Security Advisories

AVA-295: users could potentially be granted more privileges than shown in the user interface
AVA-295: users could potentially be granted more privileges than shown in the user interface Release Date 27th July 2020. Overview A user with an ...
Wed, 9 Dec, 2020 at 10:59 AM
AVA-294: unauthorized access to certain vcore APIs
AVA-294: unauthorized access to certain vcore APIs Release Date 27th July 2020. Overview A logged in vcore user could perform certain administrato...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-298: unauthorized read of vcore webhooks API
Ava-298: unauthorized read of vcore webhooks API Release Date 17th August 2020. Overview A logged in vcore user could view the configured webhooks...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-299: Hash of API token published to subscribed users after creation
Ava-299: Hash of API token published to subscribed users after creation Release Date 17th August 2020. Overview A logged in vcore user could subsc...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-311: Authenticated attacker can change description of cloud backups owned by different Ava Appliance
Ava-311: Authenticated attacker can change description of cloud backups owned by different Ava Appliance Release Date 15th October 2020. Overview ...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-317: Video encryption key logged during video export
Ava-317: Video encryption key logged during video export Release Date 11th November 2020. Overview The video encryption key was logged when export...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-320: Permissions were not enforced for Ava Aware Counts rules
Ava-320: Permissions were not enforced for Ava Aware Counts rules Release Date 18th November 2020. Overview Any authenticated Ava Aware user could...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-318, Ava-319: Download of camera credentials without the appropriate permissions
Ava-318, Ava-319: Download of camera credentials without the appropriate permissions Release Date 11th November 2020 Overview An authenticated Ava...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-322: Specially crafted x.509 certificates can lead to DoS of all Ava Video products
Ava-322: Specially crafted x.509 certificates can lead to DoS of all Ava Video products Release Date 18th November 2020. Overview A vulnerability in...
Wed, 9 Dec, 2020 at 10:59 AM
Ava-327: Insufficient authorization of timeline requests by Ava Aware guest users
Ava-327: Insufficient authorization of timeline requests by Ava Aware guest users Release Date 2nd December 2020. Overview Users that accessed Ava...
Wed, 9 Dec, 2020 at 10:59 AM