Vulnerabilities > 1Password > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-42218 | Unspecified vulnerability in 1Password 1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. | 4.7 |
| 2022-06-15 | CVE-2022-32550 | Unspecified vulnerability in 1Password products An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. | 4.8 |
| 2021-09-29 | CVE-2021-41795 | Unspecified vulnerability in 1Password 7.7.0 The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. network 1password | 4.3 |
| 2021-07-26 | CVE-2020-18173 | Uncontrolled Search Path Element vulnerability in 1Password 7.3.712 A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | 4.4 |
| 2021-07-16 | CVE-2021-36758 | Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. | 5.5 |
| 2021-02-08 | CVE-2021-26905 | Improper Authentication vulnerability in 1Password Scim Bridge 1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. | 4.0 |
| 2020-01-09 | CVE-2014-3753 | Information Exposure vulnerability in 1Password AgileBits 1Password through 1.0.9.340 allows security feature bypass | 4.3 |
| 2018-10-05 | CVE-2018-13042 | Improper Input Validation vulnerability in 1Password 6.8 The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. | 4.3 |
| 2012-12-28 | CVE-2012-6369 | Cross-Site Scripting vulnerability in 1Password 3.9.9 Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action. | 4.3 |