Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.