Skip to main content

Security Framework Assessments

Department of Defense contractors need to prepare now for the new Cybersecurity Maturity Model Certification (CMMC) that will be required to bid on future contracts. UNS can help you identify shortcomings and develop a targeted plan to meet these new compliance requirements.

Our trained and experienced consultants will conduct an initial assessment of your organization against the same criteria used in the NIST SP 800-171 and CMMC audits. We will meet with your management, administrative, and operational staff to help you align the assessment results with your abilities and timelines to make targeted recommendations that will help you meet your compliance goals.

NIST Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries

CVE-2016-4247 – Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux… Read More
Published: Jul 13, 2016 | Updated: Jan 26, 2023
CVSS Severity
V2.0: 2.6 LOW

CVE-2022-29172 – Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before… Read More
Published: May 05, 2022 | Updated: Jan 25, 2023
CVSS Severity
V2.0: 2.6 LOW

CVE-2020-5421 – In Spring Framework versions 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported versions, the protections against RFD… Read More
Published: Sep 19, 2020 | Updated: Jan 25, 2023
CVSS Severity
V2.0: 3.6 LOW

CVE-2019-10433 – Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read… Read More
Published: Oct 01, 2019 | Updated: Jan 25, 2023
CVSS Severity
V3.1: 3.3 LOW
V2.0: 2.1 LOW

CVE-2019-11429 – CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field… Read More
Published: May 13, 2019 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-12190 – XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. Read More
Published: May 21, 2019 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-13476 – In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email… Read More
Published: Aug 21, 2019 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-16295 – Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local… Read More
Published: Oct 31, 2019 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 1.9 LOW

CVE-2019-7646 – CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. Read More
Published: Mar 26, 2019 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-27636 – On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5,… Read More
Published: May 05, 2022 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2022-27854 – Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin Read More
Published: Apr 26, 2022 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-21813 – NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an… Read More
Published: Feb 07, 2022 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 3.6 LOW

CVE-2020-15701 – An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute… Read More
Published: Aug 06, 2020 | Updated: Jan 24, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2019-20382 – QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where… Read More
Published: Mar 05, 2020 | Updated: Jan 24, 2023
CVSS Severity
V3.1: 3.5 LOW
V2.0: 2.7 LOW

CVE-2019-20204 – The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. Read More
Published: Jan 02, 2020 | Updated: Jan 20, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-13509 – An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet… Read More
Published: Dec 18, 2020 | Updated: Jan 20, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-1771 – Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript… Read More
Published: Mar 27, 2020 | Updated: Jan 20, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-20811 – An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. Read More
Published: Jun 03, 2020 | Updated: Jan 20, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-12872 – yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP… Read More
Published: May 15, 2020 | Updated: Jan 20, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-5306 – Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Read More
Published: Jan 05, 2020 | Updated: Jan 20, 2023
CVSS Severity
V2.0: 3.5 LOW

Health Check

Don’t just go with your gut, use real data to make informed technology decisions.

Your organization’s technology and safety starts by understanding your current performance. Use our Health Check to assess the overall health and safety of your organization, and get a clear roadmap for improvement.