Vulnerabilities > 1Password

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-32550 Unspecified vulnerability in 1Password products
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service.
network
1password
5.8
2022-05-09 CVE-2022-29868 Cleartext Storage of Sensitive Information vulnerability in 1Password
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass.
local
low complexity
1password CWE-312
2.1
2021-09-29 CVE-2021-41795 Incorrect Authorization vulnerability in 1Password 7.7.0
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass.
network
1password CWE-863
4.3
2021-07-26 CVE-2020-18173 Uncontrolled Search Path Element vulnerability in 1Password 7.3.712
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.
4.4
2021-07-16 CVE-2021-36758 Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation.
network
low complexity
1password CWE-863
5.5
2021-02-08 CVE-2021-26905 Insufficiently Protected Credentials vulnerability in 1Password Scim Bridge
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.
network
low complexity
1password CWE-522
4.0
2020-10-27 CVE-2020-10256 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in 1Password Command-Line and Scim
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3.
network
low complexity
1password CWE-335
5.0
2020-01-09 CVE-2014-3753 Information Exposure vulnerability in 1Password
AgileBits 1Password through 1.0.9.340 allows security feature bypass
network
1password CWE-200
4.3
2018-10-05 CVE-2018-13042 Improper Input Validation vulnerability in 1Password 6.8
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability.
network
1password CWE-20
4.3
2012-12-28 CVE-2012-6369 Cross-Site Scripting vulnerability in 1Password 3.9.9
Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action.
network
1password CWE-79
4.3