The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0309-1 advisory.

    - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
     - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
     - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls     (bsc#1256835).
     - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
     - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
     - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
     - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
     - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2026:0309-1)

high Nessus Plugin ID 297075

Version 1.2

Version 1.1

Version 1.2 Jan 30, 2026, 4:02 PM New Plugin Feed: 202601301602
Version 1.1 Jan 29, 2026, 12:27 PM New Plugin Feed: 202601291227