Izut

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 4.5.0.7 **Description** An uncontrolled resource consumption issue exists in Qsync Central. A remote attacker gaining a user account can launch a denial-of-service (DoS) attack. **Recommendations** Update to Qsync Central version 4.5.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP versions prior to QTS 5.2.5.3145 build 20250526 QNAP versions prior to QuTS hero h5.2.5.3138 build 20250519 **Description** A command injection vulnerability exists in QNAP operating systems. A remote attacker who obtains a user account can exploit this issue to execute arbitrary commands. **Recommendations** Update QTS to version 5.2.5.3145 build 20250526 or later. Update QuTS hero to version h5.2.5.3138 build 20250519 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.2.5.3145 build 20250526 QNAP QuTS hero versions prior to h5.2.5.3138 build 20250519 **Description** A buffer overflow issue has been reported in QNAP operating systems. A remote attacker who has obtained a user account may be able to modify memory or crash processes by exploiting this issue. **Recommendations** Update QTS to version 5.2.5.3145 build 20250526 or later. Update QuTS hero to version h5.2.5.3138 build 20250519 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.2.4.3079 build 20250321 QNAP QuTS hero versions prior to h5.2.4.3079 build 20250321 **Description** A command injection issue has been reported, affecting several QNAP operating system versions. This could allow remote attackers with user access to execute arbitrary commands. **Recommendations** For QNAP QTS versions prior to 5.2.4.3079 build 20250321, update to QTS 5.2.4.3079 build 20250321 or later. For QNAP QuTS hero versions prior to h5.2.4.3079 build 20250321, update to QuTS hero h5.2.4.3079 build 20250321 or later.

**Name of the Vulnerable Software and Affected Versions** Qsync Central versions prior to 4.5.0.6 **Description** A use of externally-controlled format string vulnerability has been reported. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. **Recommendations** For versions prior to 4.5.0.6, update to Qsync Central version 4.5.0.6 or later to resolve the issue.