Security Advisories
An update on the war in Ukraine
March 4, 2022
While Syncro Soft does not conduct business in Ukraine or Russia, we are closely monitoring the war in Ukraine and taking action to protect its internal operations, and to continue the delivery of products and services to customers worldwide.
We are following the recommendations of the U.S. Cybersecurity and Infrastructure Agency (CISA), including heightened levels of network and threat monitoring (see https://www.cisa.gov/shields-up).
We are encouraging our customers to ensure that they are on the most up‑to‑date versions of our products to mitigate any known security vulnerabilities. All recent security advisories can be found at https://www.oxygenxml.com/security/advisories.html and the latest download links are available at https://www.oxygenxml.com/download.html.
Our security team is prepared to respond quickly to any detected anomalies concerning our website, services, or products.
Syncro Soft uses Security Advisories to communicate security information to Syncro Soft customers regarding security vulnerabilities.
This section contains all recent security advisories that were issued by Syncro Soft. To protect the security of our customers, we don't publish a security advisory until the vulnerability has been fully investigated and a patch or update is available that resolves the issue.
These posts by the Syncro Soft security team are also sent to the security announcements email list and reference to them may be included in the release notes. Get notified of Syncro Soft releases and security advisories by registering to security announcements email list below:
Security Advisories
| Advisory Number | Severity | Status | Affected Products | Last Updated |
| CVE-2022-26520 | Low | Resolved | Oxygen Content Fusion v4.1.6 and older | 2022-05-27 10:08:00 |
| SYNC-2022-210409 | Low | Resolved | Oxygen Content Fusion v4.1.5 and older | 2022-04-26 10:08:00 |
| CVE-2021-44906 | Low | Resolved | Oxygen Feedback v2.0.2 and older | 2022-04-14 10:10:00 |
| CVE-2022-22965 | None | Resolved | Oxygen Feedback v2.0.2 and older | 2022-04-05 09:10:00 |
| SYNC-2022-1003 | Low | Resolved |
Oxygen XML Author v24.0 and older Oxygen XML Developer v24.0 and older Oxygen XML Editor v24.0 and older Oxygen Content Fusion v4.1.5 and older Oxygen Web Author v24.0 and older Oxygen Feedback v2.0.1 and older Oxygen Publishing Engine v24.0 and older Oxygen License Server v24.0 and older Oxygen PDF Chemistry v24.0 and older | 2022-03-10 09:15:00 |
| CVE-2021-28165 | Low | Resolved | Oxygen License Server v24.0 and older | 2022-03-10 09:15:00 |
| CVE-2022-21724 | Low | Resolved |
Oxygen Content Fusion v4.1.5 and older | 2022-03-10 09:15:00 |
| CVE-2022-0144 | Low | Resolved |
Oxygen Content Fusion v4.1.5 and older | 2022-03-10 09:15:00 |
| CVE-2021-42392 | Low | Resolved |
Oxygen Content Fusion v4.1.5 and older Oxygen Web Author v24.0 and older Oxygen License Server v24.0 and older | 2022-03-10 09:15:00 |
| CVE-2021-23463 | Low | Resolved | Oxygen License Server v24.0 | 2022-02-08 09:15:00 |
| CVE-2018-7489 | Low | Resolved | Oxygen XML Web Author v22.1.0 | 2022-01-19 09:15:00 |
| CVE-2019-10172 | High | Resolved | Oxygen XML Web Author v22.1.0 | 2022-01-19 09:15:00 |
| CVE-2020-11988 | High | Resolved | Oxygen PDF Chemistry v22.0 and v22.1 | 2022-01-19 09:15:00 |
| CVE-2021-32626 | Low | Resolved | Oxygen Content Fusion 4.1 and older | 2022-01-19 09:15:00 |
| CVE-2021-44832 | Low | Resolved | Oxygen Content Fusion 4.1 and older Oxygen XML Web Author between 22.1 and 24.0.0 Oxygen Feedback 2.0 and older Oxygen XML Publishing Engine between 22.1 and 24.0 Oxygen XML WebHelp between 22.1 and 24.0 Oxygen PDF Chemistry between 22.1 and 24.0 Oxygen License Server between 22.1 and 24.0 Oxygen XML Author between 16.1 and 24.0 Oxygen XML Developer between 16.1 and 24.0 Oxygen XML Editor between 16.1 and 24.0 | 2022-01-19 09:15:00 |
| CVE-2021-4104 | Low | Resolved | Oxygen Content Fusion v2.0.3 | 2021-12-29 14:10:30 |
| CVE-2021-45105 | Low | Resolved | Oxygen Content Fusion 4.1 and older Oxygen XML Web Author between 22.1 and 24.0.0 Oxygen Feedback 1.4.4 and older Oxygen XML Publishing Engine between 22.1 and 24.0 Oxygen XML WebHelp between 22.1 and 24.0 Oxygen PDF Chemistry between 22.1 and 24.0 Oxygen License Server between 22.1 and 24.0 Oxygen XML Author between 16.1 and 24.0 Oxygen XML Developer between 16.1 and 24.0 Oxygen XML Editor between 16.1 and 24.0 | 2021-12-21 10:15:30 |
| CVE-2020-11987 | Low | Resolved | Oxygen PDF Chemistry between v22.1 and v24.0 | 2022-01-19 09:15:00 |
| CVE-2021-45046 | Low | Resolved | Oxygen Content Fusion 4.1 and older Oxygen XML Web Author between 22.1 and 24.0.0 Oxygen Feedback 1.4.5 and older Oxygen XML Publishing Engine 24.0 and older Oxygen XML WebHelp 24.0 and older Oxygen PDF Chemistry 24.0 and older Oxygen License Server 24.0 and older Oxygen XML Author 24.0 and older Oxygen XML Developer 24.0 and older Oxygen XML Editor 24.0 and older | 2021-12-15 12:43:30 |
