If you have no interpreters & sane defaults in config, then there aren't many ways to take over your computer. They basically always exploited a vulnerability in the applications that let them run code. That either was in privileged one they wanted to be in or was a step toward one. Blocking code injection in apps would knock out vast majority of severe CVE's I've seen that relate to apps.
Far as finite amount, the vulnerabilities coming in fall into similar patterns enough that people are making taxonomies of them.
Far as finite amount, the vulnerabilities coming in fall into similar patterns enough that people are making taxonomies of them.
https://cwe.mitre.org/documents/sources/SevenPerniciousKingd...