Security Advisories

Ava-349: Denial of service vulnerability in Ava Aware on premise and Ava cameras
Ava-349: Denial of service vulnerability in Ava Aware on premise and Ava cameras Release Date 18th December 2020. Overview A vulnerability in a third pa...
Mon, 21 Dec, 2020 at 3:05 PM
Ava-350: Ava Cloud user able to escalate their privileges on Ava Aware
Ava-350: Ava Cloud user able to escalate their privileges on Ava Aware Release Date 18th December 2020. Overview An Ava Aware user that enters dep...
Fri, 18 Dec, 2020 at 6:31 PM
Ava-337: Hashed cloud backup password retrievable using the Ava Aware API
Ava-337: Hashed cloud backup password retrievable using the Ava Aware API Release Date 18th December 2020. Overview An authenticated user can make...
Fri, 18 Dec, 2020 at 6:31 PM
Ava-345: Permissions not enforced for certain Ava Aware alarm APIs
Ava-345: Permissions not enforced for certain Ava Aware alarm APIs Release Date 10th December 2020. Overview An Ava Aware user without the appropr...
Tue, 15 Dec, 2020 at 2:09 PM
Ava-341: API missing cache control headers could lead to caching of sensitive information
Ava-341: API missing cache control headers could lead to caching of sensitive information Release Date 10th December 2020. Overview The APIs of Av...
Tue, 15 Dec, 2020 at 2:09 PM
Ava-216: Ava Aware used TLS 1.0 in connection to LDAP server
Ava-216: Ava Aware used TLS 1.0 in connection to LDAP server Release Date 5th November 2020. Overview Ava Aware used TLS 1.0 in connections to LDA...
Wed, 9 Dec, 2020 at 11:00 AM
VAION-254: Camera credentials accessible via debug API
VAION-254: Camera credentials accessible via debug API Release Date 14th February 2020. Overview Passwords used by vcore to authenticate with came...
Wed, 9 Dec, 2020 at 11:00 AM
VAION-257: vcore SSH server vulnerable to denial-of-service attack
VAION-257: vcore SSH server vulnerable to denial-of-service attack Release Date 27th February 2020. Overview A vulnerability in the golang.org/x/c...
Wed, 9 Dec, 2020 at 11:00 AM
VAION-260: vcore gateway certificates revoked
VAION-260: vcore gateway certificates revoked Release Date 4th March 2020. Overview A bug in Let�s Encrypt�s validation of domain ownership meant ...
Wed, 9 Dec, 2020 at 11:00 AM
VAION-262: plaintext password in audit log when user changes their password
VAION-262: plaintext password in audit log when user changes their password Release Date 11th March 2020. Overview When a manually added user chan...
Wed, 9 Dec, 2020 at 11:00 AM