This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.
NVD-CWE-noinfo
CVE-2020-3925
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.
CVE-2020-3932
A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.
CVE-2020-3933
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
CVE-2020-3943
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.
CVE-2020-3873
This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off “Load remote content in messages” may not apply to all mail previews.
