目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-459 清理环节不完整 类漏洞列表 51

CWE-459 清理环节不完整 类弱点 51 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-459 属于资源管理缺陷,指程序在使用临时或辅助资源后未能正确清理和移除。攻击者常利用此漏洞耗尽系统资源,导致拒绝服务或引发内存泄漏,进而可能触发其他安全漏洞。开发者应避免此类问题,需在代码中确保资源释放逻辑的完整性,例如使用异常处理机制保证清理操作在正常及错误路径下均能执行,并定期审查资源生命周期管理。

MITRE CWE 官方描述
CWE:CWE-459 清理不完整(Incomplete Cleanup) 英文:产品在临时或辅助资源(temporary or supporting resources)使用后,未能正确“清理”(clean up)并移除这些资源。
常见影响 (1)
Other, Confidentiality, IntegrityOther, Read Application Data, Modify Application Data, DoS: Resource Consumption (Other)
It is possible to overflow the number of temporary files because directories typically have limits on the number of files allowed. This could create a denial of service problem.
缓解措施 (1)
Architecture and Design, ImplementationTemporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
代码示例 (1)
Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).
try { InputStream is = new FileInputStream(path); byte b[] = new byte[is.available()]; is.read(b); is.close(); } catch (Throwable t) { log.error("Something bad happened: " + t.getMessage()); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-66467 Apache CloudStack MinIO桶删除后策略未清除漏洞 — Apache CloudStack 8.0 High2026-05-08
CVE-2026-28268 Vikunja 授权问题漏洞 — vikunja 9.8 Critical2026-02-27
CVE-2026-3304 Multer 安全漏洞 — multer 7.5 -2026-02-27
CVE-2026-28196 JetBrains TeamCity 安全漏洞 — TeamCity 2.3 Low2026-02-25
CVE-2025-15331 Tanium Connect 安全漏洞 — Connect 4.3 Medium2026-02-05
CVE-2025-66675 Apache Struts 安全漏洞 — Apache Struts 7.5AIHighAI2025-12-10
CVE-2025-64775 Apache Struts 安全漏洞 — Apache Struts 7.5 -2025-12-01
CVE-2025-29934 AMD CPU 安全漏洞 — AMD EPYC™ 9004 Series Processors 5.3 Medium2025-11-21
CVE-2025-6338 Qt 安全漏洞 — Qt 7.5AIHighAI2025-10-16
CVE-2025-59781 F5 BIG-IP和F5 BIG-IP Next CNF 安全漏洞 — BIG-IP 7.5 High2025-10-15
CVE-2025-20293 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 5.3 Medium2025-09-24
CVE-2025-0032 AMD多款产品 安全漏洞 — AMD EPYC™ 9005 Series Processors 7.2 High2025-09-06
CVE-2024-21977 AMD多款产品 安全漏洞 — AMD EPYC™ 7003 Series Processors 3.2 Low2025-09-05
CVE-2025-43711 Tunnelblick 安全漏洞 — Tunnelblick 8.1 High2025-07-04
CVE-2023-29184 Fortinet FortiOS和Fortinet FortiProxy 安全漏洞 — FortiProxy 3.1 Low2025-06-10
CVE-2025-31650 Apache Tomcat 安全漏洞 — Apache Tomcat 7.5AIHighAI2025-04-28
CVE-2025-2260 Eclipse ThreadX NetX Duo 安全漏洞 — ThreadX 7.5AIHighAI2025-04-06
CVE-2024-50385 STMicroelectronics X-CUBE-AZRTOS-WL 安全漏洞 — X-CUBE-AZRT-H7RS 6.5 Medium2025-04-02
CVE-2024-50384 STMicroelectronics X-CUBE-AZRTOS-WL 安全漏洞 — X-CUBE-AZRT-H7RS 6.5 Medium2025-04-02
CVE-2024-36353 AMD Radeon 安全漏洞 — AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics 6.5 Medium2025-03-02
CVE-2025-0726 Eclipse ThreadX NetX Duo 安全漏洞 — ThreadX 7.5 -2025-02-21
CVE-2024-53881 NVIDIA vGPU software 安全漏洞 — NVIDIA vGPU software 5.5 Medium2025-01-28
CVE-2024-53869 NVIDIA Unified Memory driver 安全漏洞 — NVIDIA GPU Display Driver, vGPU software 5.5 Medium2025-01-28
CVE-2025-0473 PMB platform 安全漏洞 — PMB platform 6.5 Medium2025-01-16
CVE-2025-21609 SiYuan 安全漏洞 — siyuan 8.1 -2025-01-03
CVE-2024-45445 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.0 Medium2024-09-04
CVE-2023-31356 AMD Secure Processor和AMD Secure Encrypted Virtualization 安全漏洞 — AMD EPYC™ 7003 Processors 4.4 Medium2024-08-13
CVE-2024-6300 Conduit 安全漏洞 — Conduit 3.7 Low2024-06-25
CVE-2024-20303 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 7.4 High2024-03-27
CVE-2024-23672 Apache Tomcat 安全漏洞 — Apache Tomcat 7.5AIHighAI2024-03-13

CWE-459(清理环节不完整) 是常见的弱点类别,本平台收录该类弱点关联的 51 条 CVE 漏洞。