Security Advisories

Ava-418: Preliminary vulnerablity advisory
Release Date 22nd April 2021. Overview A vulnerability has been resolved in the Ava Aware and Ava Cameras software. Further details relating to t...
Thu, 22 Apr, 2021 at 6:12 PM
Ava-414: Preliminary vulnerability advisory
Release Date 29th March 2021. Overview A vulnerability has been resolved in the Ava Cameras software.  Further details relating to this vulnerabil...
Thu, 22 Apr, 2021 at 12:03 PM
Ava-416: Escalation of privileges using Aware webhooks
Release Date 14th April 2021. Overview An authenticated Ava Aware user with the permission to edit webhooks would have been able to craft a webhook to by...
Thu, 15 Apr, 2021 at 4:40 PM
Ava-410: Aware user interface fails to update "Access control" permissions
Release Date 29th March 2021 Overview If users have the Access Control integration enabled, in the Users -> Roles dialog, there's a toggle called...
Tue, 30 Mar, 2021 at 9:27 AM
Ava-407: Aware not enforcing permissions on maps API
Release Date 18th March 2021. Overview Any logged in Ava Aware user could read and modify maps without having the appropriate site permissions. Affected...
Thu, 18 Mar, 2021 at 4:42 PM
AVA-402: Possible to create an Aware cloud deployment without authentication
Release Date 2nd March 2021. Overview A vulnerability in Ava Cloud made it possible for an unauthenticated attacker to create Ava Aware Cloud deployments...
Tue, 2 Mar, 2021 at 10:58 AM
Ava-401: Specially crafted media streams can lead to DoS of Ava Aware
Release Date 22nd February 2021. Overview Unsafe handling of RTP media streams can cause an out of memory crash loop in the RTP receiver and thus a DOS o...
Mon, 22 Feb, 2021 at 5:25 PM
Ava-390: Video products vulnerable to unauthenticated denial-of-service attacks
Release Date 4th February 2021. Overview An attacker could perform denial-of-service attacks to Ava Aware, Ava Cameras, and Ava Cloud using unauthenticat...
Thu, 4 Feb, 2021 at 4:11 PM
Ava-368: Permissions not enforced on certain Ava Aware APIs
Ava-368: Permissions not enforced on certain Ava Aware APIs Release Date 18th January 2021. Overview Permissions were not correctly enforced on ce...
Mon, 18 Jan, 2021 at 4:40 PM
Ava-349: Denial of service vulnerability in Ava Aware on premise and Ava cameras
Ava-349: Denial of service vulnerability in Ava Aware on premise and Ava cameras Release Date 18th December 2020. Overview A vulnerability in a third pa...
Mon, 21 Dec, 2020 at 3:05 PM