Security Advisories

An update on the war in Ukraine

March 4, 2022

While Syncro Soft does not conduct business in Ukraine or Russia, we are closely monitoring the war in Ukraine and taking action to protect its internal operations, and to continue the delivery of products and services to customers worldwide.

We are following the recommendations of the U.S. Cybersecurity and Infrastructure Agency (CISA), including heightened levels of network and threat monitoring (see https://www.cisa.gov/shields-up).

We are encouraging our customers to ensure that they are on the most up‑to‑date versions of our products to mitigate any known security vulnerabilities. All recent security advisories can be found at https://www.oxygenxml.com/security/advisories.html and the latest download links are available at https://www.oxygenxml.com/download.html.

Our security team is prepared to respond quickly to any detected anomalies concerning our website, services, or products.

Syncro Soft uses Security Advisories to communicate security information to Syncro Soft customers regarding security vulnerabilities.

This section contains all recent security advisories that were issued by Syncro Soft. To protect the security of our customers, we don't publish a security advisory until the vulnerability has been fully investigated and a patch or update is available that resolves the issue.

These posts by the Syncro Soft security team are also sent to the security announcements email list and reference to them may be included in the release notes. Get notified of Syncro Soft releases and security advisories by registering to security announcements email list below:

Security Advisories
Advisory NumberSeverityStatusAffected ProductsLast Updated
CVE-2020-1695HighResolved Oxygen Content Fusion v4.1 and older
Oxygen XML Web Author v24.1.0 and older
2022-07-08 11:23:00
CVE-2022-26520LowResolved Oxygen Content Fusion v4.1.6 and older 2022-05-27 10:08:00
SYNC-2022-210409LowResolved Oxygen Content Fusion v4.1.5 and older 2022-04-26 10:08:00
CVE-2021-44906LowResolved Oxygen Feedback v2.0.2 and older 2022-04-14 10:10:00
CVE-2022-22965NoneResolved Oxygen Feedback v2.0.2 and older 2022-04-05 09:10:00
SYNC-2022-1003LowResolved Oxygen XML Author v24.0 and older
Oxygen XML Developer v24.0 and older
Oxygen XML Editor v24.0 and older
Oxygen Content Fusion v4.1.5 and older
Oxygen Web Author v24.0 and older
Oxygen Feedback v2.0.1 and older
Oxygen Publishing Engine v24.0 and older
Oxygen License Server v24.0 and older
Oxygen PDF Chemistry v24.0 and older
2022-03-10 09:15:00
CVE-2021-28165LowResolved Oxygen License Server v24.0 and older 2022-03-10 09:15:00
CVE-2022-21724LowResolved Oxygen Content Fusion v4.1.5 and older
2022-03-10 09:15:00
CVE-2022-0144LowResolved Oxygen Content Fusion v4.1.5 and older
2022-03-10 09:15:00
CVE-2021-42392LowResolved Oxygen Content Fusion v4.1.5 and older
Oxygen Web Author v24.0 and older
Oxygen License Server v24.0 and older
2022-03-10 09:15:00
CVE-2021-23463LowResolved Oxygen License Server v24.0 2022-02-08 09:15:00
CVE-2018-7489LowResolved Oxygen XML Web Author v22.1.0 2022-01-19 09:15:00
CVE-2019-10172HighResolved Oxygen XML Web Author v22.1.0 2022-01-19 09:15:00
CVE-2020-11988HighResolved Oxygen PDF Chemistry v22.0 and v22.1 2022-01-19 09:15:00
CVE-2021-32626LowResolved Oxygen Content Fusion 4.1 and older 2022-01-19 09:15:00
CVE-2021-44832LowResolved Oxygen Content Fusion 4.1 and older
Oxygen XML Web Author between 22.1 and 24.0.0
Oxygen Feedback 2.0 and older
Oxygen XML Publishing Engine between 22.1 and 24.0
Oxygen XML WebHelp between 22.1 and 24.0
Oxygen PDF Chemistry between 22.1 and 24.0
Oxygen License Server between 22.1 and 24.0
Oxygen XML Author between 16.1 and 24.0
Oxygen XML Developer between 16.1 and 24.0
Oxygen XML Editor between 16.1 and 24.0
2022-01-19 09:15:00
CVE-2021-4104LowResolved Oxygen Content Fusion v2.0.3 2021-12-29 14:10:30
CVE-2021-45105LowResolved Oxygen Content Fusion 4.1 and older
Oxygen XML Web Author between 22.1 and 24.0.0
Oxygen Feedback 1.4.4 and older
Oxygen XML Publishing Engine between 22.1 and 24.0
Oxygen XML WebHelp between 22.1 and 24.0
Oxygen PDF Chemistry between 22.1 and 24.0
Oxygen License Server between 22.1 and 24.0
Oxygen XML Author between 16.1 and 24.0
Oxygen XML Developer between 16.1 and 24.0
Oxygen XML Editor between 16.1 and 24.0
2021-12-21 10:15:30
CVE-2020-11987LowResolved Oxygen PDF Chemistry between v22.1 and v24.0 2022-01-19 09:15:00
CVE-2021-45046LowResolved Oxygen Content Fusion 4.1 and older
Oxygen XML Web Author between 22.1 and 24.0.0
Oxygen Feedback 1.4.5 and older
Oxygen XML Publishing Engine 24.0 and older
Oxygen XML WebHelp 24.0 and older
Oxygen PDF Chemistry 24.0 and older
Oxygen License Server 24.0 and older
Oxygen XML Author 24.0 and older
Oxygen XML Developer 24.0 and older
Oxygen XML Editor 24.0 and older
2021-12-15 12:43:30
