Pokerfacett

**Name of the Vulnerable Software and Affected Versions** Sina Weibo Android SDK version 4.2.7 **Description** An intent redirection issue was discovered in the Sina Weibo Android SDK, specifically in the `com.sina.weibo.sdk.share.WbShareTransActivity` component. This issue allows any unexported Activities to be started by the `com.sina.weibo.sdk.share.WbShareTransActivity`. **Recommendations** For Sina Weibo Android SDK version 4.2.7, consider restricting access to the `com.sina.weibo.sdk.share.WbShareTransActivity` to prevent unauthorized starts of unexported Activities until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Platinum UPnP SDK version 1.2.0 **Description** The issue allows Directory Traversal due to incorrect checking for `/..` instead of `../` in the `Core/PltHttpServer.cpp` file. **Recommendations** For Platinum UPnP SDK version 1.2.0, consider modifying the `Core/PltHttpServer.cpp` file to correctly check for `../` instead of `/..` to prevent Directory Traversal.

**Name of the Vulnerable Software and Affected Versions** ldns version 1.7.1 **Description** The issue is related to the function `ldns nsec3 salt data` in the ldns library, which is too trusting of the length value obtained from a zone file. This can lead to a heap overflow and information leakage when `memcpy` is used to copy `0xfe - ldns rdf size(salt rdf)` byte data. The vulnerability can be exploited by a remote attacker to gain access to confidential data. **Recommendations** For ldns version 1.7.1, consider disabling the `ldns nsec3 salt data` function until a patch is available to prevent potential heap overflow and information leakage. Restrict access to sensitive zone files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ldns version 1.7.1 **Description** The issue is related to a heap out of bounds read in the `ldns rr new frm str internal` function when verifying a zone file. This allows an attacker to leak information on the heap by constructing a zone file payload, potentially giving access to confidential data. **Recommendations** For ldns version 1.7.1, as a temporary workaround, consider restricting the use of the `ldns rr new frm str internal` function until a patch is available. Avoid using this function with untrusted zone files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Platinum Upnp SDK versions prior to 1.2.1 **Description** The issue allows for a directory traversal attack, which could be exploited by sending a malicious URL, such as "http://ip:port/../privacy.avi", to compromise a victim's privacy. This could potentially allow an attacker to access sensitive information. **Recommendations** For Platinum Upnp SDK versions prior to 1.2.1, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using URLs that contain ../ to prevent directory traversal attacks.