166 matches found
CVE-2025-38635 clk: davinci: Add NULL check in davinci_lpsc_clk_register()
In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davincilpscclkregister devmkasprintf returns NULL when memory allocation fails. Currently, davincilpscclkregister does not check for this case, which results in a NULL pointer dereference. Add NULL...
CVE-2025-38635
In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davincilpscclkregister devmkasprintf returns NULL when memory allocation fails. Currently, davincilpscclkregister does not check for this case, which results in a NULL pointer dereference. Add NULL...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from davincilpscclkregister not checking the devmkasprintf return value, which could result in a null pointer...
MAL-2025-22476 Malicious code in hl7.fhir.us.davinci-hrex (npm)
The package hl7.fhir.us.davinci-hrex was found to contain malicious code...
Malicious code in @toptal/davinci-graphql-codegen-extensions (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @toptal/davinci-cloudflare-requests-handler (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @toptal/davinci-monorepo (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-4081
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081 TCC Bypass via Dylib Substitution in DaVinci Resolve
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081 TCC Bypass via Dylib Substitution in DaVinci Resolve
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...
CVE-2025-4081
The CVE-2025-4081 entry concerns a TCC bypass in DaVinci Resolve for macOS caused by using the entitlement com.apple.security.cs.disable-library-validation and missing launch/library-load constraints, enabling local unprivileged attackers to substitute a legitimate dylib with a malicious one. The...
Blackmagic Design DaVinci Resolve 安全漏洞
Blackmagic Design DaVinci Resolve is a software tool that combines editing, color correction, visual effects, motion graphics, and audio post-production in one package. A security vulnerability exists in Blackmagic Design DaVinci Resolve, which stems from insufficient dynamic library loading...
PT-2025-23167 · Blackmagic Design · Davinci Resolve
Name of the Vulnerable Software and Affected Versions: DaVinci Resolve versions prior to the fixed version Description: The issue is related to the use of entitlement "com.apple.security.cs.disable-library-validation" and the lack of launch and library load constraints, allowing a local attacker...
CVE-2023-31848
davinci 0.3.0-rc is vulnerable to Server-side request forgery SSRF...
CVE-2023-24206
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function...
Vulnerability of the vpif_probe() function in the drivers/media/platform/davinci/vpif.c module – A driver for kernel-based multimedia devices in the Linux operating system, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerability of the vpifprobe function in the drivers/media/platform/davinci/vpif.c module – The Linux kernel’s multimedia device support driver is vulnerable due to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...
CVE-2025-1413
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
CVE-2025-1413
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
CVE-2025-1413 Dylib Hijacking in DaVinci Resolve
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...