | 1.9 | 0.00 | Aug 13, 2024 | Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. |