What is the TianoCore CNA?
TianoCore is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 27 CVE records since 2021.
How many CVEs has TianoCore published?
TianoCore has published 27 CVE records, including 8 in the last two years.
What is TianoCore's CVE data quality grade?
RadicalNotion.AI grades TianoCore's CVE data quality as A, with an overall completeness score of 91.7%. This reflects how consistently its CVE records include vendor (96.3%), product (100%), CVSS (77.8%), and CWE (92.6%) information.
What products does TianoCore publish CVEs for?
TianoCore most frequently publishes CVEs for EDK2, EDK II, kernel, UefiCpuPkg.
Which vendors does TianoCore cover?
TianoCore publishes CVEs across 2 distinct vendors, most often TianoCore, insyde.
Is TianoCore actively publishing CVEs?
TianoCore is currently active, based on 8 CVEs in the last two years.
What is the average severity of TianoCore's CVEs?
The average CVSS base score across TianoCore's scored CVEs is 6.7.
Are any of TianoCore's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of TianoCore's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in TianoCore's CVEs?
TianoCore's CVEs most often map to these CWE weakness types: CWE-122 (Heap-based Buffer Overflow), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-125 (Out-of-bounds Read), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
How does TianoCore rank among CNAs?
By total CVE volume, TianoCore ranks #223 of 370 CNAs, and it reports more complete CVE records than 37% of all CNAs.
