Skip to main content
High-Quality Information Technology Consulting Services

Security Framework Assessments

Department of Defense contractors need to prepare now for the new Cybersecurity Maturity Model Certification (CMMC) that will be required to bid on future contracts. UNS can help you identify shortcomings and develop a targeted plan to meet these new compliance requirements.

Our trained and experienced consultants will conduct an initial assessment of your organization against the same criteria used in the NIST SP 800-171 and CMMC audits. We will meet with your management, administrative, and operational staff to help you align the assessment results with your abilities and timelines to make targeted recommendations that will help you meet your compliance goals.

request a free consultation

NIST Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Learn more about UNS security framework assessment

Last 20 Scored Vulnerability IDs & Summaries

CVE-2016-4247 – Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux… Read More
Published: Jul 13, 2016 | Updated: Jan 26, 2023
CVSS Severity
V3.1: 5.3 MEDIUM
V2.0: 2.6 LOW
CVE-2022-29172 – Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before… Read More
Published: May 05, 2022 | Updated: Jan 25, 2023
CVSS Severity
V3.1: 6.1 MEDIUM
V2.0: 2.6 LOW
CVE-2020-5421 – In Spring Framework versions 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported versions, the protections against RFD… Read More
Published: Sep 19, 2020 | Updated: Jan 25, 2023
CVSS Severity
V3.1: 6.5 MEDIUM
V2.0: 3.6 LOW
CVE-2019-10433 – Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read… Read More
Published: Oct 01, 2019 | Updated: Jan 25, 2023
CVSS Severity
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2019-11429 – CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field… Read More
Published: May 13, 2019 | Updated: Jan 24, 2023
CVSS Severity
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-12190 – XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. Read More
Published: May 21, 2019 | Updated: Jan 24, 2023
CVSS Severity
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-13476 – In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email… Read More
Published: Aug 21, 2019 | Updated: Jan 24, 2023
CVSS Severity
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-16295 – Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local… Read More
Published: Oct 31, 2019 | Updated: Jan 24, 2023
CVSS Severity
V3.1: 4.6 MEDIUM
V2.0: 1.9 LOW
CVE-2019-7646 – CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. Read More
Published: Mar 26, 2019 | Updated: Jan 24, 2023
CVSS Severity
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2022-27636 – On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5,… Read More
Published: May 05, 2022 | Updated: Jan 24, 2023
CVSS Severity
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-27854 – Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin Read More
Published: Apr 26, 2022 | Updated: Jan 24, 2023
CVSS Severity
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-21813 – NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an… Read More
Published: Feb 07, 2022 | Updated: Jan 24, 2023
CVSS Severity
V3.1: 6.1 MEDIUM
V2.0: 3.6 LOW
CVE-2020-15701 – An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute… Read More
Published: Aug 06, 2020 | Updated: Jan 24, 2023
CVSS Severity
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-20382 – QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where… Read More
Published: Mar 05, 2020 | Updated: Jan 24, 2023
CVSS Severity
V3.1: 3.5 LOW
V2.0: 2.7 LOW
CVE-2019-20204 – The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. Read More
Published: Jan 02, 2020 | Updated: Jan 20, 2023
CVSS Severity
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-13509 – An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet… Read More
Published: Dec 18, 2020 | Updated: Jan 20, 2023
CVSS Severity
V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-1771 – Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript… Read More
Published: Mar 27, 2020 | Updated: Jan 20, 2023
CVSS Severity
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-20811 – An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. Read More
Published: Jun 03, 2020 | Updated: Jan 20, 2023
CVSS Severity
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-12872 – yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP… Read More
Published: May 15, 2020 | Updated: Jan 20, 2023
CVSS Severity
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-5306 – Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Read More
Published: Jan 05, 2020 | Updated: Jan 20, 2023
CVSS Severity
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW

Health Check

Don’t just go with your gut, use real data to make informed technology decisions.

Your organization’s technology and safety starts by understanding your current performance. Use our Health Check to assess the overall health and safety of your organization, and get a clear roadmap for improvement.

Get Started

Request a Free Consultation

Our team of experts will connect with you to create custom solutions and strategies for your business.

Name