Google's PlayServices has a built-in backdoor which allows Google Inc, or anybody who has access to some device owner's Google account to remotely silently deploy any apps (at least those listed in the AppStore).
e33e4b676a65b515729c81271908d18c840aadc2370f8a5643c5cdf980ce1785
This patch mitigates allowing launcher the ability to execute arbitrary programs.
05bbc4faa849e25fbad6d25534f4c781fc3cc329c48f156bf5eb3fdb0bb6fa54
Skype on Debian automatically installs apt configuration that adds Microsoft's apt repo to the system's package sources. That way, Microsoft (or anybody holding their repo's private key) can easily inject malicious packages via regular update and replace distro packages w/ their own manipulated ones.
1af0ce7e985b6e6fa65956ab99747246fc9ef0fec3fb8d2b6a3f4313086f54c4
The National Instruments Linux driver package suffers from a remote code injection (software update) vulnerability.
583aba1c966b02f9bbfab9bc9ac711477ba3f166b683c8f6625e88147c6c15d7