Skip to main content

Evaluaciones del marco de seguridad

Los contratistas del Departamento de Defensa deben prepararse ahora para la nueva Certificación del Modelo de Madurez de Ciberseguridad (CMMC) que se requerirá para presentar ofertas en contratos futuros. UNS puede ayudarlo a identificar deficiencias y desarrollar un plan específico para cumplir con estos nuevos requisitos de cumplimiento.

Nuestros consultores capacitados y experimentados realizarán una evaluación inicial de su organización según los mismos criterios utilizados en las auditorías NIST SP 800-171 y CMMC. Nos reuniremos con su personal gerencial, administrativo y operativo para ayudarlo a alinear los resultados de la evaluación con sus habilidades y plazos para hacer recomendaciones específicas que lo ayudarán a alcanzar sus objetivos de cumplimiento.

Base de datos de vulnerabilidades del NIST

El NVD es el repositorio del gobierno de EE. UU. de datos de gestión de vulnerabilidades basados en estándares representados mediante el Protocolo de automatización de contenido de seguridad (SCAP). Estos datos permiten la automatización de la gestión de vulnerabilidades, la medición de la seguridad y el cumplimiento. El NVD incluye bases de datos de referencias de listas de verificación de seguridad, fallas de software relacionadas con la seguridad, configuraciones incorrectas, nombres de productos y métricas de impacto.

Últimos 20 identificadores de vulnerabilidad puntuados y resúmenes

CVE-2022-27774 – An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials… Read More
Published: Jun 02, 2022 | Updated: Jan 29, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-11165 – Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated… Read More
Published: Dec 16, 2019 | Updated: Jan 28, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-11083 – In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a… Read More
Published: Jul 14, 2020 | Updated: Jan 28, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-8557 – The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own… Read More
Published: Jul 23, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2019-13033 – In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being… Read More
Published: Jun 18, 2020 | Updated: Jan 27, 2023
CVSS Severity
V3.1: 3.3 LOW
V2.0: 2.1 LOW

CVE-2020-14073 – XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the… Read More
Published: Jun 23, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-15038 – The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. Read More
Published: Jun 24, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-16157 – A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. Read More
Published: Jul 30, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-6690 – Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows… Read More
Published: Sep 18, 2018 | Updated: Jan 27, 2023
CVSS Severity
V3.1: 7.1 HIGH
V2.0: 3.6 LOW

CVE-2020-4046 – In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject… Read More
Published: Jun 12, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-10702 – A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in… Read More
Published: Jun 04, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-13775 – ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and… Read More
Published: Jun 02, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-6693 – An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a… Read More
Published: Sep 18, 2018 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.3 LOW

CVE-2020-12767 – exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. Read More
Published: May 09, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-1983 – A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Read More
Published: Apr 22, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-8551 – The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet… Read More
Published: Mar 27, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.3 LOW

CVE-2019-10401 – In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored… Read More
Published: Sep 25, 2019 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-11074 – In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The… Read More
Published: Jul 02, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-3963 – VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free… Read More
Published: Jun 25, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 2.1 LOW

CVE-2020-14943 – The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. Read More
Published: Jun 22, 2020 | Updated: Jan 27, 2023
CVSS Severity
V2.0: 3.5 LOW

Chequeo de salud

No siga su instinto, use datos reales para tomar decisiones tecnológicas informadas.

La tecnología y la seguridad de su organización comienzan con la comprensión de su desempeño actual. Utilice nuestro Health Check para evaluar la salud y la seguridad generales de su organización y obtenga una hoja de ruta clara para la mejora.