Security Advisories

Ava-507: Preliminary vulnerability advisory
Release Date 28 July 2021. Overview Ava Security have found a vulnerability in the Ava Aware software and are resolving the issue. Further details relat...
Wed, 28 Jul, 2021 at 5:03 PM
Ava-504: Preliminary vulnerability advisory
Release Date 28 July 2021. Overview Ava Security have found a vulnerability in the Ava Camera software and are resolving the issue. Further details rela...
Wed, 28 Jul, 2021 at 5:02 PM
Ava-486: Preliminary vulnerability advisory
Release Date 15th July 2021. Overview Ava Security have found a vulnerability in the Ava Aware and Ava Cameras software and are resolving the issue. F...
Thu, 15 Jul, 2021 at 2:56 PM
Ava-464: UNAUTHENTICATED ACCESS TO CAMERA METRICS
Release Date 14th July 2021. Overview An API endpoint of the Ava Camera could be used to view some internal metrics of the camera without authentication....
Wed, 14 Jul, 2021 at 10:36 AM
Ava-420: Access to internal system components through API misuse
Release Date 12th July. Overview This is an extension of Ava-418 which contains various security patches to internal API, physical Access Control integra...
Mon, 12 Jul, 2021 at 2:25 PM
Ava-441: Maliciously crafted API request could deny service from Ava Aware
Release Date 18th June 2021. Overview Due to a vulnerability in the Go `archive/zip` package, an authenticated Aware user with the permission to Add/Edit...
Mon, 21 Jun, 2021 at 5:42 PM
Ava-432: Denial of Service through large HTTP server response headers
Release Date 21st June 2021 Overview If malicious HTTP server sends a response with very large headers, this can cause a stack overflow leading to a pani...
Mon, 21 Jun, 2021 at 3:54 PM
Ava-418: Access to internal cloud components using Aware webhooks
Release Date 25th May 2021. Overview An authenticated Ava Aware user with the relevant webhook edit permission would have been able to craft a malicious ...
Fri, 4 Jun, 2021 at 2:28 PM
Ava-412: Permissions not enforced for empty rules and counting areas in Aware
Release Date 26th May 2021. Overview An authenticated Ava Aware user could create and delete rules and counting areas without the appropriate permissions...
Fri, 4 Jun, 2021 at 2:27 PM
Ava-415: Aware guest users could view alarm information
Release Date 30th April 2021. Overview When viewing a guest video sharing link some alarm information was leaked via the timeline meta data API which gue...
Mon, 24 May, 2021 at 10:30 AM