An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495. Read more