These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-6210 is an information-disclosure issue in sshd from OpenSSH before 7.3. In the affected password-authentication path, when SHA256 or SHA512 are used for user password hashing, sshd uses a Blowfish hash of a static password for nonexistent usernames. That creates a measurable timing difference, especially with a large password, which remote attackers can use to enumerate valid usernames.
CVE-2020-7247 is an OpenBSD OpenSMTPD remote code execution vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. Because it is documented as known exploited, organizations running OpenSMTPD should treat it as a patch-now issue and verify that vendor-recommended updates have been applied.
CVE-2016-6244 is a denial-of-service vulnerability in the OpenBSD kernel's sys_thrsigdivert function. According to the published advisory data, a remote attacker can cause a kernel panic by supplying a negative ts.tv_sec value. The NVD entry maps the issue to OpenBSD 5.9 and rates it HIGH with network attack reachability and availability impact only. This is a stability and uptime issue rather than a data [truncated]
CVE-2012-0814 describes an information disclosure issue in OpenSSH sshd where debug messages can reveal authorized_keys command options to authenticated remote users. In environments that rely on shared accounts, forced commands, or restricted shells, that leaked data can cross a privilege boundary because the affected user may not otherwise have legitimate access to the authorized_keys file. The issue is [truncated]