Security Advisories

Ava-410: Aware user interface fails to update "Access control" permissions
Release Date 29th March 2021 Overview If users have the Access Control integration enabled, in the Users -> Roles dialog, there's a toggle called...
Tue, 30 Mar, 2021 at 9:27 AM
Ava-407: Aware not enforcing permissions on maps API
Release Date 18th March 2021. Overview Any logged in Ava Aware user could read and modify maps without having the appropriate site permissions. Affected...
Thu, 18 Mar, 2021 at 4:42 PM
AVA-402: Possible to create an Aware cloud deployment without authentication
Release Date 2nd March 2021. Overview A vulnerability in Ava Cloud made it possible for an unauthenticated attacker to create Ava Aware Cloud deployments...
Tue, 2 Mar, 2021 at 10:58 AM
Ava-401: Specially crafted media streams can lead to DoS of Ava Aware
Release Date 22nd February 2021. Overview Unsafe handling of RTP media streams can cause an out of memory crash loop in the RTP receiver and thus a DOS o...
Mon, 22 Feb, 2021 at 5:25 PM
Ava-390: Video products vulnerable to unauthenticated denial-of-service attacks
Release Date 4th February 2021. Overview An attacker could perform denial-of-service attacks to Ava Aware, Ava Cameras, and Ava Cloud using unauthenticat...
Thu, 4 Feb, 2021 at 4:11 PM
Ava-368: Permissions not enforced on certain Ava Aware APIs
Ava-368: Permissions not enforced on certain Ava Aware APIs Release Date 18th January 2021. Overview Permissions were not correctly enforced on ce...
Mon, 18 Jan, 2021 at 4:40 PM
Ava-349: Denial of service vulnerability in Ava Aware on premise and Ava cameras
Ava-349: Denial of service vulnerability in Ava Aware on premise and Ava cameras Release Date 18th December 2020. Overview A vulnerability in a third pa...
Mon, 21 Dec, 2020 at 3:05 PM
Ava-350: Ava Cloud user able to escalate their privileges on Ava Aware
Ava-350: Ava Cloud user able to escalate their privileges on Ava Aware Release Date 18th December 2020. Overview An Ava Aware user that enters dep...
Fri, 18 Dec, 2020 at 6:31 PM
Ava-337: Hashed cloud backup password retrievable using the Ava Aware API
Ava-337: Hashed cloud backup password retrievable using the Ava Aware API Release Date 18th December 2020. Overview An authenticated user can make...
Fri, 18 Dec, 2020 at 6:31 PM
Ava-345: Permissions not enforced for certain Ava Aware alarm APIs
Ava-345: Permissions not enforced for certain Ava Aware alarm APIs Release Date 10th December 2020. Overview An Ava Aware user without the appropr...
Tue, 15 Dec, 2020 at 2:09 PM