Security Advisories

Ava-441: Preliminary vulnerablity advisory
Release Date 09 June 2021 Overview A vulnerability has been resolved in the Ava Aware Software. Further details relating to this vulnerability, includin...
Wed, 9 Jun, 2021 at 6:02 PM
Ava-418: Access to internal cloud components using Aware webhooks
Release Date 25th May 2021. Overview An authenticated Ava Aware user with the relevant webhook edit permission would have been able to craft a malicious ...
Fri, 4 Jun, 2021 at 2:28 PM
Ava-412: Permissions not enforced for empty rules and counting areas in Aware
Release Date 26th May 2021. Overview An authenticated Ava Aware user could create and delete rules and counting areas without the appropriate permissions...
Fri, 4 Jun, 2021 at 2:27 PM
Ava-415: Aware guest users could view alarm information
Release Date 30th April 2021. Overview When viewing a guest video sharing link some alarm information was leaked via the timeline meta data API which gue...
Mon, 24 May, 2021 at 10:30 AM
Ava-414: Preliminary vulnerability advisory
Release Date 29th March 2021. Overview A vulnerability has been resolved in the Ava Cameras software.  Further details relating to this vulnerabil...
Thu, 22 Apr, 2021 at 12:03 PM
Ava-416: Escalation of privileges using Aware webhooks
Release Date 14th April 2021. Overview An authenticated Ava Aware user with the permission to edit webhooks would have been able to craft a webhook to by...
Thu, 15 Apr, 2021 at 4:40 PM
Ava-410: Aware user interface fails to update "Access control" permissions
Release Date 29th March 2021 Overview If users have the Access Control integration enabled, in the Users -> Roles dialog, there's a toggle called...
Tue, 30 Mar, 2021 at 9:27 AM
Ava-407: Aware not enforcing permissions on maps API
Release Date 18th March 2021. Overview Any logged in Ava Aware user could read and modify maps without having the appropriate site permissions. Affected...
Thu, 18 Mar, 2021 at 4:42 PM
AVA-402: Possible to create an Aware cloud deployment without authentication
Release Date 2nd March 2021. Overview A vulnerability in Ava Cloud made it possible for an unauthenticated attacker to create Ava Aware Cloud deployments...
Tue, 2 Mar, 2021 at 10:58 AM
Ava-401: Specially crafted media streams can lead to DoS of Ava Aware
Release Date 22nd February 2021. Overview Unsafe handling of RTP media streams can cause an out of memory crash loop in the RTP receiver and thus a DOS o...
Mon, 22 Feb, 2021 at 5:25 PM