Coral

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.2.9.3492 build 20260507 QuTS hero versions prior to h5.2.9.3499 build 20260514 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3459 build 20260409 **Description** A path traversal issue allows a remote attacker with administrator account access to read unexpected files or system data. Path traversal is a flaw that enables an attacker to access files and directories that are stored outside the intended folder. **Recommendations** Update to version 5.2.9.3492 build 20260507 or later. Update to version h5.2.9.3499 build 20260514 or later. Update to version h5.3.4.3500 build 20260520 or later. Update to version h6.0.0.3459 build 20260409 or later.

**Name of the Vulnerable Software and Affected Versions** File Station versions prior to 5.5.6.5243 **Description** An issue exists where resources are allocated without limits or throttling. A remote attacker with a user account can exploit this to prevent other systems, applications, or processes from accessing the same type of resource. **Recommendations** Update to version 5.5.6.5243 or later.

**Name of the Vulnerable Software and Affected Versions** QuTS hero versions prior to h5.2.9.3410 build 20260214 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3459 build 20260409 **Description** A NULL pointer dereference occurs when a program attempts to read or write to a memory address that is NULL, typically leading to a system crash. A remote attacker with administrator account privileges can exploit this issue to launch a denial-of-service (DoS) attack, which renders the system unavailable to users. **Recommendations** Update to version h5.2.9.3410 build 20260214 or later. Update to version h5.3.4.3500 build 20260520 or later. Update to version h6.0.0.3459 build 20260409 or later.

**Name of the Vulnerable Software and Affected Versions** File Station versions prior to 5.5.6.5208 **Description** A NULL pointer dereference allows a remote attacker with a user account to launch a denial-of-service (DoS) attack. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that is NULL, typically causing the application to crash. **Recommendations** Update to version 5.5.6.5208 or later.

**Name of the Vulnerable Software and Affected Versions** License Center versions prior to 1.9.56 **Description** A path traversal issue allows a local attacker with administrator account privileges to read the contents of unexpected files or system data. Path traversal is a technique where an attacker uses special characters to access files and directories outside the intended folder. **Recommendations** Update to version 1.9.56 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.2.9.3492 build 20260507 QuTS hero versions prior to h5.2.9.3499 build 20260514 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3459 build 20260409 **Description** A NULL pointer dereference occurs when a program attempts to read or write to a memory address that is NULL, typically leading to a crash. A remote attacker with administrator account privileges can exploit this issue to launch a denial-of-service (DoS) attack, which disrupts the availability of the system. **Recommendations** Update QTS to version 5.2.9.3492 build 20260507 or later. Update QuTS hero to version h5.2.9.3499 build 20260514 or later. Update QuTS hero to version h5.3.4.3500 build 20260520 or later. Update QuTS hero to version h6.0.0.3459 build 20260409 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.2.9.3492 build 20260507 QuTS hero versions prior to h5.2.9.3499 build 20260514 **Description** A command injection issue allows a remote attacker with administrator account access to execute arbitrary commands on the system. **Recommendations** Update QTS to version 5.2.9.3492 build 20260507 or later. Update QuTS hero to version h5.2.9.3499 build 20260514 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.2.9.3410 build 20260214 QuTS hero versions prior to h5.2.9.3410 build 20260214 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3397 build 20260206 **Description** A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with administrator account access can exploit this issue to modify memory or cause processes to crash. **Recommendations** Update QTS to version 5.2.9.3410 build 20260214 or later. Update QuTS hero to version h5.2.9.3410 build 20260214 or later. Update QuTS hero to version h5.3.4.3500 build 20260520 or later. Update QuTS hero to version h6.0.0.3397 build 20260206 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service (DoS) attack. The issue is a NULL pointer dereference. **Recommendations** Update to Qsync Central version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A NULL pointer dereference allows a remote attacker with a user account to launch a denial-of-service (DoS) attack, which is a condition where a system or network becomes unavailable to its intended users. **Recommendations** Update to version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A buffer overflow issue exists in Qsync Central. A remote attacker who obtains a user account can potentially exploit this to alter memory or cause processes to crash. **Recommendations** Update to Qsync Central version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A NULL pointer dereference allows a remote attacker with a user account to launch a denial-of-service (DoS) attack, which is a condition where a system becomes unavailable to its intended users. **Recommendations** Update to version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A buffer overflow allows a remote attacker with a user account to modify memory or crash processes. A buffer overflow occurs when a program writes more data to a storage area than it can hold, potentially overwriting adjacent memory. **Recommendations** Update to version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** QuTS hero versions prior to h5.3.2.3354 build 20251225 **Description** A buffer overflow allows a remote attacker with a user account to modify memory or crash processes. A buffer overflow occurs when a program writes more data to a storage area (buffer) than it can hold, potentially overwriting adjacent memory. **Recommendations** Update to version h5.3.2.3354 build 20251225 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service (DoS) attack. The issue is due to a NULL pointer dereference. **Recommendations** Update to Qsync Central version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A use of externally-controlled format string issue exists in Qsync Central. A remote attacker who obtains a user account may be able to obtain secret data or modify memory. The issue involves the use of externally-controlled format strings. **Recommendations** Update to Qsync Central version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service (DoS) attack. The issue is a NULL pointer dereference. **Recommendations** Update to Qsync Central version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** An out-of-bounds write issue exists in Qsync Central. A remote attacker who obtains a user account can potentially modify or corrupt memory. **Recommendations** Update to Qsync Central version 5.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.2.8.3332 build 20251128 QNAP QuTS hero versions prior to h5.2.8.3321 build 20251117 **Description** A NULL pointer dereference issue exists in QNAP operating systems. A remote attacker gaining administrator privileges can exploit this to cause a denial-of-service (DoS) condition. **Recommendations** Update QTS to version 5.2.8.3332 build 20251128 or later. Update QuTS hero to version h5.2.8.3321 build 20251117 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 5.0.0.4 **Description** A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service (DoS) attack. The issue is a NULL pointer dereference. **Recommendations** Update to Qsync Central version 5.0.0.4 or later.