6.x.3.x

DATE	CVE	VULNERABILITY TITLE	RISK
2012-12-26	CVE-2012-5586	Permissions, Privileges, and Access Controls vulnerability in Marc Ingram Services The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." network high complexity marc-ingram drupal CWE-264	2.1