CVE-2014-8600 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-8600 Interim 1 14 2024-07-27T01:20:15Z current 2021-05-30T13:24:10Z 2024-07-27T01:20:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-8600 Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 LTSS openSUSE Leap 15.0 openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed kdebase4-runtime kio-extras5-16.12.0-1.1 kio-extras5-17.12.3-lp150.1.2 kio-extras5-20.04.2-bp153.2.12 kio-extras5-20.04.2-lp152.1.1 kio-extras5-21.12.3-bp154.1.50 kio-extras5-lang-17.12.3-lp150.1.2 kio-extras5-lang-20.04.2-bp153.2.12 kio-extras5-lang-20.04.2-lp152.1.1 kio-extras5-lang-21.12.3-bp154.1.50 kwebkitpart-1.3.4-2.1 kwebkitpart-lang-1.3.4-2.1 libkioarchive5-17.12.3-lp150.1.2 libkioarchive5-20.04.2-bp153.2.12 libkioarchive5-20.04.2-lp152.1.1 libkioarchive5-21.12.3-bp154.1.50 kio-extras5-17.12.3-lp150.1.2 as a component of openSUSE Leap 15.0 kio-extras5-lang-17.12.3-lp150.1.2 as a component of openSUSE Leap 15.0 libkioarchive5-17.12.3-lp150.1.2 as a component of openSUSE Leap 15.0 kio-extras5-20.04.2-lp152.1.1 as a component of openSUSE Leap 15.2 kio-extras5-lang-20.04.2-lp152.1.1 as a component of openSUSE Leap 15.2 libkioarchive5-20.04.2-lp152.1.1 as a component of openSUSE Leap 15.2 kio-extras5-20.04.2-bp153.2.12 as a component of openSUSE Leap 15.3 kio-extras5-lang-20.04.2-bp153.2.12 as a component of openSUSE Leap 15.3 libkioarchive5-20.04.2-bp153.2.12 as a component of openSUSE Leap 15.3 kio-extras5-21.12.3-bp154.1.50 as a component of openSUSE Leap 15.4 kio-extras5-lang-21.12.3-bp154.1.50 as a component of openSUSE Leap 15.4 libkioarchive5-21.12.3-bp154.1.50 as a component of openSUSE Leap 15.4 kio-extras5-16.12.0-1.1 as a component of openSUSE Tumbleweed kwebkitpart-1.3.4-2.1 as a component of openSUSE Tumbleweed kwebkitpart-lang-1.3.4-2.1 as a component of openSUSE Tumbleweed kdebase4-runtime as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata kdebase4-runtime as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata kdebase4-runtime as a component of SUSE Linux Enterprise Server 11 SP4 LTSS Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. CVE-2014-8600 openSUSE Leap 15.0:kio-extras5-17.12.3-lp150.1.2 openSUSE Leap 15.0:kio-extras5-lang-17.12.3-lp150.1.2 openSUSE Leap 15.0:libkioarchive5-17.12.3-lp150.1.2 openSUSE Leap 15.2:kio-extras5-20.04.2-lp152.1.1 openSUSE Leap 15.2:kio-extras5-lang-20.04.2-lp152.1.1 openSUSE Leap 15.2:libkioarchive5-20.04.2-lp152.1.1 openSUSE Leap 15.3:kio-extras5-20.04.2-bp153.2.12 openSUSE Leap 15.3:kio-extras5-lang-20.04.2-bp153.2.12 openSUSE Leap 15.3:libkioarchive5-20.04.2-bp153.2.12 openSUSE Leap 15.4:kio-extras5-21.12.3-bp154.1.50 openSUSE Leap 15.4:kio-extras5-lang-21.12.3-bp154.1.50 openSUSE Leap 15.4:libkioarchive5-21.12.3-bp154.1.50 openSUSE Tumbleweed:kio-extras5-16.12.0-1.1 openSUSE Tumbleweed:kwebkitpart-1.3.4-2.1 openSUSE Tumbleweed:kwebkitpart-lang-1.3.4-2.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N