Think there are a couple that you, as server admin, could take care of right now .... assuming apache.
This one: Directory Listing 2 ... if you knew the directories, just put a blank (contains nothing) index.html file in those two directories. (or whatever is the default page as defined by your web server (assuming apache and in linux, that would be index.html or index.php)
OR check your web server config (assuming apache) for setting that are allowing directory listing:
This one (Unencrypted Login Request 2) you are going to have to ask the scanning folks to provide some more info ... nothing stops a user from using http://yoursite/ ... *IF* that is the issue.
To negate that, check into setting up a re-write rule that takes any http:// request and re-writes it to https://
The others need further investigation/'defense' (responsible reporting)
While hiring some security expert might still be needed, nothing replaces the OP's knowledge of their own server setup.
'spirit of sharing', Ken