CVE-2025-48945 - Apache c-ares Use-After-Free DNS Channel Crash

CVE ID : CVE-2025-48945

Published : June 20, 2025, 8:15 p.m. | 2 hours, 15 minutes ago

Description : pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-22157 – Atlassian Jira Privilege Escalation Vulnerability

May 20, 2025

CVE ID : CVE-2025-22157

Published : May 20, 2025, 6:15 p.m. | 34 minutes ago

Description : This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions:

9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server

5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server

This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user.

Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20

Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20

Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5

Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5

Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0

Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0

Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1

Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1

See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center.

This vulnerability was reported via our Atlassian (Internal) program.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2025-48945 – Apache c-ares Use-After-Free DNS Channel Crash

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

CVE-2025-20154 – Cisco TWAMP Server Out-of-Bounds Array Access Denial of Service Vulnerability

Microsoft’s AI CEO says Copilot will evolve into a “real friend” with a permanent identity — an ideal utopia of digital patina

HardenedBSD is a fork of FreeBSD

I’m shocked Microsoft’s Xbox Graphics department used this embarrassing AI-generated ad — “The irony that the head of Xbox Graphics using a Al image and didn’t see the screen was backward.”

CVE-2025-22157 – Atlassian Jira Privilege Escalation Vulnerability

How to Deploy Flask Applications on Vultr

Windows SMB Client Zero-Day Vulnerability Exploited Using Reflective Kerberos Relay Attack

Microsoft 365 teases new 3D Office icons for Windows 11, revamp to reflect AI

CVE-2025-48945 – Apache c-ares Use-After-Free DNS Channel Crash

Related Posts