Two of the more severe flaws could each allow attackers with local administrative privileges on virtual machines to execute code as the virtual machine's VMX process running on the host.
For patching, VMware said that "this situation qualifies as an emergency change."
The patch is available two weeks after the vulnerability was first disclosed on Nov. 14.
VMware has released patches for a critical-severity vulnerability that could enable remote code execution attacks.
Exploit code has been published for a critical-severity flaw in VMware's network monitoring tool, the company said on Thursday.