Security Advisories
Syncro Soft uses Security Advisories to communicate security information to Syncro Soft customers regarding security vulnerabilities.
This section contains all recent security advisories that were issued by Syncro Soft. To protect the security of our customers, we don't publish a security advisory until the vulnerability has been fully investigated and a patch or update is available that resolves the issue.
These posts by the Syncro Soft security team are also sent to the security announcements email list and reference to them may be included in the release notes. Get notified of Syncro Soft releases and security advisories by registering to security announcements email list below:
Security Advisories
| Advisory Number | Severity | Status | Affected Products | Last Updated |
| CVE-2021-45105 | Low | Resolved | Oxygen Content Fusion 4.1 and older Oxygen XML Web Author between 22.1 and 24.0.0 Oxygen Feedback 2.0 and older Oxygen XML Publishing Engine 24.0 and older Oxygen XML WebHelp 24.0 and older Oxygen PDF Chemistry 24.0 and older Oxygen License Server 24.0 and older Oxygen XML Author 24.0 and older Oxygen XML Developer 24.0 and older Oxygen XML Editor 24.0 and older | 2021-12-21 10:15:30 |
| CVE-2020-11987 | Low | Resolved | Oxygen PDF Chemistry between v23.1 and v24.0 | 2021-12-20 11:43:30 |
| CVE-2021-45046 | Low | Resolved | Oxygen Content Fusion 4.1 and older Oxygen XML Web Author between 22.1 and 24.0.0 Oxygen Feedback 1.4.5 and older Oxygen XML Publishing Engine 24.0 and older Oxygen XML WebHelp 24.0 and older Oxygen PDF Chemistry 24.0 and older Oxygen License Server 24.0 and older Oxygen XML Author 24.0 and older Oxygen XML Developer 24.0 and older Oxygen XML Editor 24.0 and older | 2021-12-15 12:43:30 |
| CVE-2021-44228 | Critical | Resolved | Oxygen Content Fusion 4.1 and older Oxygen XML Web Author between 22.1 and 24.0.0 Oxygen Feedback 1.4.4 and older Oxygen XML Publishing Engine between 22.1 and 24.0 Oxygen XML WebHelp between 22.1 and 24.0 Oxygen PDF Chemistry between 22.1 and 24.0 Oxygen License Server between 22.1 and 24.0 Oxygen XML Author between 16.1 and 24.0 Oxygen XML Developer between 16.1 and 24.0 Oxygen XML Editor between 16.1 and 24.0 | 2021-12-10 18:56:21 |
| SYNC-2021-2610 | Low | Resolved | Oxygen Feedback 1.4.3 and older versions | 2021-12-10 12:23:46 |
| CVE-2021-37714 | High | Resolved | Oxygen Feedback 1.4.3 and older versions | 2021-12-10 10:49:11 |
| CVE-2021-43466 | Low | Resolved | Oxygen Feedback 1.4.3 and older versions | 2021-12-10 10:21:15 |
| CVE-2021-37137 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 14:45:15 |
| CVE-2021-37136 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 13:50:15 |
| CVE-2020-25638 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 13:21:15 |
| CVE-2020-17523 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 13:21:15 |
| CVE-2018-1294 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 12:39:11 |
| CVE-2017-9801 | High | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 11:32:11 |
| CVE-2017-18640 | Low | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-12-08 11:24:11 |
| CVE-2021-42340 | High | Resolved | Oxygen XML Web Author 23.1 and older versions | 2021-12-06 16:21:11 |
| CVE-2021-40690 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-10-18 14:27:09 |
| CVE-2021-41303 | Low | Resolved | Oxygen XML Web Author 23.1 and older | 2021-10-18 12:21:11 |
| CVE-2021-41079 | High | Resolved | Oxygen XML Web Author 23.1 and older | 2021-10-18 17:22:11 |
| SYNC-2021-2809 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions Oxygen Publishing Engine 23.1 and older versions | 2021-10-18 14:27:09 |
| SYNC-2021-072301 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions Oxygen Publishing Engine 23.1 and older versions Oxygen XML WebHelp 23.1 and older versions | 2021-08-25 10:21:02 |
| CVE-2018-18928 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:53:04 |
| CVE-2021-36090 | Medium | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:30:34 |
| CVE-2021-35517 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:46:30 |
| CVE-2021-35516 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:41:20 |
| CVE-2021-35515 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-08-25 10:33:45 |
| CVE-2021-33910 | Medium | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-08-19 13:27:26 |
| CVE-2021-23337 | Medium | Resolved | Oxygen Content Fusion 4.1 and older versions | 2021-07-12 15:36:18 |
| CVE-2021-25329 | Medium | Resolved | Oxygen Feedback 1.4 and older versions | 2021-04-13 10:30:18 |
| CVE-2021-25122 | Medium | Resolved | Oxygen Feedback 1.4 and older versions | 2021-04-13 14:43:15 |
| CVE-2021-22112 | Medium | Resolved | Oxygen Feedback 1.4 and older versions | 2021-04-13 16:35:20 |
| CVE-2020-13936 | Low | Resolved | Oxygen XML Editor 23.1 and older versions Oxygen XML Developer 23.1 and older versions Oxygen XML Author 23.1 and older versions | 2021-04-12 10:15:21 |
| SYNC-2021-031201 | Low | Resolved | Oxygen Content Fusion 4.0 and older versions | 2021-03-12 15:32:17 |
| CVE-2020-36048 | Medium | Resolved | Oxygen Content Fusion 3.0 and older versions | 2021-03-09 10:43:11 |
| CVE-2020-36049 | Medium | Resolved | Oxygen Content Fusion 3.0 and older versions | 2021-03-09 12:18:30 |
| CVE-2016-1000027 | Medium | Resolved | Oxygen Feedback 1.3 | 2020-11-03 16:14:14 |
| CVE-2020-1938 | Medium | Resolved | Oxygen XML Web Author 22.0.0 and older versions Oxygen Content Fusion 1.2 and older versions | 2020-04-07 16:00:00 |
| CVE-2019-17571 | Medium | Resolved | Oxygen XML Editor 21.1 and older versions Oxygen XML Developer 21.1 and older versions Oxygen XML Author 21.1 and older versions Oxygen PDF Chemistry 21.1 and older versions Oxygen XML WebHelp 21.1 and older versions Oxygen XML Web Author 21.1.1 and older versions Oxygen Content Fusion 1.2 and older versions | 2020-05-18 15:00:00 |
| SYNC-2019-111401 | Medium | Resolved | Oxygen XML Editor 21.1 and older versions Oxygen XML Developer 21.1 and older versions Oxygen XML Author 21.1 and older versions | 2019-12-11 16:14:14 |
Important:
- This table is not yet a complete list of vulnerabilities. Formulating such a list is an extensive undertaking which Syncro Soft is addressing systematically.
- Syncro Soft does not issue security advisories for underlying third party libraries. Please refer to the concerned third parties as appropriate.
- Syncro Soft Security Advisories are provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in these publications or linked material is at your own risk. Syncro Soft reserves the right to change or update this content without notice at any time.
For more information about security at Syncro Soft, see our Security page. If you believe you've found a security vulnerability, see Reporting a new vulnerability.