The bugs could be exploited to expose sensitive information, bypass security controls or launch a denial-of-service attack, according to vulnerability tracking firm Secunia, which ranked the flaws "moderately critical."
The holes affect the hypervisor-based ESX Server versions 2 and 3.
In September, VMware issued a patch release to correct 13 "highly critical" flaws in the ESX Server. The product allows multiple virtual machines to run on the same physical server.
News of the vulnerabilities come one day after public reports said VMware soon plans to unveil a security initiative -- called VMSafe -- whose goal is to protect machines running on the company's virtualization software. VMware plans to partner with a number of large IT security players -- including Symantec, McAfee and IBM Internet Security Systems -- on the undertaking.