It looks like all of the problems come up in scripting languages. Maybe the compilers are a problem. There should be nothing giving out root to various programs without express permission from the administrator of the machine.

It is startling to see that this has been a problem in Ubuntu for 10 years! They are pretty alert to security problems and fix them right away. Makes me wonder about backdoors, now!

security

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Rsync25

It looks like all of the problems come up in scripting languages. Maybe the compilers are a problem. There should be nothing giving out root to various programs without express permission from the administrator of the machine. 
It is startling to see that this has been a problem in Ubuntu for 10 years! They are pretty alert to security problems and fix them right away. Makes me wonder about backdoors, now!