23 matches found
EUVD-2025-16379
Malicious code in bioql PyPI...
EUVD-2025-5501
Malicious code in bioql PyPI...
CVE-2025-4081
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081 TCC Bypass via Dylib Substitution in DaVinci Resolve
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081 TCC Bypass via Dylib Substitution in DaVinci Resolve
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081
The CVE-2025-4081 entry concerns a TCC bypass in DaVinci Resolve for macOS caused by using the entitlement com.apple.security.cs.disable-library-validation and missing launch/library-load constraints, enabling local unprivileged attackers to substitute a legitimate dylib with a malicious one. The...
Blackmagic Design DaVinci Resolve 安全漏洞
Blackmagic Design DaVinci Resolve is a software tool that combines editing, color correction, visual effects, motion graphics, and audio post-production in one package. A security vulnerability exists in Blackmagic Design DaVinci Resolve, which stems from insufficient dynamic library loading...
PT-2025-23167 · Blackmagic Design · Davinci Resolve
Name of the Vulnerable Software and Affected Versions: DaVinci Resolve versions prior to the fixed version Description: The issue is related to the use of entitlement "com.apple.security.cs.disable-library-validation" and the lack of launch and library load constraints, allowing a local attacker...
CVE-2025-1413
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
CVE-2025-1413
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
CVE-2025-1413
CVE-2025-1413 affects DaVinci Resolve on macOS prior to 19.1.3. The root cause is incorrect file permissions (rwxrwxrwx) for the application, which can enable Dylib hijacking and privilege escalation for guest accounts, other users, and applications. The vulnerability is local, with high impact t...
CVE-2025-1413 Dylib Hijacking in DaVinci Resolve
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
CVE-2025-1413 Dylib Hijacking in DaVinci Resolve
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
PT-2025-9078 · Blackmagic Design · Davinci Resolve
Name of the Vulnerable Software and Affected Versions: DaVinci Resolve versions prior to 19.1.3 Description: The issue is related to incorrect file permissions in DaVinci Resolve on MacOS, which can lead to Dylib Hijacking. This inconsistency with standard macOS security practices allows for...
Blackmagic Design DaVinci Resolve 安全漏洞
Blackmagic Design DaVinci Resolve is a software tool that combines editing, color correction, visual effects, motion graphics, and audio post-production in one package. A security vulnerability exists in Blackmagic Design DaVinci Resolve versions prior to 19.1.3, which stems from improperly set...
Blackmagic Design DaVinci Resolve Buffer Overflow Vulnerability
Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.Blackmagic Design DaVinci Resolve 17.3.1.0005 is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute...
Blackmagic Design DaVinci Resolve Code Execution Vulnerability
Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.A code execution vulnerability exists in Blackmagic Design DaVinci Resolve, which could be exploited by attackers to execute arbitrary code in...
Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the DaVinci Resolve video editing software that could allow an adversary to execute code in the context of the application. DaVinci Resolve is a... This is only...
Blackmagic Design DaVinci Resolve 输入验证错误漏洞
Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.Blackmagic Design DaVinci Resolve 17.3.1.0005 is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute...