Security Advisories
VAION-254: Camera credentials accessible via debug API
Release Date
14th February 2020.
Overview
Passwords used by vcore to authenticate with came...
Wed, 9 Dec, 2020 at 11:00 AM
VAION-257: vcore SSH server vulnerable to denial-of-service attack
Release Date
27th February 2020.
Overview
A vulnerability in the golang.org/x/c...
Wed, 9 Dec, 2020 at 11:00 AM
VAION-260: vcore gateway certificates revoked
Release Date
4th March 2020.
Overview
A bug in Let�s Encrypt�s validation of domain ownership meant ...
Wed, 9 Dec, 2020 at 11:00 AM
VAION-262: plaintext password in audit log when user changes their password
Release Date
11th March 2020.
Overview
When a manually added user chan...
Wed, 9 Dec, 2020 at 11:00 AM
AVA-269: vcam USB debug console not disabled
Release Date
4th June 2020
Overview
The vcam USB-C interface used for initial configuration has a deb...
Wed, 9 Dec, 2020 at 11:00 AM
AVA-272: vcam credentials logged when RTSP request fails
Release Date
22nd July 2020.
Overview
When an RTSP request made to vcam fails, the reques...
Wed, 9 Dec, 2020 at 11:00 AM
AVA-286: device source named __proto__ locks up the device details page
Release Date
25th June 2020.
Overview
If a device advertises itself as hav...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-283: vcore database container image containing third party software with vulnerabilities
Release Date
22nd July 2020.
Overview
The vcore datab...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-290: vcore and vcloud vulnerable to denial-of-service attack
Release Date
22nd July 2020.
Overview
An attacker could cause a restart of the vc...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-293: unauthorized download of **v**core camera credentials
Release Date
27th July 2020.
Overview
A logged in vcore user could download the con...
Wed, 9 Dec, 2020 at 10:59 AM