Nessus, SecurityCenter, and the Tenable Appliance use OpenSSL, which recently disclosed several vulnerabilities. OpenSSL contains a flaw in the dtls1_buffer_record() function that is triggered when handling a saturation of DTLS records that contain the same sequence number, but for the next epoch. This may allow a remote attacker to cause a memory leak and exhaust memory resources. OpenSSL contains a NULL pointer dereference flaw in dtls1_get_record that is triggered when handling DTLS messages. This may allow a remote attacker to cause a segmentation fault. OpenSSL contains a flaw that is due to it accepting DH certificates for client authentication when they are missing certificate verify messages. This may allow a remote attacker to authenticate without the use of a private key. OpenSSL contains a flaw in bignum squaring (BN_sqr) that can cause incorrect results to be produced on certain platforms, including x86_64. This may allow attackers to have an unspecified impact. Note that the associated CVSSv2 score represents the highest scored of the four issues. Further, Tenable strongly recommends that Nessus be installed on a subnet that is not Internet addressable.