Security Advisories

Ava-614: Encrypted footage cloud backup data encryption key appearing in audit logs
Release Date 2nd March 2022. Overview In some circumstances a encrypted version of the footage cloud backup data encryption key can be logged to the inte...
Mon, 14 Mar, 2022 at 5:46 PM
Ava-460: Serial number could be leaked in man-in-the-middle attack
Release Date 14th March 2022. Overview Under specific video streaming circumstances the Aware instance serial number may be leaked during the Ava Smart P...
Mon, 14 Mar, 2022 at 5:46 PM
Ava-602: Permissions not enforced for viewing video in Ava Aware
Release Date 14th March 2022. Overview Any authenticated Ava Aware user could view live video and view historic video from any camera in the deployment r...
Mon, 14 Mar, 2022 at 5:46 PM
Ava-609: Count rules could be deleted without the appropriate permissions
Release Date 14th March 2022. Overview An authenticated Ava Aware user with the permission to delete counting areas could delete associated count rules w...
Mon, 14 Mar, 2022 at 5:45 PM
Ava-449: Possible information disclosure from API
Release Date 22th December 2021. Overview Under specific circumstances, our web service was configured to display detailed error messages. This could hav...
Tue, 1 Feb, 2022 at 10:00 PM
Ava-451: Internal IP addresses information disclosure
Release Date 22nd December 2021. Overview Under specific circumstances Internal IP addresses could be disclosed by sending a crafted request. Affected ...
Tue, 1 Feb, 2022 at 9:59 PM
Ava-601: Ava products vulnerable to denial of service attack
Release Date 13th January 2021. Overview Due to a vulnerability in the golang.org/x/net/http2 package, an attacker could cause unbounded memory usage whi...
Wed, 12 Jan, 2022 at 2:28 PM
Ava-583: Webhook passwords appearing in Camera log bundle
Release Date 17th December 2021. Overview Webhook passwords were included in the Camera log bundle. Affected Products Ava Cameras: All Stable upgrade...
Fri, 17 Dec, 2021 at 7:36 PM
Ava-582: Webhook password appearing in audit logs
Release Date 17th December 2021. Overview Creating or updating a webhook with a password in Ava Aware would cause the password to appear in the audit log...
Fri, 17 Dec, 2021 at 7:34 PM
Ava-581: Possible to retrieve the Disruptive Technologies service account key
Release Date 17th December 2021. Overview The service account key for Disruptive Technologies could be retrieved using the Ava Aware API and could be vi...
Fri, 17 Dec, 2021 at 7:33 PM