Known Vulnerabilities
CVE-2024-9924
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .
CRITICAL
CVSS 9.8
Published Oct 14, 2024
CVE-2024-26260
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
CRITICAL
CVSS 9.8
Published Feb 15, 2024