Security Advisories

AVA-290: vcore and vcloud vulnerable to denial-of-service attack
AVA-290: vcore and vcloud vulnerable to denial-of-service attack Release Date 22nd July 2020. Overview An attacker could cause a restart of the vc...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-293: unauthorized download of **v**core camera credentials
AVA-293: unauthorized download of **v**core camera credentials Release Date 27th July 2020. Overview A logged in vcore user could download the con...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-295: users could potentially be granted more privileges than shown in the user interface
AVA-295: users could potentially be granted more privileges than shown in the user interface Release Date 27th July 2020. Overview A user with an ...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-294: unauthorized access to certain vcore APIs
AVA-294: unauthorized access to certain vcore APIs Release Date 27th July 2020. Overview A logged in vcore user could perform certain administrato...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-298: unauthorized read of vcore webhooks API
Ava-298: unauthorized read of vcore webhooks API Release Date 17th August 2020. Overview A logged in vcore user could view the configured webhooks...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-299: Hash of API token published to subscribed users after creation
Ava-299: Hash of API token published to subscribed users after creation Release Date 17th August 2020. Overview A logged in vcore user could subsc...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-311: Authenticated attacker can change description of cloud backups owned by different Ava Appliance
Ava-311: Authenticated attacker can change description of cloud backups owned by different Ava Appliance Release Date 15th October 2020. Overview ...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-317: Video encryption key logged during video export
Ava-317: Video encryption key logged during video export Release Date 11th November 2020. Overview The video encryption key was logged when export...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-320: Permissions were not enforced for Ava Aware Counts rules
Ava-320: Permissions were not enforced for Ava Aware Counts rules Release Date 18th November 2020. Overview Any authenticated Ava Aware user could...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-318, Ava-319: Download of camera credentials without the appropriate permissions
Ava-318, Ava-319: Download of camera credentials without the appropriate permissions Release Date 11th November 2020 Overview An authenticated Ava...
Wed, 9 Dec, 2020 at 10:59 AM