SecurityCenter is impacted by two vulnerabilities in OpenSSL that were recently disclosed and fixed. CVE-2014-3513 - OpenSSL contains a flaw in the DTLS SRTP extension parsing code that is triggered when handling a specially crafted handshake message, which can cause a memory leak. This may allow a remote attacker to cause a denial of service. CVE-2014-3567 - OpenSSL contains a flaw in the SSL, TLS, and DTLS servers that is triggered when handling a session ticket that has failed to have its integrity properly verified, which can result in a memory leak. With a large number of invalid session tickets, a remote attacker can cause a denial of service. Notes and caveats: SecurityCenter is not affected by CVE-2014-3568 as it does not get compiled with the no-ssl3 option. Note that Nessus, LCE, and PVS are not affected by these issues. Please note that Tenable strongly recommends that SecurityCenter and the Tenable Appliance be installed on a subnet that is not Internet addressable.