Skip to main content

1Password

8 CVEs product

Monthly

CVE-2024-42219 HIGH This Week

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Hashicorp Information Disclosure 1Password
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42218 MEDIUM This Month

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Apple Hashicorp 1Password
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-32550 MEDIUM This Month

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure 1Password 1Password In The Browser Command Line Command Line Interface +2
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-29868 MEDIUM This Month

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp 1Password
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41795 MEDIUM This Month

The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Hashicorp Authentication Bypass 1Password
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-19863 MEDIUM This Month

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple 1Password
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-13042 MEDIUM POC This Month

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Denial Of Service 1Password
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
7.9%
CVE-2012-6369 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS 1Password
NVD
CVSS 2.0
4.3
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Hashicorp Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Apple Hashicorp +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure 1Password 1Password In The Browser +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp 1Password
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Hashicorp Authentication Bypass +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple 1Password
NVD
EPSS 8% CVSS 5.9
MEDIUM POC This Month

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Denial Of Service 1Password
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS 1Password
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy