Skip to main content

Security Framework Assessments

Department of Defense contractors need to prepare now for the new Cybersecurity Maturity Model Certification (CMMC) that will be required to bid on future contracts. UNS can help you identify shortcomings and develop a targeted plan to meet these new compliance requirements.

Our trained and experienced consultants will conduct an initial assessment of your organization against the same criteria used in the NIST SP 800-171 and CMMC audits. We will meet with your management, administrative, and operational staff to help you align the assessment results with your abilities and timelines to make targeted recommendations that will help you meet your compliance goals.

NIST Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries

CVE-2020-5346 – RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security… Read More
Published: Apr 15, 2020 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-5340 – RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security… Read More
Published: Mar 26, 2020 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-5339 – RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security… Read More
Published: Mar 26, 2020 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-3392 – A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an… Read More
Published: Mar 23, 2021 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 3.2 LOW
V2.0: 2.1 LOW

CVE-2021-3416 – A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The… Read More
Published: Mar 18, 2021 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 6 MEDIUM
V2.0: 2.1 LOW

CVE-2021-20203 – An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a… Read More
Published: Feb 25, 2021 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 3.2 LOW
V2.0: 2.1 LOW

CVE-2020-25723 – A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing… Read More
Published: Dec 02, 2020 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 3.2 LOW
V2.0: 2.1 LOW

CVE-2020-28916 – hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Read More
Published: Dec 04, 2020 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-27821 – A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to… Read More
Published: Dec 08, 2020 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 6 MEDIUM
V2.0: 2.1 LOW

CVE-2020-29443 – ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. Read More
Published: Jan 26, 2021 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 3.9 LOW
V2.0: 3.3 LOW

CVE-2021-35036 – A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the… Read More
Published: Mar 01, 2022 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-3732 – A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows… Read More
Published: Mar 10, 2022 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2021-20221 – An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64… Read More
Published: May 13, 2021 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 6 MEDIUM
V2.0: 2.1 LOW

CVE-2021-20196 – A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the… Read More
Published: May 26, 2021 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2021-3527 – A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to… Read More
Published: May 26, 2021 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2021-0561 – In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information… Read More
Published: Jun 22, 2021 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2022-23872 – Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. Read More
Published: Jan 31, 2022 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-36056 – Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option. Read More
Published: Jan 31, 2022 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-23321 – A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on… Read More
Published: Feb 10, 2022 | Updated: Sep 30, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-20263 – A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in… Read More
Published: Mar 09, 2021 | Updated: Sep 30, 2022
CVSS Severity
V3.1: 3.3 LOW
V2.0: 2.1 LOW

Health Check

Don’t just go with your gut, use real data to make informed technology decisions.

Your organization’s technology and safety starts by understanding your current performance. Use our Health Check to assess the overall health and safety of your organization, and get a clear roadmap for improvement.