Vulnerabilities > 1Password

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-42218 Unspecified vulnerability in 1Password
1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.
local
high complexity
1password
4.7
2024-08-06 CVE-2024-42219 Unspecified vulnerability in 1Password
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.
local
low complexity
1password
7.8
2022-06-15 CVE-2022-32550 Unspecified vulnerability in 1Password products
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service.
network
high complexity
1password
4.8
2022-05-09 CVE-2022-29868 Cleartext Storage of Sensitive Information vulnerability in 1Password
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass.
local
low complexity
1password CWE-312
5.5
2021-09-29 CVE-2021-41795 Unspecified vulnerability in 1Password
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass.
network
low complexity
1password
6.5
2021-07-26 CVE-2020-18173 Uncontrolled Search Path Element vulnerability in 1Password 7.3.712
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.
local
low complexity
1password CWE-427
7.8
2021-07-16 CVE-2021-36758 Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation.
network
low complexity
1password CWE-863
5.4
2021-02-08 CVE-2021-26905 Improper Authentication vulnerability in 1Password Scim Bridge
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.
network
low complexity
1password CWE-287
6.5
2020-10-27 CVE-2020-10256 Unspecified vulnerability in 1Password Command Line Interface and Scim
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3.
network
low complexity
1password
critical
9.8
2020-01-09 CVE-2014-3753 Information Exposure vulnerability in 1Password
AgileBits 1Password through 1.0.9.340 allows security feature bypass
local
low complexity
1password CWE-200
5.5