- What is the TianoCore CNA?
- TianoCore is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 27 CVE records since 2021.
- How many CVEs has TianoCore published?
- TianoCore has published 27 CVE records, including 8 in the last two years.
- What is TianoCore's CVE data quality grade?
- RadicalNotion.AI grades TianoCore's CVE data quality as A, with an overall completeness score of 91.7%. This reflects how consistently its CVE records include vendor (96.3%), product (100%), CVSS (77.8%), and CWE (92.6%) information.
- What products does TianoCore publish CVEs for?
- TianoCore most frequently publishes CVEs for EDK2, EDK II, kernel, UefiCpuPkg.
- Which vendors does TianoCore cover?
- TianoCore publishes CVEs across 2 distinct vendors, most often TianoCore, Insyde.
- Is TianoCore actively publishing CVEs?
- TianoCore is currently active, based on 8 CVEs in the last two years.
- What is the average severity of TianoCore's CVEs?
- The average CVSS base score across TianoCore's scored CVEs is 6.7.
- How many critical CVEs has TianoCore published?
- TianoCore has published 1 critical-severity CVEs and 17 high-severity CVEs.
- Are any of TianoCore's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of TianoCore's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in TianoCore's CVEs?
- TianoCore's CVEs most often map to these CWE weakness types: CWE-122 (Heap-based Buffer Overflow), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-125 (Out-of-bounds Read), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- How does TianoCore rank among CNAs?
- By total CVE volume, TianoCore ranks #223 of 370 CNAs, and it reports more complete CVE records than 37% of all CNAs.