Security Framework Assessments

Department of Defense contractors need to prepare now for the new Cybersecurity Maturity Model Certification (CMMC) that will be required to bid on future contracts. UNS can help you identify shortcomings and develop a targeted plan to meet these new compliance requirements.

Our trained and experienced consultants will conduct an initial assessment of your organization against the same criteria used in the NIST SP 800-171 and CMMC audits. We will meet with your management, administrative, and operational staff to help you align the assessment results with your abilities and timelines to make targeted recommendations that will help you meet your compliance goals.

request a free consultation

NIST Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Learn more about UNS security framework assessment

Last 20 Scored Vulnerability IDs & Summaries

CVE-2018-16878 – A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS Read More
Published: Apr 18, 2019 | Updated: Sep 29, 2023

CVSS Severity

V3.1: 5.5 MEDIUM

V2.0: 2.1 LOW

CVE-2021-45097 – KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access… Read More
Published: Dec 16, 2021 | Updated: Sep 28, 2023

CVSS Severity

V3.1: 5.5 MEDIUM

V2.0: 2.1 LOW

CVE-2021-37742 – app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. Read More
Published: Jul 30, 2021 | Updated: Sep 28, 2023

CVSS Severity

V3.1: 5.4 MEDIUM

V2.0: 3.5 LOW

CVE-2021-36057 – XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause… Read More
Published: Sep 01, 2021 | Updated: Sep 26, 2023

CVSS Severity

V3.1: 4 MEDIUM

V2.0: 2.1 LOW

CVE-2020-0550 – Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access…. Read More
Published: Mar 12, 2020 | Updated: Sep 25, 2023

CVSS Severity

V3.1: 5.6 MEDIUM

V2.0: 1.9 LOW

CVE-2020-0551 – Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel… Read More
Published: Mar 12, 2020 | Updated: Sep 25, 2023

CVSS Severity

V3.1: 5.6 MEDIUM

V2.0: 1.9 LOW

CVE-2021-44141 – All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory… Read More
Published: Feb 21, 2022 | Updated: Sep 17, 2023

CVSS Severity

V3.1: 4.3 MEDIUM

V2.0: 3.5 LOW

CVE-2020-14354 – A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker… Read More
Published: May 13, 2021 | Updated: Sep 15, 2023

CVSS Severity

V3.1: 3.3 LOW

V2.0: 2.1 LOW

CVE-2019-14907 – All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level… Read More
Published: Jan 21, 2020 | Updated: Sep 14, 2023

CVSS Severity

V3.1: 6.5 MEDIUM

V2.0: 2.6 LOW

CVE-2020-0569 – Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via… Read More
Published: Nov 23, 2020 | Updated: Sep 12, 2023

CVSS Severity

V3.1: 5.7 MEDIUM

V2.0: 2.7 LOW

CVE-2015-6815 – The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers… Read More
Published: Jan 31, 2020 | Updated: Sep 12, 2023

CVSS Severity

V3.1: 3.5 LOW

V2.0: 2.7 LOW

CVE-2016-3156 – The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of… Read More
Published: Apr 27, 2016 | Updated: Sep 12, 2023

CVSS Severity

V3.0: 5.5 MEDIUM

V2.0: 2.1 LOW

CVE-2016-4482 – The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain… Read More
Published: May 23, 2016 | Updated: Sep 12, 2023

CVSS Severity

V3.0: 6.2 MEDIUM

V2.0: 2.1 LOW

CVE-2016-4486 – The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain… Read More
Published: May 23, 2016 | Updated: Sep 12, 2023

CVSS Severity

V3.0: 3.3 LOW

V2.0: 2.1 LOW

CVE-2016-4569 – The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain… Read More
Published: May 23, 2016 | Updated: Sep 12, 2023

CVSS Severity

V3.0: 5.5 MEDIUM

V2.0: 2.1 LOW

CVE-2016-9960 – game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). Read More
Published: Jun 06, 2017 | Updated: Sep 12, 2023

CVSS Severity

V3.0: 5.5 MEDIUM

V2.0: 2.1 LOW

CVE-2022-0900 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0. Read More
Published: May 23, 2022 | Updated: Sep 07, 2023

CVSS Severity

V3.1: 5.4 MEDIUM

V2.0: 3.5 LOW

CVE-2021-2207 – Vulnerability in the Oracle Database – Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c…. Read More
Published: Apr 22, 2021 | Updated: Sep 02, 2023

CVSS Severity

V3.1: 2.3 LOW

V2.0: 2.1 LOW

CVE-2018-9119 – An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers,… Read More
Published: Apr 04, 2018 | Updated: Aug 31, 2023

CVSS Severity

V3.0: 6.1 MEDIUM

V2.0: 3.6 LOW

CVE-2020-1771 – Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript… Read More
Published: Mar 27, 2020 | Updated: Aug 31, 2023

CVSS Severity

V3.1: 5.4 MEDIUM

V2.0: 3.5 LOW

Health Check

Don’t just go with your gut, use real data to make informed technology decisions.

Your organization’s technology and safety starts by understanding your current performance. Use our Health Check to assess the overall health and safety of your organization, and get a clear roadmap for improvement.

Get Started

Security Framework Assessments

NIST Vulnerability Database

Last 20 Scored Vulnerability IDs & Summaries

Health Check

Request a Free Consultation