VAION-254: Camera credentials accessible via debug API Release Date 14th February 2020. Overview Passwords used by vcore to authenticate with came...

VAION-257: vcore SSH server vulnerable to denial-of-service attack Release Date 27th February 2020. Overview A vulnerability in the golang.org/x/c...

VAION-260: vcore gateway certificates revoked Release Date 4th March 2020. Overview A bug in Let�s Encrypt�s validation of domain ownership meant ...

VAION-262: plaintext password in audit log when user changes their password Release Date 11th March 2020. Overview When a manually added user chan...

AVA-269: vcam USB debug console not disabled Release Date 4th June 2020 Overview The vcam USB-C interface used for initial configuration has a deb...

AVA-272: vcam credentials logged when RTSP request fails Release Date 22nd July 2020. Overview When an RTSP request made to vcam fails, the reques...

AVA-286: device source named __proto__ locks up the device details page Release Date 25th June 2020. Overview If a device advertises itself as hav...

AVA-283: vcore database container image containing third party software with vulnerabilities Release Date 22nd July 2020. Overview The vcore datab...

AVA-290: vcore and vcloud vulnerable to denial-of-service attack Release Date 22nd July 2020. Overview An attacker could cause a restart of the vc...

AVA-293: unauthorized download of **v**core camera credentials Release Date 27th July 2020. Overview A logged in vcore user could download the con...