UBUNTU-CVE-2014-8600

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2014-8600
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8600.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-8600
Upstream
  • CVE-2014-8600
Related
  • USN-2414-1
Published
2014-11-20T00:00:00Z
Modified
2026-02-04T04:28:17.321579Z
Severity
  • Ubuntu - low
Summary
[none]
Details

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.

References

Affected packages

Ubuntu:14.04:LTS / kde-runtime

Package

Name
kde-runtime
Purl
pkg:deb/ubuntu/kde-runtime@4:4.13.3-0ubuntu0.2?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:4.13.3-0ubuntu0.2

Affected versions

4:4.*
4:4.11.2-0ubuntu1
4:4.11.95-0ubuntu1
4:4.11.97-0ubuntu1
4:4.11.97-0ubuntu2
4:4.12.0-0ubuntu1
4:4.12.1-0ubuntu2
4:4.12.2-0ubuntu1
4:4.12.2-0ubuntu2
4:4.12.3-0ubuntu1
4:4.12.90-0ubuntu1
4:4.12.90-0ubuntu2
4:4.12.95-0ubuntu1
4:4.12.95-0ubuntu2
4:4.12.97-0ubuntu2
4:4.12.97-0ubuntu3
4:4.13.0-0ubuntu1
4:4.13.0-0ubuntu1.1
4:4.13.1-0ubuntu0.1
4:4.13.2-0ubuntu0.1
4:4.13.3-0ubuntu0.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "kde-runtime",
            "binary_version": "4:4.13.3-0ubuntu0.2"
        },
        {
            "binary_name": "kde-runtime-data",
            "binary_version": "4:4.13.3-0ubuntu0.2"
        },
        {
            "binary_name": "kdebase-runtime",
            "binary_version": "4:4.13.3-0ubuntu0.2"
        },
        {
            "binary_name": "khelpcenter4",
            "binary_version": "4:4.13.3-0ubuntu0.2"
        },
        {
            "binary_name": "plasma-scriptengine-javascript",
            "binary_version": "4:4.13.3-0ubuntu0.2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8600.json"

Ubuntu:14.04:LTS / webkitkde

Package

Name
webkitkde
Purl
pkg:deb/ubuntu/webkitkde@1.3~git20120518.9a111005-3ubuntu1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3~git20120518.9a111005-3ubuntu1

Affected versions

1.*
1.3~git20120518.9a111005-3

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "kpart-webkit",
            "binary_version": "1.3~git20120518.9a111005-3ubuntu1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8600.json"