Vulnerabilities > Openmicroscopy

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-41132 Cross-site Scripting vulnerability in Openmicroscopy Omero-Figure and Omero-Web
OMERO.web provides a web based client and plugin infrastructure.
4.3
2021-03-23 CVE-2021-21377 Open Redirect vulnerability in Openmicroscopy Omero.Web 5.6.3
OMERO.web is open source Django-based software for managing microscopy imaging.
4.9
2021-03-23 CVE-2021-21376 Information Exposure vulnerability in Openmicroscopy Omero.Web 5.6.3
OMERO.web is open source Django-based software for managing microscopy imaging.
network
low complexity
openmicroscopy CWE-200
5.0
2020-07-22 CVE-2019-16244 Incorrect Authorization vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query.
network
low complexity
openmicroscopy CWE-863
7.5
2020-06-17 CVE-2020-7932 Information Exposure vulnerability in Openmicroscopy Omero.Web
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters.
3.5
2020-06-17 CVE-2020-6752 Information Exposure vulnerability in Openmicroscopy Omero
In OMERO before 5.6.1, group owners can access members' data in other groups.
network
low complexity
openmicroscopy CWE-200
5.5
2020-06-17 CVE-2019-9944 Information Exposure vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0
In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions.
network
low complexity
openmicroscopy CWE-200
5.0
2020-06-17 CVE-2019-9943 Incorrect Default Permissions vulnerability in Openmicroscopy Omero.Server 5.6.0
In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.
5.0
2020-06-17 CVE-2019-16245 Information Exposure vulnerability in Openmicroscopy Omero
OMERO before 5.6.1 makes the details of each user available to all users.
network
low complexity
openmicroscopy CWE-200
5.0
2019-04-01 CVE-2014-7198 Cross-Site Request Forgery (CSRF) vulnerability in Openmicroscopy Omero
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.
6.8