cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0460,https://securityvulnerability.io/vulnerability/CVE-2023-0460,Remote code execution in YouTube Android Player API SDK,"The YouTube Embedded SDK version 1.2 is prone to a code execution vulnerability due to improper handling of service bindings. This flaw allows attackers to replace the intended service with a malicious app, enabling arbitrary code execution when the SDK is invoked. An attacker can exploit this by masquerading as the YouTube app and distributing both the malicious app and the SDK to unsuspecting users outside of the Play Store. This vulnerability highlights critical risks associated with service binding and remote code execution in mobile applications.",Google,YouTube Android Player API SDK,7.3,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-03-01T17:15:00.000Z,0
CVE-2011-1001,https://securityvulnerability.io/vulnerability/CVE-2011-1001,,"dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.",Google,Android Sdk,,,0.0027799999807029963,false,false,false,false,,false,false,2011-07-08T17:00:00.000Z,0
CVE-2008-0985,https://securityvulnerability.io/vulnerability/CVE-2008-0985,,Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.,Google,Android Sdk,,,0.547760009765625,false,false,false,false,,false,false,2008-03-06T00:00:00.000Z,0
CVE-2008-0986,https://securityvulnerability.io/vulnerability/CVE-2008-0986,,"Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.",Google,Android Sdk,,,0.15425999462604523,false,false,false,false,,false,false,2008-03-06T00:00:00.000Z,0