Security Advisories

AVA-272: vcam credentials logged when RTSP request fails
AVA-272: vcam credentials logged when RTSP request fails Release Date 22nd July 2020. Overview When an RTSP request made to vcam fails, the reques...
Wed, 9 Dec, 2020 at 11:00 AM
AVA-286: device source named __proto__ locks up the device details page
AVA-286: device source named __proto__ locks up the device details page Release Date 25th June 2020. Overview If a device advertises itself as hav...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-283: vcore database container image containing third party software with vulnerabilities
AVA-283: vcore database container image containing third party software with vulnerabilities Release Date 22nd July 2020. Overview The vcore datab...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-290: vcore and vcloud vulnerable to denial-of-service attack
AVA-290: vcore and vcloud vulnerable to denial-of-service attack Release Date 22nd July 2020. Overview An attacker could cause a restart of the vc...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-293: unauthorized download of **v**core camera credentials
AVA-293: unauthorized download of **v**core camera credentials Release Date 27th July 2020. Overview A logged in vcore user could download the con...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-295: users could potentially be granted more privileges than shown in the user interface
AVA-295: users could potentially be granted more privileges than shown in the user interface Release Date 27th July 2020. Overview A user with an ...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-294: unauthorized access to certain vcore APIs
AVA-294: unauthorized access to certain vcore APIs Release Date 27th July 2020. Overview A logged in vcore user could perform certain administrato...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-298: unauthorized read of vcore webhooks API
Ava-298: unauthorized read of vcore webhooks API Release Date 17th August 2020. Overview A logged in vcore user could view the configured webhooks...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-299: Hash of API token published to subscribed users after creation
Ava-299: Hash of API token published to subscribed users after creation Release Date 17th August 2020. Overview A logged in vcore user could subsc...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-311: Authenticated attacker can change description of cloud backups owned by different Ava Appliance
Ava-311: Authenticated attacker can change description of cloud backups owned by different Ava Appliance Release Date 15th October 2020. Overview ...
Wed, 9 Dec, 2020 at 10:59 AM