Vulnerabilities > Openmicroscopy

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-41132 Cross-site Scripting vulnerability in Openmicroscopy Omero-Figure and Omero-Web
OMERO.web provides a web based client and plugin infrastructure.
network
low complexity
openmicroscopy CWE-79
6.1
2021-03-23 CVE-2021-21377 Open Redirect vulnerability in Openmicroscopy Omero.Web 5.6.3
OMERO.web is open source Django-based software for managing microscopy imaging.
network
low complexity
openmicroscopy CWE-601
5.4
2021-03-23 CVE-2021-21376 Information Exposure vulnerability in Openmicroscopy Omero.Web 5.6.3
OMERO.web is open source Django-based software for managing microscopy imaging.
network
low complexity
openmicroscopy CWE-200
6.5
2020-07-22 CVE-2019-16244 Unspecified vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query.
network
low complexity
openmicroscopy
critical
9.8
2020-06-17 CVE-2020-7932 Information Exposure vulnerability in Openmicroscopy Omero.Web
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters.
network
low complexity
openmicroscopy CWE-200
5.7
2020-06-17 CVE-2020-6752 Incorrect Authorization vulnerability in Openmicroscopy Omero
In OMERO before 5.6.1, group owners can access members' data in other groups.
network
low complexity
openmicroscopy CWE-863
3.8
2020-06-17 CVE-2019-9944 Unspecified vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0
In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions.
network
low complexity
openmicroscopy
7.5
2020-06-17 CVE-2019-9943 Incorrect Default Permissions vulnerability in Openmicroscopy Omero.Server 5.6.0
In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.
network
low complexity
openmicroscopy CWE-276
7.5
2020-06-17 CVE-2019-16245 Unspecified vulnerability in Openmicroscopy Omero
OMERO before 5.6.1 makes the details of each user available to all users.
network
low complexity
openmicroscopy
5.3
2019-04-01 CVE-2014-7198 Cross-Site Request Forgery (CSRF) vulnerability in Openmicroscopy Omero
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.
network
low complexity
openmicroscopy CWE-352
8.8