Skip to main content

Security Framework Assessments

Department of Defense contractors need to prepare now for the new Cybersecurity Maturity Model Certification (CMMC) that will be required to bid on future contracts. UNS can help you identify shortcomings and develop a targeted plan to meet these new compliance requirements.

Our trained and experienced consultants will conduct an initial assessment of your organization against the same criteria used in the NIST SP 800-171 and CMMC audits. We will meet with your management, administrative, and operational staff to help you align the assessment results with your abilities and timelines to make targeted recommendations that will help you meet your compliance goals.

NIST Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries

CVE-2019-1794 – A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing…. Read More
Published: Apr 18, 2019 | Updated: Mar 24, 2023
CVSS Severity
V2.0: 3.6 LOW

CVE-2004-1349 – gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked… Read More
Published: Oct 04, 2004 | Updated: Mar 24, 2023
CVSS Severity
V:
V2.0: 2.1 LOW

CVE-2019-11092 – Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Read More
Published: Jun 13, 2019 | Updated: Mar 24, 2023
CVSS Severity
V2.0: 3.6 LOW

CVE-2019-1808 – A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a… Read More
Published: May 15, 2019 | Updated: Mar 24, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2018-4844 – A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions… Read More
Published: Mar 20, 2018 | Updated: Mar 24, 2023
CVSS Severity
V2.0: 3.8 LOW

CVE-2022-21945 – A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default… Read More
Published: Mar 16, 2022 | Updated: Mar 24, 2023
CVSS Severity
V2.0: 3.6 LOW

CVE-2019-17435 – A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in… Read More
Published: Oct 16, 2019 | Updated: Mar 23, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2019-1677 – A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The… Read More
Published: Feb 07, 2019 | Updated: Mar 23, 2023
CVSS Severity
V2.0: 1.9 LOW

CVE-2021-46705 – A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary… Read More
Published: Mar 16, 2022 | Updated: Mar 23, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2021-24705 – The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks in place when editing a form, and does not escape some of its… Read More
Published: Dec 13, 2021 | Updated: Mar 17, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-3595 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-3594 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-3593 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-3592 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-37208 – A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100,… Read More
Published: Mar 08, 2022 | Updated: Mar 14, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-21303 – Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes… Read More
Published: Feb 05, 2021 | Updated: Mar 13, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-1949 – A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS)… Read More
Published: Aug 08, 2019 | Updated: Mar 08, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-0350 – Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13. Read More
Published: Mar 31, 2022 | Updated: Mar 07, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1290 – Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the… Read More
Published: Apr 10, 2022 | Updated: Mar 07, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-3764 – In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The… Read More
Published: Jul 05, 2018 | Updated: Mar 04, 2023
CVSS Severity
V2.0: 3.5 LOW

Health Check

Don’t just go with your gut, use real data to make informed technology decisions.

Your organization’s technology and safety starts by understanding your current performance. Use our Health Check to assess the overall health and safety of your organization, and get a clear roadmap for improvement.