Teradata
Products
8- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7489 | Cri | 0.64 | 9.8 | 0.04 | Nov 10, 2016 | Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution. | ||
| CVE-2016-7490 | Hig | 0.51 | 7.8 | 0.01 | Nov 10, 2016 | The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. | ||
| CVE-2016-7488 | Hig | 0.51 | 7.8 | 0.01 | Nov 10, 2016 | Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. | ||
| CVE-2015-5401 | Hig | 0.49 | 7.5 | 0.02 | May 23, 2017 | Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. | ||
| CVE-2024-52870 | Hig | 0.46 | 7.1 | 0.00 | Jan 17, 2025 | Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites. | ||
| CVE-2025-70956 | Hig | 0.42 | 7.5 | 0.00 | Feb 13, 2026 | A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources… | ||
| CVE-2025-70954 | Hig | 0.42 | 7.5 | 0.01 | Feb 13, 2026 | A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before… | ||
| CVE-2024-52869 | Med | 0.39 | 6.0 | 0.00 | Jan 8, 2025 | Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database… |
- risk 0.64cvss 9.8epss 0.04
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.
- risk 0.51cvss 7.8epss 0.01
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.
- risk 0.51cvss 7.8epss 0.01
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.
- risk 0.49cvss 7.5epss 0.02
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.
- risk 0.46cvss 7.1epss 0.00
Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites.
- risk 0.42cvss 7.5epss 0.00
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources…
- risk 0.42cvss 7.5epss 0.01
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before…
- risk 0.39cvss 6.0epss 0.00
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database…