| CVE-2021-44228 | Critical | Resolved | Oxygen Content Fusion 4.1 and older Oxygen XML Web Author between 22.1 and 24.0.0 Oxygen Feedback 1.4.4 and older Oxygen XML Publishing Engine between 22.1 and 24.0 Oxygen XML WebHelp between 22.1 and 24.0 Oxygen PDF Chemistry between 22.1 and 24.0 Oxygen License Server between 22.1 and 24.0 Oxygen XML Author between 16.1 and 24.0 Oxygen XML Developer between 16.1 and 24.0 Oxygen XML Editor between 16.1 and 24.0 | 2021-12-10 18:56:21 |
| SYNC-2021-2610 | Low | Resolved | Oxygen Feedback 1.4.3 and older versions | 2021-12-10 12:23:46 |
| CVE-2021-37714 | High | Resolved | Oxygen Feedback 1.4.3 and older versions | 2021-12-10 10:49:11 |
| CVE-2021-43466 | Low | Resolved | Oxygen Feedback 1.4.3 and older versions | 2021-12-10 10:21:15 |
| CVE-2021-37137 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 14:45:15 |
| CVE-2021-37136 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 13:50:15 |
| CVE-2020-25638 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 13:21:15 |
| CVE-2020-17523 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 13:21:15 |
| CVE-2018-1294 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 12:39:11 |
| CVE-2017-9801 | High | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 11:32:11 |
| CVE-2017-18640 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 11:24:11 |
| CVE-2021-42340 | High | Resolved | Oxygen XML Web Author 23.1 and older versions | 2021-12-06 16:21:11 |
| CVE-2021-40690 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-10-18 14:27:09 |
| CVE-2021-41303 | Low | Resolved | Oxygen XML Web Author 23.1 and older | 2021-10-18 12:21:11 |
| CVE-2021-41079 | High | Resolved | Oxygen XML Web Author 23.1 and older | 2021-10-18 17:22:11 |
| SYNC-2021-2809 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions Oxygen Publishing Engine 23.1 and older versions | 2021-10-18 14:27:09 |
| SYNC-2021-072301 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions Oxygen Publishing Engine 23.1 and older versions Oxygen XML WebHelp 23.1 and older versions | 2021-08-25 10:21:02 |
| CVE-2018-18928 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:53:04 |
| CVE-2021-36090 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:30:34 |
| CVE-2021-35517 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:46:30 |
| CVE-2021-35516 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:41:20 |
| CVE-2021-35515 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:33:45 |
| CVE-2021-33910 | Medium | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-08-19 13:27:26 |
| CVE-2021-23337 | Medium | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-07-12 15:36:18 |
| CVE-2021-25329 | Medium | Resolved | Oxygen Feedback 1.4 and older versions | 2021-04-13 10:30:18 |
| CVE-2021-25122 | Medium | Resolved | Oxygen Feedback 1.4 and older versions | 2021-04-13 14:43:15 |
| CVE-2021-22112 | Medium | Resolved | Oxygen Feedback 1.4 and older versions | 2021-04-13 16:35:20 |
| CVE-2020-13936 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-04-12 10:15:21 |
| SYNC-2021-031201 | Low | Resolved | Oxygen Content Fusion 4.0 and older versions | 2021-03-12 15:32:17 |
| CVE-2020-36048 | Medium | Resolved | Oxygen Content Fusion 3.0 and older versions | 2021-03-09 10:43:11 |
| CVE-2020-36049 | Medium | Resolved | Oxygen Content Fusion 3.0 and older versions | 2021-03-09 12:18:30 |
| CVE-2016-1000027 | Medium | Resolved | Oxygen Feedback 1.3 | 2020-11-03 16:14:14 |
| CVE-2020-1938 | Medium | Resolved | Oxygen XML Web Author 22.0.0 and older versions Oxygen Content Fusion 1.2 and older versions | 2020-04-07 16:00:00 |
| CVE-2019-17571 | Medium | Resolved | Oxygen XML Editor 21.1 and older versions Oxygen XML Developer 21.1 and older versions Oxygen XML Author 21.1 and older versions Oxygen PDF Chemistry 21.1 and older versions Oxygen XML WebHelp 21.1 and older versions Oxygen XML Web Author 21.1.1 and older versions Oxygen Content Fusion 1.2 and older versions | 2020-05-18 15:00:00 |
| SYNC-2019-111401 | Medium | Resolved | Oxygen XML Editor 21.1 and older versions Oxygen XML Developer 21.1 and older versions Oxygen XML Author 21.1 and older versions | 2019-12-11 16:14:14 |
Important:
- This table is not yet a complete list of vulnerabilities. Formulating such a list is an extensive undertaking which Syncro Soft is addressing systematically.
- Syncro Soft does not issue security advisories for underlying third party libraries. Please refer to the concerned third parties as appropriate.
- Syncro Soft Security Advisories are provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in these publications or linked material is at your own risk. Syncro Soft reserves the right to change or update this content without notice at any time.
For more information about security at Syncro Soft, see our Security page. If you believe you've found a security vulnerability, see Reporting a new vulnerability.