Vulnerabilities > 1Password > Medium
|2022-06-15||CVE-2022-32550|| Unspecified vulnerability in 1Password products |
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service.
| 5.8 |
|2021-09-29||CVE-2021-41795|| Incorrect Authorization vulnerability in 1Password 7.7.0 |
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass.
| 4.3 |
|2021-07-26||CVE-2020-18173|| Uncontrolled Search Path Element vulnerability in 1Password 7.3.712 |
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.
| 4.4 |
|2021-07-16||CVE-2021-36758|| Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1 |
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation.
| 5.5 |
|2021-02-08||CVE-2021-26905|| Insufficiently Protected Credentials vulnerability in 1Password Scim Bridge |
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.
| 4.0 |
|2020-10-27||CVE-2020-10256|| Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in 1Password Command-Line and Scim |
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3.
| 5.0 |
|2020-01-09||CVE-2014-3753|| Information Exposure vulnerability in 1Password |
AgileBits 1Password through 126.96.36.1990 allows security feature bypass
| 4.3 |
|2018-10-05||CVE-2018-13042|| Improper Input Validation vulnerability in 1Password 6.8 |
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability.
| 4.3 |
|2012-12-28||CVE-2012-6369|| Cross-Site Scripting vulnerability in 1Password 3.9.9 |
Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action.
| 4.3 |