cbcvebase.

Duckduckgo vulnerabilities

3 known vulnerabilities affecting duckduckgo/duckduckgo.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2018-6849P3MEDIUMCVSS 4.3PoCv4.2.02018-04-01
CVE-2018-6849 [MEDIUM] CWE-200 CVE-2018-6849: In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather compl In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
nvd
CVE-2020-15502P3HIGHCVSS 7.5≤ 5.58.0≤ 7.47.1.02020-07-02
CVE-2020-15502 [HIGH] CWE-200 CVE-2020-15502: The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privac
nvd
CVE-2021-44683P3HIGHCVSS 8.2fixed in 7.64.182022-03-25
CVE-2021-44683 [HIGH] CWE-1021 CVE-2021-44683: The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScrip The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on
nvd
Duckduckgo vulnerabilities | cvebase