Vulnerabilities > Openmicroscopy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2021-41132 | Cross-site Scripting vulnerability in Openmicroscopy Omero-Figure and Omero-Web OMERO.web provides a web based client and plugin infrastructure. | 4.3 |
| 2021-03-23 | CVE-2021-21377 | Open Redirect vulnerability in Openmicroscopy Omero.Web 5.6.3 OMERO.web is open source Django-based software for managing microscopy imaging. | 4.9 |
| 2021-03-23 | CVE-2021-21376 | Information Exposure vulnerability in Openmicroscopy Omero.Web 5.6.3 OMERO.web is open source Django-based software for managing microscopy imaging. | 5.0 |
| 2020-07-22 | CVE-2019-16244 | Incorrect Authorization vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0 OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query. | 7.5 |
| 2020-06-17 | CVE-2020-7932 | Information Exposure vulnerability in Openmicroscopy Omero.Web OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. | 3.5 |
| 2020-06-17 | CVE-2020-6752 | Information Exposure vulnerability in Openmicroscopy Omero In OMERO before 5.6.1, group owners can access members' data in other groups. | 5.5 |
| 2020-06-17 | CVE-2019-9944 | Information Exposure vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0 In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. | 5.0 |
| 2020-06-17 | CVE-2019-9943 | Incorrect Default Permissions vulnerability in Openmicroscopy Omero.Server 5.6.0 In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled. | 5.0 |
| 2020-06-17 | CVE-2019-16245 | Information Exposure vulnerability in Openmicroscopy Omero OMERO before 5.6.1 makes the details of each user available to all users. | 5.0 |
| 2019-04-01 | CVE-2014-7198 | Cross-Site Request Forgery (CSRF) vulnerability in Openmicroscopy Omero OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. | 6.8 |