What is the duo CNA?
duo is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 6 CVE records since 2017.
How many CVEs has duo published?
duo has published 6 CVE records, including 0 in the last two years.
What is duo's CVE data quality grade?
RadicalNotion.AI grades duo's CVE data quality as B, with an overall completeness score of 83.3%. This reflects how consistently its CVE records include vendor (83.3%), product (83.3%), CVSS (83.3%), and CWE (83.3%) information.
What products does duo publish CVEs for?
duo most frequently publishes CVEs for debian linux, Duo Network Gateway, omniauth saml, omniauth-saml, OmnitAuth-SAML.
Which vendors does duo cover?
duo publishes CVEs across 4 distinct vendors, most often pip, OneLogin, PyPI, rubygems, jpadilla.
Is duo actively publishing CVEs?
duo is currently inactive (has not published recently), based on 0 CVEs in the last two years.
What is the average severity of duo's CVEs?
The average CVSS base score across duo's scored CVEs is 7.7.
Are any of duo's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of duo's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in duo's CVEs?
duo's CVEs most often map to these CWE weakness types: CWE-287 (Improper Authentication).
How does duo rank among CNAs?
By total CVE volume, duo ranks #343 of 370 CNAs, and it reports more complete CVE records than 31% of all CNAs.
