15 matches found
CVE-2024-42218
1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms...
CVE-2022-29868
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used f...
AgileBits 1Password IPC Protection Bypass (CVE-2024-42219) (macOS)
The version of AgileBits 1Password installed on the remote macOS or Mac OS X host is prior to 8.10.36. It is, therefore, affected by an inter-process communication bypass vulnerability that allows local attackers to exfiltrate vault items. Note that Nessus has not tested for this issue but has...
CVE-2024-42219
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...
CVE-2024-42218
1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms...
PT-2024-29793 · Agilebits · 1Password 8
Name of the Vulnerable Software and Affected Versions: 1Password 8 versions prior to 8.10.38 for macOS Description: The issue allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Recommendations: For 1Password 8 versions prior to 8.10.38, update to...
CVE-2024-42219
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...
PT-2024-29794 · Agilebits · 1Password
Name of the Vulnerable Software and Affected Versions: 1Password versions prior to 8.10.36 for macOS Description: The issue allows local attackers to exfiltrate vault items due to insufficient XPC inter-process communication validation. Recommendations: For versions prior to 8.10.36, update to...
CVE-2024-42219
1Password for macOS (AgileBits) is affected: versions prior to 8.10.36 are vulnerable to an inter-process communication bypass due to insufficient XPC IPC validation, enabling local attackers to exfiltrate vault items. Remediation: update to 8.10.36 or later. Affected product/version details and ...
AgileBits 1Password For Mac 安全漏洞
AgileBits 1Password For Mac is a password management software from AgileBits Canada. It is used to store a variety of different passwords. A security vulnerability exists in AgileBits 1Password For Mac versions prior to 8.10.38, which stems from a vulnerability that allows a local attacker to...
CVE-2022-29868
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used f...
CVE-2022-29868
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used f...
CVE-2021-41795
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on...
CVE-2021-41795
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on...
Red Hat Wildfly 访问控制错误漏洞
Red Hat Wildfly is a lightweight JavaEE-based open source application server from Red Hat USA. An access control error vulnerability exists in WildFly Core that stems from improperly restricting access to Vault expressions. If a Vault expression takes the form of a single attribute containing...