An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
NVD-CWE-Other
CVE-2020-26163
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
CVE-2020-26099
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
CVE-2020-26100
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
CVE-2020-26108
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
CVE-2020-26109
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).