CVE-2016-6253 is a NetBSD local privilege-escalation issue in mail.local. According to the CVE description, a local user can abuse a symlink attack on the user mailbox to change ownership of, or append data to, arbitrary files on the target system. NVD lists the issue as HIGH severity with CVSS 3.0 7.8, and the weakness is mapped to CWE-59 (link following / symlink-related file handling).
CVE-2015-8212 is a critical NetBSD vulnerability in bozohttpd CGI handling that can allow a remote attacker to execute arbitrary code by supplying crafted arguments to a non-CGI-aware program. NVD marks the issue as CVSS 9.8 with full confidentiality, integrity, and availability impact. The affected NetBSD releases listed by NVD are 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0.