CVE-2021-44228CriticalResolved Oxygen Content Fusion 4.1 and older
Oxygen XML Web Author between 22.1 and 24.0.0
Oxygen Feedback 1.4.4 and older
Oxygen XML Publishing Engine between 22.1 and 24.0
Oxygen XML WebHelp between 22.1 and 24.0
Oxygen PDF Chemistry between 22.1 and 24.0
Oxygen License Server between 22.1 and 24.0
Oxygen XML Author between 16.1 and 24.0
Oxygen XML Developer between 16.1 and 24.0
Oxygen XML Editor between 16.1 and 24.0
2021-12-10 18:56:21
SYNC-2021-2610LowResolved Oxygen Feedback 1.4.3 and older versions 2021-12-10 12:23:46
CVE-2021-37714HighResolved Oxygen Feedback 1.4.3 and older versions 2021-12-10 10:49:11
CVE-2021-43466LowResolved Oxygen Feedback 1.4.3 and older versions 2021-12-10 10:21:15
CVE-2021-37137LowResolved Oxygen Content Fusion 4.1 and older versions 2021-12-08 14:45:15
CVE-2021-37136LowResolved Oxygen Content Fusion 4.1 and older versions 2021-12-08 13:50:15
CVE-2020-25638LowResolved Oxygen Content Fusion 4.1 and older versions 2021-12-08 13:21:15
CVE-2020-17523LowResolved Oxygen Content Fusion 4.1 and older versions 2021-12-08 13:21:15
CVE-2018-1294LowResolved Oxygen Content Fusion 4.1 and older versions 2021-12-08 12:39:11
CVE-2017-9801HighResolved Oxygen Content Fusion 4.1 and older versions 2021-12-08 11:32:11
CVE-2017-18640LowResolved Oxygen Content Fusion 4.1 and older versions 2021-12-08 11:24:11
CVE-2021-42340HighResolved Oxygen XML Web Author 23.1 and older versions 2021-12-06 16:21:11
CVE-2021-40690MediumResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
2021-10-18 14:27:09
CVE-2021-41303LowResolvedOxygen XML Web Author 23.1 and older2021-10-18 12:21:11
CVE-2021-41079HighResolvedOxygen XML Web Author 23.1 and older2021-10-18 17:22:11
SYNC-2021-2809MediumResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
Oxygen Publishing Engine 23.1 and older versions
2021-10-18 14:27:09
SYNC-2021-072301MediumResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
Oxygen Publishing Engine 23.1 and older versions
Oxygen XML WebHelp 23.1 and older versions
2022-07-13 114:35:02
CVE-2018-18928MediumResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
2021-08-25 10:53:04
CVE-2021-36090MediumResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
2021-08-25 10:30:34
CVE-2021-35517LowResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
2021-08-25 10:46:30
CVE-2021-35516LowResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
2021-08-25 10:41:20
CVE-2021-35515LowResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
2021-08-25 10:33:45
CVE-2021-33910MediumResolvedOxygen Content Fusion 4.1 and older versions 2021-08-19 13:27:26
CVE-2021-23337MediumResolvedOxygen Content Fusion 4.1 and older versions 2021-07-12 15:36:18
CVE-2021-25329MediumResolvedOxygen Feedback 1.4 and older versions2021-04-13 10:30:18
CVE-2021-25122MediumResolvedOxygen Feedback 1.4 and older versions2021-04-13 14:43:15
CVE-2021-22112MediumResolvedOxygen Feedback 1.4 and older versions2021-04-13 16:35:20
CVE-2020-13936LowResolved Oxygen XML Editor 23.1 and older versions
Oxygen XML Developer 23.1 and older versions
Oxygen XML Author 23.1 and older versions
2021-04-12 10:15:21
SYNC-2021-031201LowResolvedOxygen Content Fusion 4.0 and older versions2021-03-12 15:32:17
CVE-2020-36048MediumResolvedOxygen Content Fusion 3.0 and older versions2021-03-09 10:43:11
CVE-2020-36049MediumResolvedOxygen Content Fusion 3.0 and older versions2021-03-09 12:18:30
CVE-2016-1000027MediumResolvedOxygen Feedback 1.32020-11-03 16:14:14
CVE-2020-1938MediumResolved Oxygen XML Web Author 22.0.0 and older versions
Oxygen Content Fusion 1.2 and older versions
2020-04-07 16:00:00
CVE-2019-17571MediumResolved Oxygen XML Editor 21.1 and older versions
Oxygen XML Developer 21.1 and older versions
Oxygen XML Author 21.1 and older versions
Oxygen PDF Chemistry 21.1 and older versions
Oxygen XML WebHelp 21.1 and older versions
Oxygen XML Web Author 21.1.1 and older versions
Oxygen Content Fusion 1.2 and older versions
2020-05-18 15:00:00
SYNC-2019-111401MediumResolved Oxygen XML Editor 21.1 and older versions
Oxygen XML Developer 21.1 and older versions
Oxygen XML Author 21.1 and older versions
2019-12-11 16:14:14

Important:

  • This table is not yet a complete list of vulnerabilities. Formulating such a list is an extensive undertaking which Syncro Soft is addressing systematically.
  • Syncro Soft does not issue security advisories for underlying third party libraries. Please refer to the concerned third parties as appropriate.
  • Syncro Soft Security Advisories are provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in these publications or linked material is at your own risk. Syncro Soft reserves the right to change or update this content without notice at any time.

For more information about security at Syncro Soft, see our Security page. If you believe you've found a security vulnerability, see Reporting a new vulnerability.