Those are unprivileged ports. They are perfectly safe.
It’s not. It’s just a framework to help discover services available on the local network ─ e.g. a networked printer or scanner ─ without needing any manual configuration.
You can disable Avahi if you don’t need it, but there’s not much of a point in doing so. It’s not a security hazard and it also doesn’t consume many CPU cycles.
sudo systemctl disable --now avahi-daemon.service
sudo systemctl mask avahi-daemon.service