CVE-2024-24996 is described as a heap overflow in the WLInfoRailService component of the product, while CVE-2024-29204 is a heap overflow bug in the WLAvalancheService component. Both could allow a remote unauthenticated attacker to execute arbitrary commands, which is why they have been given a CVSS score of 9.8.