Flaws allow denial-of-service attacks and other malicious activity, vendor says.